Analysis Overview
SHA256
78d84068b47cf28b76c88ba4474c7c187510f4e4e967d079d3761dcab7851655
Threat Level: Known bad
The file TLauncher-2.876-Installer-1.0.7-global.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Downloads MZ/PE file
Blocklisted process makes network request
Checks computer location settings
Loads dropped DLL
Registers COM server for autorun
Reads user/profile data of web browsers
UPX packed file
Executes dropped EXE
Enumerates connected drives
Checks installed software on the system
Installs/modifies Browser Helper Object
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Modifies Internet Explorer settings
Checks processor information in registry
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-20 21:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-20 21:28
Reported
2023-03-20 21:34
Platform
win7-20230220-en
Max time kernel
145s
Max time network
251s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0071-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0099-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0075-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0084-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0058-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0059-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0059-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0066-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0075-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0098-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\sunjce_provider.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\javafx.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\tzdb.dat | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-profile-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-private-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\currency.data | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jvm.hprof.txt | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_7241597\javaws.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-errorhandling-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jsound.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\sunmscapi.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\tnameserv.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\cmm\CIEXYZ.pf | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\zip.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\resources.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\management-agent.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\keytool.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\management.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\javafx\gstreamer.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\pkcs11cryptotoken.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\content-types.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jp2iexp.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_sv.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jsse.jar | C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jfxswt.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jsse.pack | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_7241597\java.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-localization-l1-2-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jjs.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\pkcs11wrapper.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\t2k.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-util-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\icu.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\management\jmxremote.access | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\localedata.pack | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\w2k_lsa_auth.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\javafx\libxslt.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\xerces.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\dnsns.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\charsets.pack | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\sunmscapi.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\server\classes.jsa | C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jsdt.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\klist.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140_1.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\calendars.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_ko.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\decora_sse.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\jcup.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_CopyDrop32x32.gif | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_MoveDrop32x32.gif | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\javaws.pack | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\rt.jar | C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-handle-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\glib-lite.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jawt.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\servertool.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\security\cacerts | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\6e0bb7.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI179A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17BA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1809.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6e0bb9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1587.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\6e0bb5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6e0bb5.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_43" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_53" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_16" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_90" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0091-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_40" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0080-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0086-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_93" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.0" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_74" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_88" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0061-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0087-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0059-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_64" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0082-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0044-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_44" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_48" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_62" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_08" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0064-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.1_01" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0054-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_93" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_15" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0089-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_82" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0049-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_17" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_35" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0058-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0067-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0050-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_50" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0099-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_82" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0051-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell\Open | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0064-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0068-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0077-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_77" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_31" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_01" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_67" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Implemented Categories | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-1914912747-3343861975-731272777-1000"
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-1914912747-3343861975-731272777-1000"
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x717924a8,0x717924b8,0x717924c4
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70cf24a8,0x70cf24b8,0x70cf24c4
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1740 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230320223029" --session-guid=193133bd-6aa9-4ab0-ae5e-f4a7bc297956 --server-tracking-blob=Mjg1YjAxMTg1ODcwOTUxMWY2OTE0MTEwNjJjOTI2ZTcwMDI2ODE4MTYzZDAxYzQ4YWU3ZTE1NDZjYmEyMTVhMDp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc5MzQ3ODI5LjYxMDkiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6IjNhNjAyZjgxLTViOTgtNDIwNy1iNTYzLThjZmNlM2Q0NzZmZiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1403000000000000
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xc26c28,0xc26c38,0xc26c44
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jds7201302.tmp\jre-windows.exe" "STATIC=1"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 8CF5E1D432DBB6B15ED9170FA7240527
C:\Program Files\Java\jre1.8.0_351\installer.exe
"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}
C:\ProgramData\Oracle\Java\installcache_x64\7217776.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"
C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe
"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.234.70:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.112:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| US | 104.18.2.211:443 | tcp | |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NL | 23.206.103.83:80 | javadl.oracle.com | tcp |
| NL | 23.206.103.83:443 | javadl.oracle.com | tcp |
| GB | 23.44.232.84:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| FR | 23.40.2.175:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| FR | 23.40.2.175:443 | rps-svcs.oracle.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
memory/1996-198-0x0000000002BE0000-0x0000000002FC8000-memory.dmp
memory/1996-223-0x0000000002BE0000-0x0000000002FC8000-memory.dmp
memory/1996-324-0x0000000002BE0000-0x0000000002FC8000-memory.dmp
memory/1748-345-0x0000000000C80000-0x0000000001068000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
memory/1748-366-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1748-367-0x00000000009F0000-0x00000000009F3000-memory.dmp
memory/1748-368-0x0000000000C80000-0x0000000001068000-memory.dmp
memory/1748-369-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1996-384-0x0000000002BE0000-0x0000000002FC8000-memory.dmp
memory/1996-385-0x0000000002BE0000-0x0000000002FC8000-memory.dmp
memory/1748-386-0x0000000000C80000-0x0000000001068000-memory.dmp
memory/1748-388-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
| MD5 | 05d7bba3d6ac92766c4495b8928202a6 |
| SHA1 | 50b65a8ba5ed2633e43929ee4bd58c95a91a3363 |
| SHA256 | 4804f3c4fae714657fdb85e98244828acc6ac938505c2da1ed694ae7b58f2949 |
| SHA512 | 1544d5cd6f85aaeeacd26f2deb9da9eb510226b41079ee78c4dede14386e5ea3446efdfd475bfbfa3a6846fa2ff23d64f4dad3a4ddd304e32de80e4d7bcbc600 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
| MD5 | 5a7901f7df307fba45b1c377f2c94ccc |
| SHA1 | d6630cf733033cdfbda7af3213d49b32f5b06919 |
| SHA256 | d8471d5a5b4792c4b49e80b5cb22ef1e938dc3069b210646704f658548d7a9f8 |
| SHA512 | fc0036a7ed4b53edd72b91c4824919e6e8a82b5be1e82cdc134e267ef4792424124fb6ba5d7c86cf686910da0baba8453d7a6c12b39a5b4c0cb70658580f3bc9 |
memory/1748-410-0x0000000000C80000-0x0000000001068000-memory.dmp
memory/1748-411-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1748-422-0x0000000000C80000-0x0000000001068000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
memory/1748-435-0x0000000003080000-0x0000000003090000-memory.dmp
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
| MD5 | bbdf2e8c0262e7e606d41ddbe5a3cd12 |
| SHA1 | acbb25f729af14b692ec9c8187a23b1a696f8e47 |
| SHA256 | d7c76896d206d977739556ad2d5811f7cf3117252afcd439a5aa0f2b645f6949 |
| SHA512 | 0334fae3682889adbc18594b7917d8c93252a86bc04d08efc6860d5714ba4eb8aabc39c51e532c4aee57a938021540d2f2899781d9cd1de311036e1850a65067 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
| MD5 | 9317a07c7148fd341b23715f2aec320d |
| SHA1 | e8b362c938e33a86308cbc88d527eddf9ea81cd0 |
| SHA256 | 1318cddaf8ef25114db0c6bcde451b3f2c930bb8023f9394162647106a486eae |
| SHA512 | 5723a0113a6b2f05dd582bf3806624fe10ae83a6879fc894a8439013f43e21437f9f6b51499bf3b377512fe803729433880cdf124d4b08fec754c34f97a2534e |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
| MD5 | aec508468d53ab8d55f5b4beb82c347d |
| SHA1 | 477d1ffb28834243f5811a4a2a54b4f0ca240120 |
| SHA256 | ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf |
| SHA512 | 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe |
memory/1748-487-0x0000000000C80000-0x0000000001068000-memory.dmp
memory/1596-489-0x0000000002CD0000-0x00000000030B8000-memory.dmp
memory/1596-490-0x0000000002CD0000-0x00000000030B8000-memory.dmp
memory/1596-491-0x0000000002CD0000-0x00000000030B8000-memory.dmp
memory/1536-492-0x0000000000CF0000-0x00000000010D8000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
memory/1536-508-0x0000000000C10000-0x0000000000C20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230286411740.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230289211144.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
memory/1536-538-0x0000000005840000-0x0000000005D85000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230294521124.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230294521124.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
memory/1124-543-0x0000000001340000-0x0000000001885000-memory.dmp
memory/1536-540-0x0000000005840000-0x0000000005D85000-memory.dmp
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
memory/1740-547-0x0000000000180000-0x00000000006C5000-memory.dmp
\Users\Admin\AppData\Local\Temp\Opera_installer_230320223029873564.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
memory/1144-553-0x0000000000180000-0x00000000006C5000-memory.dmp
memory/1740-554-0x0000000003B60000-0x00000000040A5000-memory.dmp
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 7f6b362502ddf83e0b7fe9694185cfa6 |
| SHA1 | 07ed198f7794c4dba625df407d71e0c2cfef5ce4 |
| SHA256 | d2571ca28269431c07555073765281c7c58a48148dbc809e96743856e3913bd1 |
| SHA512 | 7fecf8587d57a0c7c6e2e402657af2bbc5e5c286d916982075ee0e2820131eb9af8d5fd0683329e0bbe132126820cb5383c940dd976ca804e5cce63793f53130 |
memory/1536-544-0x0000000005840000-0x0000000005D85000-memory.dmp
memory/760-563-0x0000000000180000-0x00000000006C5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 2d91f6b1dfbb5df446cc89835dd8d0fb |
| SHA1 | ffa7ebb39746c2675e9ca6ff2205f06bc8bd99ee |
| SHA256 | 1549641c66a38545b7c5acae71a4111d567d1b98faccd8f458ee3dffd09146e8 |
| SHA512 | abd343074d0b0fabdc9b6d09a5beb2c9f47bf2f8998e782ccdc85cd5a6d24fc5e493a0c119627d0efc49439bf748340162aab8196c8239924b6c0d6e8880575c |
\Users\Admin\AppData\Local\Temp\Opera_installer_230320223030076760.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\Cab56C8.tmp
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 926a3326dcd3afb8cd411372d71deae2 |
| SHA1 | b552c94e53f440871c2c827e0857d7e93c1c88a2 |
| SHA256 | 8b0931d410cdda3ffd7c20bf1a4bb83ef8550db689bf5e8e6985060d47f2283b |
| SHA512 | f043ab5fd731c5cb3f726b43ce812d1edf9c7fb2ae768967810e4d8d9f3ac438f0712bd24cfbfcd06bdc465198a3e1a0fee23077db6511803bd3defe1b6fbaa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | a20b5879a95dcafd85ac493c4e7f898b |
| SHA1 | fc4a0d7388e53cb335532d2e5cfbe061ed7fc74a |
| SHA256 | 846f69b7f739c74b4804ba36519a838cd952e201f2c23bcd695e6ba5702728f0 |
| SHA512 | 9dbd9b3d30a86bcaeabf915bd2cb492e27b94951cdc190d6416d4736cfff33901ab73e0ca27cbd6e2c54ee2c35acba2d8dc79d70955ad6e55fb1ca464290a0d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | 89c6f25486fa003d6f52014edd9dc9d3 |
| SHA1 | 0c87c375a53688257b2af9631312111b3a98ec96 |
| SHA256 | cb2464ff9a9a53ebbc7861eb6098d3c7a2a4825b2a045f3665aef559375b4c55 |
| SHA512 | 8b238f8f9359536fa6fbb98a2f76ecc1e1ca235b3052decdc281dae2307595f018295e52a7fb816f9f711037d11374d32fa00a468b8acce8e3c37ffa2ce9c598 |
memory/1740-582-0x0000000004040000-0x0000000004585000-memory.dmp
memory/564-583-0x0000000000180000-0x00000000006C5000-memory.dmp
memory/564-584-0x00000000029C0000-0x0000000002F05000-memory.dmp
memory/1536-585-0x0000000000CF0000-0x00000000010D8000-memory.dmp
memory/1748-591-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1748-586-0x0000000000C80000-0x0000000001068000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | f08d9bbc61cff8e8c3504524c3220bef |
| SHA1 | b4268c667469620bb528c04eaa819d508159b398 |
| SHA256 | 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb |
| SHA512 | a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 2ae40967594cd1ea92977db7b2e98276 |
| SHA1 | 458d785852d22f64f46b597ba28ca20446258922 |
| SHA256 | 9980df02a0da697053c4494719b4688ba3619c9bf4ce75dc7552f0bd62de28a0 |
| SHA512 | ecce5f28eff1dc20dda2507517256b054cedccc8e9f853b17b10baa1d4f1b25d4278dd2d96158cb7bd81a1c29a850a872ca32aaf3d2a544978e019035fa2426b |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
| MD5 | 2799f9daca46770a871ce1b5eed32e7c |
| SHA1 | a2792f571210a7f38cdbe49391017300ee7b1ce4 |
| SHA256 | fc22676f5b6cdae17b78ddfd16bb070687516fbc827a7edd0541f3a32d85c9e9 |
| SHA512 | c41f2e4c4ca59d6f9d11fac11296ab87f1b508b5d64e5db7762f2f6dd387aa96206b2b0fa127f17c0b8c24a0b56e81af12d5937474a450222d9c4416c1acb16a |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
| MD5 | 3094925a8de871bcc72ae50882d2a6f7 |
| SHA1 | 9f7894bc4b2a498ad20b14b2b3cac175bf4d7a9f |
| SHA256 | 523e7230db0c47a436abbc442db93e41b6f549b32da6c2a10db7a18228491216 |
| SHA512 | bf2349354321397652d834507aae4c32885273209d1409b796170292e37ebf35878e2934d3f53545e66724561e646cc660f952e0bb5006cd7a262a790b64e39e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
| MD5 | fa8aa84ef4bf0de505f6e3447d4b55b3 |
| SHA1 | b99654dfa5f6c56857b4f4102af2d27503bcdc74 |
| SHA256 | f3b7e85e8e5e41496fb563816fbf79e6640feb1591bd5e0c0b876d80053ad913 |
| SHA512 | b3a7d0d5abe554301b8745bd738662d80e439fba8df6f984cc05151ec8c081a61f0538765653e8587b431cdc97d384ee35d17ab3324c06a2ca40a069e1525ba6 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG
| MD5 | 46a65321aa1fce57d465c26e8b6eb392 |
| SHA1 | 9efb9a3acd5b32556ea66398c74b014f91087559 |
| SHA256 | 61df7a1f0367209668d4f0f6a285b8baff864d1341d382ebbc7fd4e71036b666 |
| SHA512 | 094d69016f066ae835c71d7a950217b9ad09e8cd4d74131787203cae950e572c18213dc1ded139b1fa46c7f803cc15bf4f596c9d51aefe0d43850ae2865f3707 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
| MD5 | 0b445ace8798426e7185f52b7b7b6d1e |
| SHA1 | 7a77b46e0848cc9b32283ccb3f91a18c0934c079 |
| SHA256 | 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6 |
| SHA512 | 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
| MD5 | d8a095202e08fa1ac2578982e9a486db |
| SHA1 | 397ffc8af43ac18466b8df245b4faa6b278659e6 |
| SHA256 | 28fed2b9a3cbde34da4b6b5d1af2d2844437d21f6dec85b3ca2faa5cd3b512e5 |
| SHA512 | ac751386a0004e335f4e5f4ea24bf6a474478c8a7ca54d018734e7cd44b8e9a0eb262b00fe1219b1c62c96b018b08ba6b1056d3a13e64b55c7e70d748a6ae9c6 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
| MD5 | 59d6f22fdc11d6b116b38193ed5f4b97 |
| SHA1 | cddc7eb2110b3179dd6d1e32b4b37f3568a22ebf |
| SHA256 | 782cafea76d24d76885d88ee1302e5f78d75a4e335529dc20ad476fdb9e34744 |
| SHA512 | 5b0fab5139736d30a69c98ea88d95a5c70f59aab1b82394c58b33617b824447b861a6e6067b62dd1ca1812a4989937e06ad473c6c94376af957871e9e63553fa |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
| MD5 | 5eecdc666e6dc0b8e5e8d2fc3b9cc1b2 |
| SHA1 | 72a16d461bd2410d5749c6bf939a127683d83a95 |
| SHA256 | 052f0289886f9cc0931d7026dfe1f5253ad39123479627e37afa5c430e8f8ff1 |
| SHA512 | 5d465d2c61d97ec2a52db3aeee8d42ececdef08930692842f9c6a41b0611cb774015d369e4fe5186079e97839acc78e8403ea6a6c33ee54a7aef3eea41c3d7db |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
| MD5 | 1557c08e187b7783083e0b80051fd321 |
| SHA1 | 2c6ee47799d713e88fd589609b81912a4522044e |
| SHA256 | 0c0e74dd07c45833a5dd7ba931e5d528eb16334defdd06171df2f632d6e47842 |
| SHA512 | 485f69b3878b2bd7fdf52ad020dde2cbc34dd1970aaa4e5eb8f8618f6091b5b827b428447859499c3d61ea9cde2edcbb97c8fb0560cd0aaff50027c0f97ee6f3 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG
| MD5 | 09229c3bfb801177839a7c2e22e33a1b |
| SHA1 | f679c05c4c7b2f3722069420c6d6481fc856e7aa |
| SHA256 | cbf81d779b469942613297a3ca6c09d885e3b1d4aa952dc1994a7175fbfc7e3f |
| SHA512 | 503bfa063b29dda95f15da303f707e5b78a6bdb74662c222d8a8b7e3a33264016a66acdd9de44aea932e7cde80a43c2406ea6f0250d3df8e182217bc4a0a7ed7 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
| MD5 | 1f5c8939031a7f93762862cfc88a8e56 |
| SHA1 | 6dc4df87344db0ddf09c777e7a80d1b5661559b8 |
| SHA256 | 14be26e969eb15ef7e76e0ad02d8aa0516c5391e8b09dba0a9a6c5f57ae24aba |
| SHA512 | de45d700c86329c704777917863fd1ddeca90d2bed67a72794164882bf15725ce83c7733f664ee0a2af7df54a6be2def729d19237fb2c434115396ac126ff47f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG
| MD5 | 03b1d78771eb279766efb2d9f2fa8463 |
| SHA1 | 8f10e304fd65e58136ccd6ab012ffc594e6fb707 |
| SHA256 | eec16d2cb57e38b485b6a269e9c2554c1dfc3b70dec9f7bbddc2b62526b3d832 |
| SHA512 | ca51cbaf20e6f62eb6ec69555d259ef61828d3166d09106bcd335dd417ed30660af71e7fd8db6bd22bf134cc530e1a55ecdd2c307e64e8edb28af95299d66f5a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
| MD5 | ce17d7ce06488f394ce124f17d5acafc |
| SHA1 | 8a5dceae9ea369b686123c8f940bb0ea07870ffa |
| SHA256 | c4b04568930f03979d71f48a57b9ad06b4cdf687272f6753ff662006e8e6237f |
| SHA512 | c33f1370213cabd1b84c936f1ac14f9bcc83bc03a633bbe25efe1e906bcee515d0e615c86b7ee3b34404dd1d95ce74d1a00908de8cdacbf9961de3f1ceb8362b |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | d9a7849cb0fbaa0f8fa9064da0fdc9d8 |
| SHA1 | 1898d5452fa1198b314759dad7e2b0aa9c1ee91c |
| SHA256 | 02ecdd860b9e67dffafad37228a71397f27db13ee0a2728bc595517637faaedb |
| SHA512 | f7395c438e50f6d7883dd521c361d124ab2122ccc38baae05ba64351fbfe61409e9a52eb58b9544df0eff40cc62efb3e875e74264ece0c106eb9010bbb195726 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
| MD5 | 5bc85d12eb492baa3be9230f1fbdc342 |
| SHA1 | 456fe4284fa916ad3817e7c3d419c13f4c949737 |
| SHA256 | 9a27f240758513aa1cc05500171fe22fdb3a485781cba4798cefc29f6944373c |
| SHA512 | 3d55c597ac29d7f810980dfd89404d3ecbd2e652ae1bc5e6710668ad5386a0caecf3149289df13f6dabed6b2e4305a26684ab3bd21b255b37f8a596fe8d641b9 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
| MD5 | 667b0b54ee5ba0d1cb66190226596e46 |
| SHA1 | b8658b35e7cf44b24053e4d01d3b51233d6526f6 |
| SHA256 | 3a9ab8c3640f1b40b33553d7d3dd3d15bd6e702ef510ec0b66a2f14aa744bf83 |
| SHA512 | 9ccc773214a0074634be66801d81d7a593ab154351fdbd1b93f56ffa80cf824ee31ff2e13f26536d5f3096e90df43fa223080b4dc55340614b076c08ef976dcb |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
| MD5 | 38c12e1a54f8fd216ed3f13b36798cc6 |
| SHA1 | ccf1fe585d3374ebce4c1ec025e2d8ec39968a7c |
| SHA256 | 608924ba294590b5b706658d9aaa71b480ad9aa1b6797bbc5cf1632ac6c616b1 |
| SHA512 | 0918af63f006d7fa04a3faeeb813e61c060316a126c4742a948a30f5b6ea368c3b8592011319dad3dbf8427dfcc095aa72f7b651d6fc31061f861f070447331b |
memory/1748-1418-0x0000000003080000-0x0000000003090000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tar8D27.tmp
| MD5 | 73b4b714b42fc9a6aaefd0ae59adb009 |
| SHA1 | efdaffd5b0ad21913d22001d91bf6c19ecb4ac41 |
| SHA256 | c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd |
| SHA512 | 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd |
memory/1596-1433-0x0000000002CD0000-0x00000000030B8000-memory.dmp
memory/1596-1434-0x0000000002CD0000-0x00000000030B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
memory/1748-1448-0x0000000000C80000-0x0000000001068000-memory.dmp
memory/1536-1451-0x0000000000C10000-0x0000000000C20000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | e71c8443ae0bc2e282c73faead0a6dd3 |
| SHA1 | 0c110c1b01e68edfacaeae64781a37b1995fa94b |
| SHA256 | 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72 |
| SHA512 | b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6 |
C:\Users\Admin\AppData\Local\Temp\Tar9C5D.tmp
| MD5 | be2bec6e8c5653136d3e72fe53c98aa3 |
| SHA1 | a8182d6db17c14671c3d5766c72e58d87c0810de |
| SHA256 | 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd |
| SHA512 | 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\additional_file0.tmp
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | e71c8443ae0bc2e282c73faead0a6dd3 |
| SHA1 | 0c110c1b01e68edfacaeae64781a37b1995fa94b |
| SHA256 | 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72 |
| SHA512 | b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2da3839a93118d4beb6820a92c6e5a9 |
| SHA1 | caf83408970ab9ade2131ba4c31ca1f14509acb9 |
| SHA256 | 125a68f326e0a7e445caf1cbfa6b6d6ec2b35d4ef48cbc743ea4621fe5295ce3 |
| SHA512 | b3755d293e7bd22b38dd7b2bad6fe534e7215bd223d196b1f266eeab71467fcddb8a2ceb591acd8de2e45a1667df82fdb19ff59f9b42bf94f1359e9b17015d9e |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230291\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 2d91f6b1dfbb5df446cc89835dd8d0fb |
| SHA1 | ffa7ebb39746c2675e9ca6ff2205f06bc8bd99ee |
| SHA256 | 1549641c66a38545b7c5acae71a4111d567d1b98faccd8f458ee3dffd09146e8 |
| SHA512 | abd343074d0b0fabdc9b6d09a5beb2c9f47bf2f8998e782ccdc85cd5a6d24fc5e493a0c119627d0efc49439bf748340162aab8196c8239924b6c0d6e8880575c |
memory/1748-1639-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1748-1638-0x0000000000C80000-0x0000000001068000-memory.dmp
memory/1536-1645-0x0000000000CF0000-0x00000000010D8000-memory.dmp
memory/1748-1651-0x0000000000C80000-0x0000000001068000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 3430e0a0a6c47294ede867b10b783722 |
| SHA1 | 1eb2c6e69b2197945e4ef8fea5fafa2ce09e05d4 |
| SHA256 | a7dec964715316a769a3c412cfb8f0a13df1fb72f941bec9d5d4d3b5df2a0814 |
| SHA512 | 5d357754f1f6d3aad2194b517c9101b839b43c6e4d0a380ddfd0a1f30544d6b700960e04ebc529a9f19e35cd561492243a4ee9544e29bc5eb5fb86e9e5f87e78 |
C:\Windows\Installer\MSI1809.tmp
| MD5 | 62cfeb86f117ad91b8bb52f1dda6f473 |
| SHA1 | c753b488938b3e08f7f47df209359c7b78764448 |
| SHA256 | f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e |
| SHA512 | c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e |
C:\Windows\Installer\6e0bb5.msi
| MD5 | 1794aaa17d114a315a95473c9780fc8b |
| SHA1 | 7f250c022b916b88e22254985e7552bc3ac8db04 |
| SHA256 | 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4 |
| SHA512 | fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516 |
memory/1008-1983-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1008-1984-0x0000000000230000-0x0000000000247000-memory.dmp
memory/1008-1985-0x0000000000230000-0x0000000000247000-memory.dmp
memory/1008-1986-0x0000000000230000-0x0000000000247000-memory.dmp
memory/1748-1988-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1008-1994-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1008-1999-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
| MD5 | 691f68efcd902bfdfb60b556a3e11c2c |
| SHA1 | c279fa09293185bddfd73d1170b6a73bd266cf07 |
| SHA256 | 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70 |
| SHA512 | a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
| MD5 | 3b1c6b5701ef2829986a6bdc3f6fbf94 |
| SHA1 | 1a2fe685aba9430625cba281d1a8f7ba9d392af0 |
| SHA256 | 6a2cdce88637830202e1031bc8c11f083103a6bbb8c1ce16fb805671a46633c8 |
| SHA512 | f3391d790bb6acb1c25b82253b19c334e7cd73648e9821b7050fefbd5b0bc4b48a0cedd97e425a83c788f9b798337d33dee2e989771604c4f886da46d2debea0 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
| MD5 | 7fadb9e200dbbd992058cefa41212796 |
| SHA1 | e2525d7ba66bb07bc1cd5ba93f88c54e7e2042b4 |
| SHA256 | b05abacd15117b1ffcd2a288308f50c0542214d264b852eddfa9025307ac401b |
| SHA512 | 94b7bf1f1f5cea2a74f8c326113dd25652cb14e5fa356ac83d16b6ac5a5cac26c9d2b20259f5c2cf8ebc1e022490511e2996335a5d8dd7f5b64dce429fb6dfb1 |
C:\Program Files\Java\jre1.8.0_351\bin\javacpl.exe
| MD5 | 7a9d69862a2021508931a197cd6501ec |
| SHA1 | a0f7d313a874552f4972784d15042b564e4067fc |
| SHA256 | 51ff63cbac78bd133333e98d91b02b652c88cd57cedd0052519051a17be77856 |
| SHA512 | 5c331e6deefc8256ea203d63770484f6b485d4c3832a60ecf4a540dff3cb75a76dbde37980fe1763ca487401b68126f58f8d1a4c72ee610f5144c624c4736850 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk
| MD5 | b5e1de7d05841796c6d96dfe5b8b338c |
| SHA1 | c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547 |
| SHA256 | 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d |
| SHA512 | 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d |
C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe
| MD5 | 24ccb37646e1f52ce4f47164cccf2b91 |
| SHA1 | bc265e26417026286d6ed951904305086c4f693c |
| SHA256 | adf2d659c2b2a4afff1ca58f3a742d27d767d27eabeca6a8b6ee243e9c913a39 |
| SHA512 | cb174e7a219f6ffae3715e37beb428979bc1462202729c05a25fa7b8da90e2dd6faa92c03cd9ca21567d354dce7acc1852669f4071298e953d6a286243794e32 |
C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npdeployJava1.dll
| MD5 | ff91ac355dc6b1df63795886125bccf8 |
| SHA1 | 90979fc6ea3a89031598d2146bf5cdbbb6db6b77 |
| SHA256 | 14b30467cfea0071dffc658dd31b8a25b7b4e79608933f171911c2cba6aa9a0a |
| SHA512 | 77aa8c7930730004bdb8d49a82712e1042db978102f6eca0d38317b6fd98ef03e52279130eadc7a0da1148e759db6589f7f8334d4c2eccfb2613e8f19542e197 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-03-20 21:28
Reported
2023-03-20 21:34
Platform
win10v2004-20230221-en
Max time kernel
273s
Max time network
299s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\_sfx.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-2805025096-2326403612-4231045514-1000"
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-2805025096-2326403612-4231045514-1000"
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x344,0x348,0x34c,0x320,0x350,0x6f7a24a8,0x6f7a24b8,0x6f7a24c4
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2068 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230320213330" --session-guid=a6eca46d-3e05-427d-9895-ab21031c2202 --server-tracking-blob="Njc1ZGUxNWU3YzYwYzA1MmVhYjg1MzdkNmFlMjVmMzg5YjE0NjY2NTUzY2U2ZTk2MzI1YzM4ZDQ3NzBiOTNhYjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY3OTM0ODAwNy44NzU0IiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiIxNGZkZWE0OC1hZTZiLTQ0MTYtYTAxZC04ZDg3MmVjOWY2OWEifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=A005000000000000
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x340,0x350,0x354,0x31c,0x358,0x6ec624a8,0x6ec624b8,0x6ec624c4
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\_sfx.exe"
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x1086c28,0x1086c38,0x1086c44
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 38.146.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.150.43.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.81.184.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.234.70:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.234.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.192.144.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.97.242.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.66.64.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.129.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.232.229.192.in-addr.arpa | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 8.8.8.8:53 | 43.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.133.255.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.94.81.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.155:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.3.211:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 124.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.3.18.104.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 126.133.241.8.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 44.8.109.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/2156-147-0x00000000003B0000-0x0000000000798000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
memory/2156-440-0x0000000010000000-0x0000000010051000-memory.dmp
memory/2156-441-0x0000000006450000-0x0000000006453000-memory.dmp
memory/2156-456-0x00000000003B0000-0x0000000000798000-memory.dmp
memory/2156-457-0x0000000010000000-0x0000000010051000-memory.dmp
memory/2156-458-0x00000000003B0000-0x0000000000798000-memory.dmp
memory/2156-464-0x00000000003B0000-0x0000000000798000-memory.dmp
memory/2156-481-0x0000000010000000-0x0000000010051000-memory.dmp
memory/2156-483-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
| MD5 | 05d7bba3d6ac92766c4495b8928202a6 |
| SHA1 | 50b65a8ba5ed2633e43929ee4bd58c95a91a3363 |
| SHA256 | 4804f3c4fae714657fdb85e98244828acc6ac938505c2da1ed694ae7b58f2949 |
| SHA512 | 1544d5cd6f85aaeeacd26f2deb9da9eb510226b41079ee78c4dede14386e5ea3446efdfd475bfbfa3a6846fa2ff23d64f4dad3a4ddd304e32de80e4d7bcbc600 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
| MD5 | 5a7901f7df307fba45b1c377f2c94ccc |
| SHA1 | d6630cf733033cdfbda7af3213d49b32f5b06919 |
| SHA256 | d8471d5a5b4792c4b49e80b5cb22ef1e938dc3069b210646704f658548d7a9f8 |
| SHA512 | fc0036a7ed4b53edd72b91c4824919e6e8a82b5be1e82cdc134e267ef4792424124fb6ba5d7c86cf686910da0baba8453d7a6c12b39a5b4c0cb70658580f3bc9 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
| MD5 | bbdf2e8c0262e7e606d41ddbe5a3cd12 |
| SHA1 | acbb25f729af14b692ec9c8187a23b1a696f8e47 |
| SHA256 | d7c76896d206d977739556ad2d5811f7cf3117252afcd439a5aa0f2b645f6949 |
| SHA512 | 0334fae3682889adbc18594b7917d8c93252a86bc04d08efc6860d5714ba4eb8aabc39c51e532c4aee57a938021540d2f2899781d9cd1de311036e1850a65067 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
| MD5 | 60ffe9fc1f6775a0dc9e1ca9530f90cc |
| SHA1 | b00b235f71f231438a8ee5b23033999b371eb2e9 |
| SHA256 | 38c2ddbd665851eecb592a6751be6b8acf3b2ff485c05041bdad8789554f31d3 |
| SHA512 | 0722f62fed6ccb45609b87eed3370aff1a6d1ef81c452a9a730e9a1d58c093c854873969b2d2bfcb8b0ef8fe0de659fc5605a3f95cf2b26e6c27661739c3e01d |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
| MD5 | aec508468d53ab8d55f5b4beb82c347d |
| SHA1 | 477d1ffb28834243f5811a4a2a54b4f0ca240120 |
| SHA256 | ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf |
| SHA512 | 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe |
memory/2156-572-0x00000000003B0000-0x0000000000798000-memory.dmp
memory/2156-573-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3888-574-0x0000000000690000-0x0000000000A78000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202133287212068.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
memory/2068-638-0x00000000003E0000-0x0000000000925000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202133296903096.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202133296903096.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202133299711332.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
memory/1332-660-0x0000000000F20000-0x0000000001465000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202133303151376.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202133304242912.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | 4738f6309cf5984e6391dad6354f1f78 |
| SHA1 | 1aa1c14bd4118271f0a88103af198ade37b73003 |
| SHA256 | 61906efbf14f84ee89e1a0d6f11b93806bc5c68872c013a1a2253e782896b95d |
| SHA512 | 380400db07eb4ebf7a7069c22a51abf7c50155fe04a095a94f8b8ac89b79fc43e8e41980f493831aa27df4bb9a7d11153e558fd5b989fb6f66ea015e69d0b410 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | a20b5879a95dcafd85ac493c4e7f898b |
| SHA1 | fc4a0d7388e53cb335532d2e5cfbe061ed7fc74a |
| SHA256 | 846f69b7f739c74b4804ba36519a838cd952e201f2c23bcd695e6ba5702728f0 |
| SHA512 | 9dbd9b3d30a86bcaeabf915bd2cb492e27b94951cdc190d6416d4736cfff33901ab73e0ca27cbd6e2c54ee2c35acba2d8dc79d70955ad6e55fb1ca464290a0d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | 422bf5c3d0d106bba2626b94200a8861 |
| SHA1 | 996b5d7cb1a81a3e93f463a39a8ad3220b858a0b |
| SHA256 | fc5d53bb1e604d5c650e1d7b40923915a01a717a4ee87a9594134d1c7f780729 |
| SHA512 | 8f8e72de9bdff600d8fbb7250468a00c266e529b17b35702ab0ef5ef5fa8dec69f3ef7953f1d7fa5b92d1768b8c7508ac2c98c8af76eace57bb96a8b9a5b6a4a |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 199d0ac36103753b44ec61561f800bb0 |
| SHA1 | cf764501f1e71d4116bc0827b9a5f60e46a13f3a |
| SHA256 | 4f491ed4429f85373296368f4bb1604269396863c7c48a0c12bede2da5126acf |
| SHA512 | 4634e88d5dafd6d0835517f6479f0ffc6919a16d7c623c5a86be8a9145d479d9a4373cddc724680046d36db55bee6d2205336385718991bac78c50be4664f174 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 199d0ac36103753b44ec61561f800bb0 |
| SHA1 | cf764501f1e71d4116bc0827b9a5f60e46a13f3a |
| SHA256 | 4f491ed4429f85373296368f4bb1604269396863c7c48a0c12bede2da5126acf |
| SHA512 | 4634e88d5dafd6d0835517f6479f0ffc6919a16d7c623c5a86be8a9145d479d9a4373cddc724680046d36db55bee6d2205336385718991bac78c50be4664f174 |
memory/2156-686-0x00000000003B0000-0x0000000000798000-memory.dmp
memory/3888-688-0x0000000000690000-0x0000000000A78000-memory.dmp
memory/3096-692-0x00000000003E0000-0x0000000000925000-memory.dmp
memory/1376-693-0x00000000003E0000-0x0000000000925000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
| MD5 | 3094925a8de871bcc72ae50882d2a6f7 |
| SHA1 | 9f7894bc4b2a498ad20b14b2b3cac175bf4d7a9f |
| SHA256 | 523e7230db0c47a436abbc442db93e41b6f549b32da6c2a10db7a18228491216 |
| SHA512 | bf2349354321397652d834507aae4c32885273209d1409b796170292e37ebf35878e2934d3f53545e66724561e646cc660f952e0bb5006cd7a262a790b64e39e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
| MD5 | 0b445ace8798426e7185f52b7b7b6d1e |
| SHA1 | 7a77b46e0848cc9b32283ccb3f91a18c0934c079 |
| SHA256 | 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6 |
| SHA512 | 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
| MD5 | 5eecdc666e6dc0b8e5e8d2fc3b9cc1b2 |
| SHA1 | 72a16d461bd2410d5749c6bf939a127683d83a95 |
| SHA256 | 052f0289886f9cc0931d7026dfe1f5253ad39123479627e37afa5c430e8f8ff1 |
| SHA512 | 5d465d2c61d97ec2a52db3aeee8d42ececdef08930692842f9c6a41b0611cb774015d369e4fe5186079e97839acc78e8403ea6a6c33ee54a7aef3eea41c3d7db |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG
| MD5 | 03b1d78771eb279766efb2d9f2fa8463 |
| SHA1 | 8f10e304fd65e58136ccd6ab012ffc594e6fb707 |
| SHA256 | eec16d2cb57e38b485b6a269e9c2554c1dfc3b70dec9f7bbddc2b62526b3d832 |
| SHA512 | ca51cbaf20e6f62eb6ec69555d259ef61828d3166d09106bcd335dd417ed30660af71e7fd8db6bd22bf134cc530e1a55ecdd2c307e64e8edb28af95299d66f5a |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
| MD5 | 1557c08e187b7783083e0b80051fd321 |
| SHA1 | 2c6ee47799d713e88fd589609b81912a4522044e |
| SHA256 | 0c0e74dd07c45833a5dd7ba931e5d528eb16334defdd06171df2f632d6e47842 |
| SHA512 | 485f69b3878b2bd7fdf52ad020dde2cbc34dd1970aaa4e5eb8f8618f6091b5b827b428447859499c3d61ea9cde2edcbb97c8fb0560cd0aaff50027c0f97ee6f3 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 7bc30d2b3394aed748542f982ecf0729 |
| SHA1 | 1a9fda9ff23c5f07bb327492746107d080782a18 |
| SHA256 | bc5d19ece41fbfab2153c7518aa655676cc401e6b149e804cfdd0a57d4d8a6e2 |
| SHA512 | 98cfd3a6bc7bff9000c37ec7bd4cb32dc67a9b7079a0cca3b3f7963db559596cc660ef987f53e6178e5601650ae9b6048ea8362527385c3ff957cbb5b7a16ea7 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
| MD5 | 667b0b54ee5ba0d1cb66190226596e46 |
| SHA1 | b8658b35e7cf44b24053e4d01d3b51233d6526f6 |
| SHA256 | 3a9ab8c3640f1b40b33553d7d3dd3d15bd6e702ef510ec0b66a2f14aa744bf83 |
| SHA512 | 9ccc773214a0074634be66801d81d7a593ab154351fdbd1b93f56ffa80cf824ee31ff2e13f26536d5f3096e90df43fa223080b4dc55340614b076c08ef976dcb |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
| MD5 | 38c12e1a54f8fd216ed3f13b36798cc6 |
| SHA1 | ccf1fe585d3374ebce4c1ec025e2d8ec39968a7c |
| SHA256 | 608924ba294590b5b706658d9aaa71b480ad9aa1b6797bbc5cf1632ac6c616b1 |
| SHA512 | 0918af63f006d7fa04a3faeeb813e61c060316a126c4742a948a30f5b6ea368c3b8592011319dad3dbf8427dfcc095aa72f7b651d6fc31061f861f070447331b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
| MD5 | 5bc85d12eb492baa3be9230f1fbdc342 |
| SHA1 | 456fe4284fa916ad3817e7c3d419c13f4c949737 |
| SHA256 | 9a27f240758513aa1cc05500171fe22fdb3a485781cba4798cefc29f6944373c |
| SHA512 | 3d55c597ac29d7f810980dfd89404d3ecbd2e652ae1bc5e6710668ad5386a0caecf3149289df13f6dabed6b2e4305a26684ab3bd21b255b37f8a596fe8d641b9 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
| MD5 | 59d6f22fdc11d6b116b38193ed5f4b97 |
| SHA1 | cddc7eb2110b3179dd6d1e32b4b37f3568a22ebf |
| SHA256 | 782cafea76d24d76885d88ee1302e5f78d75a4e335529dc20ad476fdb9e34744 |
| SHA512 | 5b0fab5139736d30a69c98ea88d95a5c70f59aab1b82394c58b33617b824447b861a6e6067b62dd1ca1812a4989937e06ad473c6c94376af957871e9e63553fa |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
| MD5 | d8a095202e08fa1ac2578982e9a486db |
| SHA1 | 397ffc8af43ac18466b8df245b4faa6b278659e6 |
| SHA256 | 28fed2b9a3cbde34da4b6b5d1af2d2844437d21f6dec85b3ca2faa5cd3b512e5 |
| SHA512 | ac751386a0004e335f4e5f4ea24bf6a474478c8a7ca54d018734e7cd44b8e9a0eb262b00fe1219b1c62c96b018b08ba6b1056d3a13e64b55c7e70d748a6ae9c6 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG
| MD5 | 09229c3bfb801177839a7c2e22e33a1b |
| SHA1 | f679c05c4c7b2f3722069420c6d6481fc856e7aa |
| SHA256 | cbf81d779b469942613297a3ca6c09d885e3b1d4aa952dc1994a7175fbfc7e3f |
| SHA512 | 503bfa063b29dda95f15da303f707e5b78a6bdb74662c222d8a8b7e3a33264016a66acdd9de44aea932e7cde80a43c2406ea6f0250d3df8e182217bc4a0a7ed7 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
| MD5 | 1f5c8939031a7f93762862cfc88a8e56 |
| SHA1 | 6dc4df87344db0ddf09c777e7a80d1b5661559b8 |
| SHA256 | 14be26e969eb15ef7e76e0ad02d8aa0516c5391e8b09dba0a9a6c5f57ae24aba |
| SHA512 | de45d700c86329c704777917863fd1ddeca90d2bed67a72794164882bf15725ce83c7733f664ee0a2af7df54a6be2def729d19237fb2c434115396ac126ff47f |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
| MD5 | ce17d7ce06488f394ce124f17d5acafc |
| SHA1 | 8a5dceae9ea369b686123c8f940bb0ea07870ffa |
| SHA256 | c4b04568930f03979d71f48a57b9ad06b4cdf687272f6753ff662006e8e6237f |
| SHA512 | c33f1370213cabd1b84c936f1ac14f9bcc83bc03a633bbe25efe1e906bcee515d0e615c86b7ee3b34404dd1d95ce74d1a00908de8cdacbf9961de3f1ceb8362b |
memory/2912-860-0x00000000003E0000-0x0000000000925000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
| MD5 | fa8aa84ef4bf0de505f6e3447d4b55b3 |
| SHA1 | b99654dfa5f6c56857b4f4102af2d27503bcdc74 |
| SHA256 | f3b7e85e8e5e41496fb563816fbf79e6640feb1591bd5e0c0b876d80053ad913 |
| SHA512 | b3a7d0d5abe554301b8745bd738662d80e439fba8df6f984cc05151ec8c081a61f0538765653e8587b431cdc97d384ee35d17ab3324c06a2ca40a069e1525ba6 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG
| MD5 | 46a65321aa1fce57d465c26e8b6eb392 |
| SHA1 | 9efb9a3acd5b32556ea66398c74b014f91087559 |
| SHA256 | 61df7a1f0367209668d4f0f6a285b8baff864d1341d382ebbc7fd4e71036b666 |
| SHA512 | 094d69016f066ae835c71d7a950217b9ad09e8cd4d74131787203cae950e572c18213dc1ded139b1fa46c7f803cc15bf4f596c9d51aefe0d43850ae2865f3707 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
| MD5 | 2799f9daca46770a871ce1b5eed32e7c |
| SHA1 | a2792f571210a7f38cdbe49391017300ee7b1ce4 |
| SHA256 | fc22676f5b6cdae17b78ddfd16bb070687516fbc827a7edd0541f3a32d85c9e9 |
| SHA512 | c41f2e4c4ca59d6f9d11fac11296ab87f1b508b5d64e5db7762f2f6dd387aa96206b2b0fa127f17c0b8c24a0b56e81af12d5937474a450222d9c4416c1acb16a |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | c6eb57824a22551afebbe5ea38f1335f |
| SHA1 | 48caa78d73290060bf51e85423434b5e099d4c2b |
| SHA256 | 86b96c924b25cb602fba37eae7fc6ac7653bfa48aebe8d4662db9c5bc93b83a5 |
| SHA512 | a2e684a8ed45819b8718109de992831defa55309ee4c74db99f18e7b782f0c1103b0c0faa5e9088d64c5bdf675d94c47d2c091973272ae553ed69d69c65aca0c |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\opera_package
| MD5 | c986c8f3ec1d6b1e960bb86773dd709d |
| SHA1 | ade1122d90add9ba8135e7bd790fcb4a3fe28e36 |
| SHA256 | cf0f8d1fed7d35138bfa446c7fcdcd2da8bdef19fd8a886c03b8b9d7047cc394 |
| SHA512 | ab1541786b1efbc20dd6b5cebba4b483c0bf3939f92b0e90cf8c9e65bde873c8f82b420418e10d0f05e4f4586fd6a78ba9e5967c19347c26487ac602d9296714 |
memory/2156-1647-0x00000000003B0000-0x0000000000798000-memory.dmp
memory/2156-1648-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | f08d9bbc61cff8e8c3504524c3220bef |
| SHA1 | b4268c667469620bb528c04eaa819d508159b398 |
| SHA256 | 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb |
| SHA512 | a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG
| MD5 | 0f414e91b67121d55587e7c004f35cb2 |
| SHA1 | 6d63b4c6fa858f8cfd4b257600037e9c370355a8 |
| SHA256 | 015dd2b2df51cd90438286d28b5719cbdf9a2e7bebf326b99c6c091ad98e4cc1 |
| SHA512 | 1b7d8bbb97f6acb4984cd93578b5045cd4ce0813645a28d3b778489b646194e68b2a931f26a9c6a7026f98de29719132972eb983d771affdfe42c42622b786e9 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG
| MD5 | 98abbfa2908f51f4eda33f465ccacc03 |
| SHA1 | 1bd17c0835b1c8196d0a8166b4818b3138f65a28 |
| SHA256 | 10438b49eeac103534a5fd867888437b761f346cec8714daeb95fdd246cc540a |
| SHA512 | 9eaa76ab654a786f5af84e9a20e7d0efb22ee00977e662ab5a057da1aff1a7552150bba0253704f00e60115347bfb4fe1784a703ad3846e221dbee41ea7a1470 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\additional_file0.tmp
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | f08d9bbc61cff8e8c3504524c3220bef |
| SHA1 | b4268c667469620bb528c04eaa819d508159b398 |
| SHA256 | 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb |
| SHA512 | a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4 |
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | f08d9bbc61cff8e8c3504524c3220bef |
| SHA1 | b4268c667469620bb528c04eaa819d508159b398 |
| SHA256 | 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb |
| SHA512 | a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4 |
memory/5404-1976-0x0000000000400000-0x0000000000417000-memory.dmp
memory/3888-1991-0x0000000000690000-0x0000000000A78000-memory.dmp
memory/2156-1990-0x00000000003B0000-0x0000000000798000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202133301\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 199d0ac36103753b44ec61561f800bb0 |
| SHA1 | cf764501f1e71d4116bc0827b9a5f60e46a13f3a |
| SHA256 | 4f491ed4429f85373296368f4bb1604269396863c7c48a0c12bede2da5126acf |
| SHA512 | 4634e88d5dafd6d0835517f6479f0ffc6919a16d7c623c5a86be8a9145d479d9a4373cddc724680046d36db55bee6d2205336385718991bac78c50be4664f174 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar
| MD5 | 41f66d1d4d250efebde3bbf8b2d55dfa |
| SHA1 | eeb69005da379a10071aa4948c48d89250febb07 |
| SHA256 | 9b9df27a5b8c7864112b4137fd92b36c3f1395bfe57be42fedf2f520ead1a93e |
| SHA512 | 109a1595668293b32376e885ad59e0e4c0e088ea00f58119f0f7d0d2055f03eb93a9f92d974b6dbd56ef721792ac03c889d9add3a2850aa7ccd732c2682d17ef |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extentions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar
| MD5 | 65912196b6e91f2ceb933001c1fb5c94 |
| SHA1 | af799dd7e23e6fe8c988da12314582072b07edcb |
| SHA256 | 663728123fb9a6b79ea39ae289e5d56b4113e1b8e9413eb792f91e53a6dd5868 |
| SHA512 | 60b15182130ddfd801dd0438058d641dd5ba9122f2d1e081eb63f5e2c12fff0271d9d47c58925be0be8267ed22ae893ea9d1b251faba17dc1d2552b5d93056de |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar
| MD5 | 43bfc49bdc7324f6daaa60c1ee9f3972 |
| SHA1 | 6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9 |
| SHA256 | 58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4 |
| SHA512 | 834f2bf4a5b35edffde0263409649aeaf34ca9a742ba511a06bb9b01626f9e774d2d3c8ba91a7905929dc8cd5e6471de29f7d0ab10260ece2af709b7fdbe4bc3 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
| MD5 | 04177054e180d09e3998808efa0401c7 |
| SHA1 | 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8 |
| SHA256 | 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08 |
| SHA512 | 3f44a932d8c00cfeee2eb057bcd7c301a2d029063e0a916e1e20b3aec4877d19d67a2fd8aaf58fa2d5a00133d1602128a7f50912ffb6cabc7b0fdc7fbda3f8a1 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar
| MD5 | 289075e48b909e9e74e6c915b3631d2e |
| SHA1 | 6975da39a7040257bd51d21a231b76c915872d38 |
| SHA256 | 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff |
| SHA512 | e126b7ccf3e42fd1984a0beef1004a7269a337c202e59e04e8e2af714280d2f2d8d2ba5e6f59481b8dcd34aaf35c966a688d0b48ec7e96f102c274dc0d3b381e |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar
| MD5 | 04a41f0a068986f0f73485cf507c0f40 |
| SHA1 | 5af35056b4d257e4b64b9e8069c0746e8b08629f |
| SHA256 | 1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9 |
| SHA512 | 3f12937a69ba60d0f5e86265168d6a0d069ce20d95b99a3ace463987655e7c63053f4d7e36e32f2b53f86992b888ca477bf81253ad04c721896b397f94ee57fc |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar
| MD5 | 8667a442ee77e509fbe8176b94726eb2 |
| SHA1 | 5fe28b9518e58819180a43a850fbc0dd24b7c050 |
| SHA256 | 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b |
| SHA512 | b1b556692341a240f8b81f8f71b8b5c0225ccf857ce1b185e7fe6d7a9bb2a4d77823496cd6e2697a20386e7f3ba02d476a0e4ff38071367beb3090104544922d |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar
| MD5 | acbc8aa5ba5cdddf5f1e67befe8cc597 |
| SHA1 | 63b4bf89744b532e65c1afa3294743d2b3798f2b |
| SHA256 | 1f46b3a163012f9729905633b5e5e03ce385066ae43138a564729c942f9ca6b9 |
| SHA512 | d974a032d9af451c0dd51fbc0d64840f3e03eb502f40e4ab60d6722913b8a48d44a75752fcff60656e4d19089570a894222959745af11bcdf93ea1544192fee3 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar
| MD5 | 13a8e72587ac6eacfb0986f75e51eb7c |
| SHA1 | 6c3daf89705427f73e6106d2d4d9619e99c5ecb5 |
| SHA256 | 1fcffa073f722737431e2699b1f3ea48b92a3b825397d8f0d1464e4d4d15a014 |
| SHA512 | 134735390415f60d0c42ff33a060bda508e273b35fc9aab271c20ff23f331b51cf3fa36443009e0987049f6bfb22c4098a1473e65ea0349e719fbf4b528f344e |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\3.7\picture-bundle-3.7.jar
| MD5 | 904094a40b7d81b12936f43b49952922 |
| SHA1 | 5ccf048dd51a7d0cdd59a1ea6ce2e3b167feacf3 |
| SHA256 | 0cd5746118a3a38b7e6126770bc53c0f7c4641fab786e3d6004a4caace4fc536 |
| SHA512 | 36e2bc67d73319b8f10a572ee3ca6f541aa51ca16c1efea9430111f3a058c9c922a43865b064811117f1c3892e39aee3bc79d7fc5ce20ccd75a13d447ca68911 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar
| MD5 | 51050e595b308c4aec8ac314f66e18bc |
| SHA1 | 9c64274b7dbb65288237216e3fae7877fd3f2bee |
| SHA256 | 86f30fa8775fa3a62cdb39d1ed78a6019164c1058864048d42cbee244e26e840 |
| SHA512 | c5c130bf22f24f61b57fc0c6243e7f961ca2a8928416e8bb288aec6650c1c1c06ace4383913cd1277fc6785beb9a74458807ea7e3d6b2e09189cfaf2fb9ab7e1 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar
| MD5 | 39c6476e4de3d4f90ad4ca0ddca48ec2 |
| SHA1 | ee9e9eaa0a35360dcfeac129ff4923215fd65904 |
| SHA256 | 26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5 |
| SHA512 | fd04c19bce810a1548b2d2eaadb915cff2cbc81a81ec5258aafc1ba329100daedc49edad1fc7b254ab892996796124283d7004b5414f662c0efa3979add9ca5f |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar
| MD5 | 948dda787593340a7af1a18e328b7b7f |
| SHA1 | 9141212b8507ab50a45525b545b39d224614528b |
| SHA256 | ade7402a70667a727635d5c4c29495f4ff96f061f12539763f6f123973b465b0 |
| SHA512 | 6e41ff42f12deedb8da06cbed73d0a9a5389660b7ee058436f8fcb6b14a6ab3105faf8e3f2c007d38ccc85af1e704505b84be5a80d8e68a434aae82b54b85f70 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\httpcomponents\fluent-hc\4.5.13\fluent-hc-4.5.13.jar
| MD5 | 8f7e4f1a95a870ebee87ddacc425362c |
| SHA1 | 300bf1846737e34b9ea10faae257ca8fdcd0616f |
| SHA256 | f883b6b027d5e05c53e48e4fe3548715c52dbd590ffa3f52d039574f1a4d0728 |
| SHA512 | 98e30ed27d6ac078450efe5e236117445c93e05eb280399e056816c52643a3a33adce5e3a885ce8488186f38d05e0fb6c65dfcbaa509be8c6047ef2f0870d9b0 |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar
| MD5 | 540f330717bca9d29c8762cf6daca443 |
| SHA1 | eed8a2cbf56cc60d07a189a429ead3067564193c |
| SHA256 | 52de1ff2a7556ac2cc4284abd7123bc3d6274210fc4e3b1d9ba90efad5f6a153 |
| SHA512 | a4bcb8bbb43906f42faf1802c504ccc9c616e49afd5dd7db77676d13aaed79a300979ffc2195b680a9c6d5f03466b611b6f1338d824099816aa224b234760f4b |
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar
| MD5 | 75a215b9e921044cd2c88e73f6cb9745 |
| SHA1 | 18cc717b85af0b12ba922abf415c2ff4716f8219 |
| SHA256 | 7c764fa1af319b98ff452189ab31bb722ea74ed7a52b17b0c6282249c10a61fc |
| SHA512 | 1a44af2f3f8dbfbf38ad5f71ef11b32d5822d734f77af2cdea419fb6af845e894acb60bffbcebb4533068d86b55a22a8b0f74be20b204c2343bdb165d9c787f9 |