Malware Analysis Report

2024-09-22 06:27

Sample ID 230320-1h9yzsfe39
Target TLauncher-2.876-Installer-1.0.7-global.exe
SHA256 78d84068b47cf28b76c88ba4474c7c187510f4e4e967d079d3761dcab7851655
Tags
discovery spyware stealer upx bazarbackdoor adware backdoor persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

78d84068b47cf28b76c88ba4474c7c187510f4e4e967d079d3761dcab7851655

Threat Level: Known bad

The file TLauncher-2.876-Installer-1.0.7-global.exe was found to be: Known bad.

Malicious Activity Summary

discovery spyware stealer upx bazarbackdoor adware backdoor persistence

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

Blocklisted process makes network request

Loads dropped DLL

Registers COM server for autorun

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Installs/modifies Browser Helper Object

Drops desktop.ini file(s)

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Checks SCSI registry key(s)

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-03-20 21:40

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-03-20 21:40

Reported

2023-03-20 21:45

Platform

win10v2004-20230220-en

Max time kernel

299s

Max time network

291s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5084 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 5084 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 5084 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 112 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 112 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 112 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 4532 wrote to memory of 508 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 4532 wrote to memory of 508 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 4532 wrote to memory of 508 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 508 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 508 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 508 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2456 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2456 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2456 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2244 wrote to memory of 5176 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe
PID 2244 wrote to memory of 5176 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe
PID 2244 wrote to memory of 5176 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe
PID 2244 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe
PID 2244 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe
PID 2244 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe
PID 5260 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe
PID 5260 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe
PID 5260 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe
PID 112 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
PID 112 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
PID 112 wrote to memory of 5500 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
PID 5500 wrote to memory of 6264 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
PID 5500 wrote to memory of 6264 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-1529757233-3489015626-3409890339-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-1529757233-3489015626-3409890339-1000"

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6f4124a8,0x6f4124b8,0x6f4124c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2244 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230320224501" --session-guid=b3fc6f12-89e3-4011-bbab-53b8550ec4d1 --server-tracking-blob="OWQ5MzEzYWY0ZmMwZDExYjY4NTY5YzE1MGU5NDU4NGFjNTIzNzY2YjM0ZDU5NTlkOTgwNTI3NjE1N2UxM2EwOTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY3OTM0ODY5OS44MjQ4IiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiI3OTkzOTFkMi1lNzRiLTRlNzYtYjdkNy05OWZiMzkzOTI2YjgifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E405000000000000

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6e8d24a8,0x6e8d24b8,0x6e8d24c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0xc06c28,0xc06c38,0xc06c44

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 210.81.184.52.in-addr.arpa udp
US 8.8.8.8:53 113.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 32.146.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.192.144.4.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.234.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 70.234.20.104.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 113.66.64.40.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 254.129.241.8.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 8.247.210.254:80 tcp
US 8.247.210.254:80 tcp
US 8.247.210.254:80 tcp
US 8.8.8.8:53 113.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 58.104.205.20.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.15:443 features.opera-api2.com tcp
NL 82.145.216.24:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.2.211:443 download5.operacdn.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 15.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 24.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 211.2.18.104.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

memory/112-147-0x0000000000620000-0x0000000000A08000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/112-441-0x00000000068C0000-0x00000000068C3000-memory.dmp

memory/112-440-0x0000000010000000-0x0000000010051000-memory.dmp

memory/112-456-0x0000000000620000-0x0000000000A08000-memory.dmp

memory/112-457-0x0000000010000000-0x0000000010051000-memory.dmp

memory/112-464-0x0000000000620000-0x0000000000A08000-memory.dmp

memory/112-481-0x0000000010000000-0x0000000010051000-memory.dmp

memory/112-483-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

MD5 05d7bba3d6ac92766c4495b8928202a6
SHA1 50b65a8ba5ed2633e43929ee4bd58c95a91a3363
SHA256 4804f3c4fae714657fdb85e98244828acc6ac938505c2da1ed694ae7b58f2949
SHA512 1544d5cd6f85aaeeacd26f2deb9da9eb510226b41079ee78c4dede14386e5ea3446efdfd475bfbfa3a6846fa2ff23d64f4dad3a4ddd304e32de80e4d7bcbc600

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

MD5 5a7901f7df307fba45b1c377f2c94ccc
SHA1 d6630cf733033cdfbda7af3213d49b32f5b06919
SHA256 d8471d5a5b4792c4b49e80b5cb22ef1e938dc3069b210646704f658548d7a9f8
SHA512 fc0036a7ed4b53edd72b91c4824919e6e8a82b5be1e82cdc134e267ef4792424124fb6ba5d7c86cf686910da0baba8453d7a6c12b39a5b4c0cb70658580f3bc9

memory/112-512-0x0000000000620000-0x0000000000A08000-memory.dmp

memory/112-515-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

MD5 bbdf2e8c0262e7e606d41ddbe5a3cd12
SHA1 acbb25f729af14b692ec9c8187a23b1a696f8e47
SHA256 d7c76896d206d977739556ad2d5811f7cf3117252afcd439a5aa0f2b645f6949
SHA512 0334fae3682889adbc18594b7917d8c93252a86bc04d08efc6860d5714ba4eb8aabc39c51e532c4aee57a938021540d2f2899781d9cd1de311036e1850a65067

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/112-570-0x0000000000620000-0x0000000000A08000-memory.dmp

memory/112-571-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 042904ec81cc2b117a5793149e7b00ae
SHA1 51079dd986895b497503b283d47213e032811f9e
SHA256 96322765470f2160b843f894377b2267bae9949795d5c24d72959f7ecd2167a6
SHA512 d1f65a8f2c21d8d4a7b38eef090bc08cb282ea4df381726cc52c303417a3991be13f5224b635ac882832f7c629072397c0a72f50e410e5e9b3679f42e6507d2f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 aec508468d53ab8d55f5b4beb82c347d
SHA1 477d1ffb28834243f5811a4a2a54b4f0ca240120
SHA256 ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf
SHA512 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe

memory/508-576-0x0000000000D40000-0x0000000001128000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202244594682244.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/2244-640-0x00000000005E0000-0x0000000000B25000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202245007183500.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202245007183500.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/3500-654-0x00000000005E0000-0x0000000000B25000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202245015783208.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

memory/3208-663-0x00000000004F0000-0x0000000000A35000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202245019372456.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 9a1b2f9f6688107f1257551850f48d00
SHA1 c1def11e6d7be049ce43b9464d1b4a5af12261fc
SHA256 067eafb5dbc8d126980432b6e433b4c89d9ad5b25f33c785f7cc5079b22a6dd3
SHA512 9fd32c98ad29cbd3dea1ed78d3a9e78c44249e17bfb42de3ee5659073c5afeb8b10d97a11ae04b2065acb33263bffb054a7bb84540c271ee77dc81daa67d783e

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202245020153464.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 d0e91f3ddaeaea1f3d00eff5c07061d5
SHA1 86512618eab1fa891cadbd1184716b01e6e4d0ef
SHA256 8179a9e4b086d38a7187723537e1f7fa81ec836990ef4879942f9a49e753147f
SHA512 d9192d283bc11a7a3989cc5063f17fc7f9e8f8be240db435546b20f1fdf880879f7b4353fd2781b605af80330255e8d15691dbff0b59b28648ac690c91c2db45

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 d0e91f3ddaeaea1f3d00eff5c07061d5
SHA1 86512618eab1fa891cadbd1184716b01e6e4d0ef
SHA256 8179a9e4b086d38a7187723537e1f7fa81ec836990ef4879942f9a49e753147f
SHA512 d9192d283bc11a7a3989cc5063f17fc7f9e8f8be240db435546b20f1fdf880879f7b4353fd2781b605af80330255e8d15691dbff0b59b28648ac690c91c2db45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 a20b5879a95dcafd85ac493c4e7f898b
SHA1 fc4a0d7388e53cb335532d2e5cfbe061ed7fc74a
SHA256 846f69b7f739c74b4804ba36519a838cd952e201f2c23bcd695e6ba5702728f0
SHA512 9dbd9b3d30a86bcaeabf915bd2cb492e27b94951cdc190d6416d4736cfff33901ab73e0ca27cbd6e2c54ee2c35acba2d8dc79d70955ad6e55fb1ca464290a0d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 91c6d501bcabe6cf3c225fb0b2b08656
SHA1 7fea28171046b9b865235fed548234d3a203643a
SHA256 cf866181de6b316aa095dcf318e886b758221f1831a8b412f1d9dce11d00f645
SHA512 c78038b1025d4ad9c632d229edd649763527427149c9a981ff53029150d82da2310028c76b4bcf38a0835db310397add5689e162d3123c14b4315257e0f05aaf

memory/112-689-0x0000000000620000-0x0000000000A08000-memory.dmp

memory/508-691-0x0000000000D40000-0x0000000001128000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

MD5 3094925a8de871bcc72ae50882d2a6f7
SHA1 9f7894bc4b2a498ad20b14b2b3cac175bf4d7a9f
SHA256 523e7230db0c47a436abbc442db93e41b6f549b32da6c2a10db7a18228491216
SHA512 bf2349354321397652d834507aae4c32885273209d1409b796170292e37ebf35878e2934d3f53545e66724561e646cc660f952e0bb5006cd7a262a790b64e39e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

MD5 1557c08e187b7783083e0b80051fd321
SHA1 2c6ee47799d713e88fd589609b81912a4522044e
SHA256 0c0e74dd07c45833a5dd7ba931e5d528eb16334defdd06171df2f632d6e47842
SHA512 485f69b3878b2bd7fdf52ad020dde2cbc34dd1970aaa4e5eb8f8618f6091b5b827b428447859499c3d61ea9cde2edcbb97c8fb0560cd0aaff50027c0f97ee6f3

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

MD5 5eecdc666e6dc0b8e5e8d2fc3b9cc1b2
SHA1 72a16d461bd2410d5749c6bf939a127683d83a95
SHA256 052f0289886f9cc0931d7026dfe1f5253ad39123479627e37afa5c430e8f8ff1
SHA512 5d465d2c61d97ec2a52db3aeee8d42ececdef08930692842f9c6a41b0611cb774015d369e4fe5186079e97839acc78e8403ea6a6c33ee54a7aef3eea41c3d7db

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG

MD5 03b1d78771eb279766efb2d9f2fa8463
SHA1 8f10e304fd65e58136ccd6ab012ffc594e6fb707
SHA256 eec16d2cb57e38b485b6a269e9c2554c1dfc3b70dec9f7bbddc2b62526b3d832
SHA512 ca51cbaf20e6f62eb6ec69555d259ef61828d3166d09106bcd335dd417ed30660af71e7fd8db6bd22bf134cc530e1a55ecdd2c307e64e8edb28af95299d66f5a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 1d0d3dcad1cdb2b62b578126fb6edd7f
SHA1 d79719ff58a7a23748eced2391dbdb7faeb98461
SHA256 73dda4f70a7379d3b73a221b5387ced66b1f93d2e5b0c2e0c923be88622ab1d9
SHA512 34cdf726538af1268a453a9ce8992a3eacb5af9236e3024eff5ffa42f06c2fdc7c330f87d5109448a9e31e595846cc23bd9181a3287e2274abcad6375d1e6f75

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

MD5 38c12e1a54f8fd216ed3f13b36798cc6
SHA1 ccf1fe585d3374ebce4c1ec025e2d8ec39968a7c
SHA256 608924ba294590b5b706658d9aaa71b480ad9aa1b6797bbc5cf1632ac6c616b1
SHA512 0918af63f006d7fa04a3faeeb813e61c060316a126c4742a948a30f5b6ea368c3b8592011319dad3dbf8427dfcc095aa72f7b651d6fc31061f861f070447331b

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

MD5 667b0b54ee5ba0d1cb66190226596e46
SHA1 b8658b35e7cf44b24053e4d01d3b51233d6526f6
SHA256 3a9ab8c3640f1b40b33553d7d3dd3d15bd6e702ef510ec0b66a2f14aa744bf83
SHA512 9ccc773214a0074634be66801d81d7a593ab154351fdbd1b93f56ffa80cf824ee31ff2e13f26536d5f3096e90df43fa223080b4dc55340614b076c08ef976dcb

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

MD5 5bc85d12eb492baa3be9230f1fbdc342
SHA1 456fe4284fa916ad3817e7c3d419c13f4c949737
SHA256 9a27f240758513aa1cc05500171fe22fdb3a485781cba4798cefc29f6944373c
SHA512 3d55c597ac29d7f810980dfd89404d3ecbd2e652ae1bc5e6710668ad5386a0caecf3149289df13f6dabed6b2e4305a26684ab3bd21b255b37f8a596fe8d641b9

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

MD5 59d6f22fdc11d6b116b38193ed5f4b97
SHA1 cddc7eb2110b3179dd6d1e32b4b37f3568a22ebf
SHA256 782cafea76d24d76885d88ee1302e5f78d75a4e335529dc20ad476fdb9e34744
SHA512 5b0fab5139736d30a69c98ea88d95a5c70f59aab1b82394c58b33617b824447b861a6e6067b62dd1ca1812a4989937e06ad473c6c94376af957871e9e63553fa

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

MD5 0b445ace8798426e7185f52b7b7b6d1e
SHA1 7a77b46e0848cc9b32283ccb3f91a18c0934c079
SHA256 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6
SHA512 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG

MD5 d8a095202e08fa1ac2578982e9a486db
SHA1 397ffc8af43ac18466b8df245b4faa6b278659e6
SHA256 28fed2b9a3cbde34da4b6b5d1af2d2844437d21f6dec85b3ca2faa5cd3b512e5
SHA512 ac751386a0004e335f4e5f4ea24bf6a474478c8a7ca54d018734e7cd44b8e9a0eb262b00fe1219b1c62c96b018b08ba6b1056d3a13e64b55c7e70d748a6ae9c6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

MD5 09229c3bfb801177839a7c2e22e33a1b
SHA1 f679c05c4c7b2f3722069420c6d6481fc856e7aa
SHA256 cbf81d779b469942613297a3ca6c09d885e3b1d4aa952dc1994a7175fbfc7e3f
SHA512 503bfa063b29dda95f15da303f707e5b78a6bdb74662c222d8a8b7e3a33264016a66acdd9de44aea932e7cde80a43c2406ea6f0250d3df8e182217bc4a0a7ed7

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

MD5 1f5c8939031a7f93762862cfc88a8e56
SHA1 6dc4df87344db0ddf09c777e7a80d1b5661559b8
SHA256 14be26e969eb15ef7e76e0ad02d8aa0516c5391e8b09dba0a9a6c5f57ae24aba
SHA512 de45d700c86329c704777917863fd1ddeca90d2bed67a72794164882bf15725ce83c7733f664ee0a2af7df54a6be2def729d19237fb2c434115396ac126ff47f

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG

MD5 ce17d7ce06488f394ce124f17d5acafc
SHA1 8a5dceae9ea369b686123c8f940bb0ea07870ffa
SHA256 c4b04568930f03979d71f48a57b9ad06b4cdf687272f6753ff662006e8e6237f
SHA512 c33f1370213cabd1b84c936f1ac14f9bcc83bc03a633bbe25efe1e906bcee515d0e615c86b7ee3b34404dd1d95ce74d1a00908de8cdacbf9961de3f1ceb8362b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

MD5 fa8aa84ef4bf0de505f6e3447d4b55b3
SHA1 b99654dfa5f6c56857b4f4102af2d27503bcdc74
SHA256 f3b7e85e8e5e41496fb563816fbf79e6640feb1591bd5e0c0b876d80053ad913
SHA512 b3a7d0d5abe554301b8745bd738662d80e439fba8df6f984cc05151ec8c081a61f0538765653e8587b431cdc97d384ee35d17ab3324c06a2ca40a069e1525ba6

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG

MD5 46a65321aa1fce57d465c26e8b6eb392
SHA1 9efb9a3acd5b32556ea66398c74b014f91087559
SHA256 61df7a1f0367209668d4f0f6a285b8baff864d1341d382ebbc7fd4e71036b666
SHA512 094d69016f066ae835c71d7a950217b9ad09e8cd4d74131787203cae950e572c18213dc1ded139b1fa46c7f803cc15bf4f596c9d51aefe0d43850ae2865f3707

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 2799f9daca46770a871ce1b5eed32e7c
SHA1 a2792f571210a7f38cdbe49391017300ee7b1ce4
SHA256 fc22676f5b6cdae17b78ddfd16bb070687516fbc827a7edd0541f3a32d85c9e9
SHA512 c41f2e4c4ca59d6f9d11fac11296ab87f1b508b5d64e5db7762f2f6dd387aa96206b2b0fa127f17c0b8c24a0b56e81af12d5937474a450222d9c4416c1acb16a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 02d91a486c52f419858ee92fbcd2471c
SHA1 f3e2e588f890bf00a216d3e716d6e188ee032daa
SHA256 b00b30e44505d0d8431629692a8fa3a90df0d8658d91b567065ca1315c62f1f7
SHA512 35cdc28faecac370ef29eac7c049032e1f961d012a0e876a75bb9be502af457b94adb26339260425c1d924842670a9f4390c754107734a36953abeae5bbd6ce9

memory/2456-1631-0x00000000005E0000-0x0000000000B25000-memory.dmp

memory/3464-1632-0x00000000005E0000-0x0000000000B25000-memory.dmp

memory/112-1634-0x0000000000620000-0x0000000000A08000-memory.dmp

memory/112-1635-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG

MD5 0f414e91b67121d55587e7c004f35cb2
SHA1 6d63b4c6fa858f8cfd4b257600037e9c370355a8
SHA256 015dd2b2df51cd90438286d28b5719cbdf9a2e7bebf326b99c6c091ad98e4cc1
SHA512 1b7d8bbb97f6acb4984cd93578b5045cd4ce0813645a28d3b778489b646194e68b2a931f26a9c6a7026f98de29719132972eb983d771affdfe42c42622b786e9

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG

MD5 98abbfa2908f51f4eda33f465ccacc03
SHA1 1bd17c0835b1c8196d0a8166b4818b3138f65a28
SHA256 10438b49eeac103534a5fd867888437b761f346cec8714daeb95fdd246cc540a
SHA512 9eaa76ab654a786f5af84e9a20e7d0efb22ee00977e662ab5a057da1aff1a7552150bba0253704f00e60115347bfb4fe1784a703ad3846e221dbee41ea7a1470

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\opera_package

MD5 c986c8f3ec1d6b1e960bb86773dd709d
SHA1 ade1122d90add9ba8135e7bd790fcb4a3fe28e36
SHA256 cf0f8d1fed7d35138bfa446c7fcdcd2da8bdef19fd8a886c03b8b9d7047cc394
SHA512 ab1541786b1efbc20dd6b5cebba4b483c0bf3939f92b0e90cf8c9e65bde873c8f82b420418e10d0f05e4f4586fd6a78ba9e5967c19347c26487ac602d9296714

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\additional_file0.tmp

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202245011\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 d0e91f3ddaeaea1f3d00eff5c07061d5
SHA1 86512618eab1fa891cadbd1184716b01e6e4d0ef
SHA256 8179a9e4b086d38a7187723537e1f7fa81ec836990ef4879942f9a49e753147f
SHA512 d9192d283bc11a7a3989cc5063f17fc7f9e8f8be240db435546b20f1fdf880879f7b4353fd2781b605af80330255e8d15691dbff0b59b28648ac690c91c2db45

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

memory/112-2005-0x0000000000620000-0x0000000000A08000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-20 21:40

Reported

2023-03-20 21:45

Platform

win10-20230220-en

Max time kernel

300s

Max time network

299s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\System32\GamePanel.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\GamePanel.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\GamePanel.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2092 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2092 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2092 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 3540 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 3540 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 3540 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 2508 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2508 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2508 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2532 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2532 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2532 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3968 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 4116 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 4116 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 4116 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 3540 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
PID 3540 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
PID 3540 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
PID 4884 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
PID 4884 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
PID 3968 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe
PID 3968 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe
PID 3968 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe
PID 3968 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe
PID 3968 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe
PID 3968 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-3346939869-2835594282-3775165920-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-3346939869-2835594282-3775165920-1000"

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x6e3b24a8,0x6e3b24b8,0x6e3b24c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3968 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230320224103" --session-guid=f6034cc1-1b93-4c58-a429-5a0c19daa456 --server-tracking-blob="MjAxM2Y2NWMwODA0MWMyYmE0OWNlMGI1ZmYxMmM2OWMyZGI2ZjA4MDAwOWNlOWU2MDE0MzYwMWEyZTg1MGZjNzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY3OTM0ODQ2MS44ODkxIiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiJiMDkyNDg2OS0yYTdhLTQxMDMtYjQ2Yi1mYTk1ZjI3MjNiNTUifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=DC04000000000000

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x310,0x314,0x318,0x2e0,0x31c,0x6d8724a8,0x6d8724b8,0x6d8724c4

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe"

C:\Windows\System32\GamePanel.exe

"C:\Windows\System32\GamePanel.exe" 00000000000701C4 /startuptips

C:\Windows\System32\bcastdvr.exe

"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0xaf6c28,0xaf6c38,0xaf6c44

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.235.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 70.235.20.104.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 11.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.112:443 features.opera-api2.com tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.3.211:443 download5.operacdn.com tcp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 117.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 211.3.18.104.in-addr.arpa udp
US 20.42.73.24:443 tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 res.tlauncher.org udp
DE 78.46.66.120:80 res.tlauncher.org tcp
US 8.8.8.8:53 120.66.46.78.in-addr.arpa udp
US 8.8.8.8:53 cl1-res.tlauncher.org udp
US 104.20.234.70:443 cl1-res.tlauncher.org tcp
US 8.8.8.8:53 70.234.20.104.in-addr.arpa udp
US 8.8.8.8:53 154.25.221.88.in-addr.arpa udp
DE 78.46.66.120:80 res.tlauncher.org tcp
US 8.8.8.8:53 cdn5-res.tlauncher.org udp
DE 148.251.182.46:80 cdn5-res.tlauncher.org tcp
US 8.8.8.8:53 46.182.251.148.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/3540-128-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/3540-421-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3540-422-0x00000000009E0000-0x00000000009E3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

MD5 05d7bba3d6ac92766c4495b8928202a6
SHA1 50b65a8ba5ed2633e43929ee4bd58c95a91a3363
SHA256 4804f3c4fae714657fdb85e98244828acc6ac938505c2da1ed694ae7b58f2949
SHA512 1544d5cd6f85aaeeacd26f2deb9da9eb510226b41079ee78c4dede14386e5ea3446efdfd475bfbfa3a6846fa2ff23d64f4dad3a4ddd304e32de80e4d7bcbc600

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

MD5 5a7901f7df307fba45b1c377f2c94ccc
SHA1 d6630cf733033cdfbda7af3213d49b32f5b06919
SHA256 d8471d5a5b4792c4b49e80b5cb22ef1e938dc3069b210646704f658548d7a9f8
SHA512 fc0036a7ed4b53edd72b91c4824919e6e8a82b5be1e82cdc134e267ef4792424124fb6ba5d7c86cf686910da0baba8453d7a6c12b39a5b4c0cb70658580f3bc9

memory/3540-451-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

memory/3540-452-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

MD5 bbdf2e8c0262e7e606d41ddbe5a3cd12
SHA1 acbb25f729af14b692ec9c8187a23b1a696f8e47
SHA256 d7c76896d206d977739556ad2d5811f7cf3117252afcd439a5aa0f2b645f6949
SHA512 0334fae3682889adbc18594b7917d8c93252a86bc04d08efc6860d5714ba4eb8aabc39c51e532c4aee57a938021540d2f2899781d9cd1de311036e1850a65067

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 b2f5007a9a87aed014efad8fe9cd22aa
SHA1 dea72555db53c7366916a295def93867e6508892
SHA256 2ffc82fc59efca5a519326eac85e09357db71af0244950480ea53361d37b17dd
SHA512 74b49fdd2d0e7f6e11643ec632446db2b261a65c9328dcfe3db001c3d2b6b85436beff93be1f680cb9d73188074aec0b8f9975cf05f73967e9fc607b80154b65

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 aec508468d53ab8d55f5b4beb82c347d
SHA1 477d1ffb28834243f5811a4a2a54b4f0ca240120
SHA256 ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf
SHA512 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe

memory/2532-489-0x0000000001020000-0x0000000001408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202241013623968.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/3968-507-0x0000000001140000-0x0000000001685000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303202241024243972.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202241024243972.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

memory/3972-534-0x0000000001140000-0x0000000001685000-memory.dmp

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202241035342360.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/2360-549-0x0000000000140000-0x0000000000685000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 a20b5879a95dcafd85ac493c4e7f898b
SHA1 fc4a0d7388e53cb335532d2e5cfbe061ed7fc74a
SHA256 846f69b7f739c74b4804ba36519a838cd952e201f2c23bcd695e6ba5702728f0
SHA512 9dbd9b3d30a86bcaeabf915bd2cb492e27b94951cdc190d6416d4736cfff33901ab73e0ca27cbd6e2c54ee2c35acba2d8dc79d70955ad6e55fb1ca464290a0d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 ae50c3452c755a4e146d4274ca596a36
SHA1 3c96284d01210ad10bc532d9726033d1d2ee6d41
SHA256 dd6124284a303b3ee07af9ee8512b94f6eb5e1a3fdfb5bbea7d210086a600002
SHA512 5aa8f5ec4779d284330e701a7de0ea784f07806efbc8027250516ef8c02d0fed73461f331f9e3e5a7f384f4217f00e20409e7ee3c117db6f384530aebd31f3e0

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202241053774116.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 08f2b33d30837136361330f1c17efc5e
SHA1 319e32238f81281e50d1ecc134f98f9f79a873df
SHA256 ce416994d20f5b35e6868836675c86866d34a639e879e655f3aaba1cd41fd25d
SHA512 5e5179060e67b7e13b7dd2786453241724b57f7ffa30880aa92b2b12cba577fb84493a01210c194a24765833014346211a1a505e09266e3a2c36dbd226df6ae0

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202241056124452.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 e67257370bf633e49137279dead1cb50
SHA1 10799ab52a69054760f23c6a63357eb576eb5e29
SHA256 37cc482dc2851f1ee2db22ed612a76d590c83ba4d1834bce6574cfcb93ad8ffd
SHA512 43ee21fa31be5f398089bd489106510c1026d5186309a3a729d5eebd85e882a2857e3252805afcef30e4c237740f5418eb6fe597ca394914a4acde40673f2cd4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 e67257370bf633e49137279dead1cb50
SHA1 10799ab52a69054760f23c6a63357eb576eb5e29
SHA256 37cc482dc2851f1ee2db22ed612a76d590c83ba4d1834bce6574cfcb93ad8ffd
SHA512 43ee21fa31be5f398089bd489106510c1026d5186309a3a729d5eebd85e882a2857e3252805afcef30e4c237740f5418eb6fe597ca394914a4acde40673f2cd4

memory/3540-585-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

memory/3540-593-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4116-599-0x0000000001140000-0x0000000001685000-memory.dmp

memory/4452-600-0x0000000001140000-0x0000000001685000-memory.dmp

memory/2532-601-0x0000000001020000-0x0000000001408000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 f44c3de74faba14563d79439d9593dc2
SHA1 f070b2a7697acc3c66c8be364da221d1558cd234
SHA256 f1949939128ba7d30eff9c499c2af838e1a4f08a0e4201b99ded070f7a24f5a0
SHA512 05fa7fabd987430ef8f3a4cd24cd08a08686bb35a7d5ced4ccf2aac390f836e77f6b416dc8fb0cac1b96ebb37531fd1c156e5872081dba378cdc3a62bf36ad7a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 2799f9daca46770a871ce1b5eed32e7c
SHA1 a2792f571210a7f38cdbe49391017300ee7b1ce4
SHA256 fc22676f5b6cdae17b78ddfd16bb070687516fbc827a7edd0541f3a32d85c9e9
SHA512 c41f2e4c4ca59d6f9d11fac11296ab87f1b508b5d64e5db7762f2f6dd387aa96206b2b0fa127f17c0b8c24a0b56e81af12d5937474a450222d9c4416c1acb16a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

MD5 3094925a8de871bcc72ae50882d2a6f7
SHA1 9f7894bc4b2a498ad20b14b2b3cac175bf4d7a9f
SHA256 523e7230db0c47a436abbc442db93e41b6f549b32da6c2a10db7a18228491216
SHA512 bf2349354321397652d834507aae4c32885273209d1409b796170292e37ebf35878e2934d3f53545e66724561e646cc660f952e0bb5006cd7a262a790b64e39e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG

MD5 46a65321aa1fce57d465c26e8b6eb392
SHA1 9efb9a3acd5b32556ea66398c74b014f91087559
SHA256 61df7a1f0367209668d4f0f6a285b8baff864d1341d382ebbc7fd4e71036b666
SHA512 094d69016f066ae835c71d7a950217b9ad09e8cd4d74131787203cae950e572c18213dc1ded139b1fa46c7f803cc15bf4f596c9d51aefe0d43850ae2865f3707

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

MD5 fa8aa84ef4bf0de505f6e3447d4b55b3
SHA1 b99654dfa5f6c56857b4f4102af2d27503bcdc74
SHA256 f3b7e85e8e5e41496fb563816fbf79e6640feb1591bd5e0c0b876d80053ad913
SHA512 b3a7d0d5abe554301b8745bd738662d80e439fba8df6f984cc05151ec8c081a61f0538765653e8587b431cdc97d384ee35d17ab3324c06a2ca40a069e1525ba6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

MD5 1f5c8939031a7f93762862cfc88a8e56
SHA1 6dc4df87344db0ddf09c777e7a80d1b5661559b8
SHA256 14be26e969eb15ef7e76e0ad02d8aa0516c5391e8b09dba0a9a6c5f57ae24aba
SHA512 de45d700c86329c704777917863fd1ddeca90d2bed67a72794164882bf15725ce83c7733f664ee0a2af7df54a6be2def729d19237fb2c434115396ac126ff47f

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

MD5 09229c3bfb801177839a7c2e22e33a1b
SHA1 f679c05c4c7b2f3722069420c6d6481fc856e7aa
SHA256 cbf81d779b469942613297a3ca6c09d885e3b1d4aa952dc1994a7175fbfc7e3f
SHA512 503bfa063b29dda95f15da303f707e5b78a6bdb74662c222d8a8b7e3a33264016a66acdd9de44aea932e7cde80a43c2406ea6f0250d3df8e182217bc4a0a7ed7

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG

MD5 d8a095202e08fa1ac2578982e9a486db
SHA1 397ffc8af43ac18466b8df245b4faa6b278659e6
SHA256 28fed2b9a3cbde34da4b6b5d1af2d2844437d21f6dec85b3ca2faa5cd3b512e5
SHA512 ac751386a0004e335f4e5f4ea24bf6a474478c8a7ca54d018734e7cd44b8e9a0eb262b00fe1219b1c62c96b018b08ba6b1056d3a13e64b55c7e70d748a6ae9c6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

MD5 0b445ace8798426e7185f52b7b7b6d1e
SHA1 7a77b46e0848cc9b32283ccb3f91a18c0934c079
SHA256 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6
SHA512 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

MD5 59d6f22fdc11d6b116b38193ed5f4b97
SHA1 cddc7eb2110b3179dd6d1e32b4b37f3568a22ebf
SHA256 782cafea76d24d76885d88ee1302e5f78d75a4e335529dc20ad476fdb9e34744
SHA512 5b0fab5139736d30a69c98ea88d95a5c70f59aab1b82394c58b33617b824447b861a6e6067b62dd1ca1812a4989937e06ad473c6c94376af957871e9e63553fa

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

MD5 1557c08e187b7783083e0b80051fd321
SHA1 2c6ee47799d713e88fd589609b81912a4522044e
SHA256 0c0e74dd07c45833a5dd7ba931e5d528eb16334defdd06171df2f632d6e47842
SHA512 485f69b3878b2bd7fdf52ad020dde2cbc34dd1970aaa4e5eb8f8618f6091b5b827b428447859499c3d61ea9cde2edcbb97c8fb0560cd0aaff50027c0f97ee6f3

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

MD5 5eecdc666e6dc0b8e5e8d2fc3b9cc1b2
SHA1 72a16d461bd2410d5749c6bf939a127683d83a95
SHA256 052f0289886f9cc0931d7026dfe1f5253ad39123479627e37afa5c430e8f8ff1
SHA512 5d465d2c61d97ec2a52db3aeee8d42ececdef08930692842f9c6a41b0611cb774015d369e4fe5186079e97839acc78e8403ea6a6c33ee54a7aef3eea41c3d7db

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG

MD5 03b1d78771eb279766efb2d9f2fa8463
SHA1 8f10e304fd65e58136ccd6ab012ffc594e6fb707
SHA256 eec16d2cb57e38b485b6a269e9c2554c1dfc3b70dec9f7bbddc2b62526b3d832
SHA512 ca51cbaf20e6f62eb6ec69555d259ef61828d3166d09106bcd335dd417ed30660af71e7fd8db6bd22bf134cc530e1a55ecdd2c307e64e8edb28af95299d66f5a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 f10b9a94ea39206c71d6fcdac035a6ae
SHA1 3fa5155b3b353eca7fa0110670d16150252ab034
SHA256 04a77b62afa5da3cec226ed6287a4c96959f58f13d837e5c5496dfeb8113d78b
SHA512 6e38de842cfabcc6272e790ad9a91ecf8ab881a9e1f2079157e5667710c748ef141fed651a2c640a9c8a7f9d5129913295d8050328647d2a897f0e8fd1633b65

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

MD5 5bc85d12eb492baa3be9230f1fbdc342
SHA1 456fe4284fa916ad3817e7c3d419c13f4c949737
SHA256 9a27f240758513aa1cc05500171fe22fdb3a485781cba4798cefc29f6944373c
SHA512 3d55c597ac29d7f810980dfd89404d3ecbd2e652ae1bc5e6710668ad5386a0caecf3149289df13f6dabed6b2e4305a26684ab3bd21b255b37f8a596fe8d641b9

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

MD5 667b0b54ee5ba0d1cb66190226596e46
SHA1 b8658b35e7cf44b24053e4d01d3b51233d6526f6
SHA256 3a9ab8c3640f1b40b33553d7d3dd3d15bd6e702ef510ec0b66a2f14aa744bf83
SHA512 9ccc773214a0074634be66801d81d7a593ab154351fdbd1b93f56ffa80cf824ee31ff2e13f26536d5f3096e90df43fa223080b4dc55340614b076c08ef976dcb

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

MD5 38c12e1a54f8fd216ed3f13b36798cc6
SHA1 ccf1fe585d3374ebce4c1ec025e2d8ec39968a7c
SHA256 608924ba294590b5b706658d9aaa71b480ad9aa1b6797bbc5cf1632ac6c616b1
SHA512 0918af63f006d7fa04a3faeeb813e61c060316a126c4742a948a30f5b6ea368c3b8592011319dad3dbf8427dfcc095aa72f7b651d6fc31061f861f070447331b

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG

MD5 98abbfa2908f51f4eda33f465ccacc03
SHA1 1bd17c0835b1c8196d0a8166b4818b3138f65a28
SHA256 10438b49eeac103534a5fd867888437b761f346cec8714daeb95fdd246cc540a
SHA512 9eaa76ab654a786f5af84e9a20e7d0efb22ee00977e662ab5a057da1aff1a7552150bba0253704f00e60115347bfb4fe1784a703ad3846e221dbee41ea7a1470

memory/3540-1553-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG

MD5 0f414e91b67121d55587e7c004f35cb2
SHA1 6d63b4c6fa858f8cfd4b257600037e9c370355a8
SHA256 015dd2b2df51cd90438286d28b5719cbdf9a2e7bebf326b99c6c091ad98e4cc1
SHA512 1b7d8bbb97f6acb4984cd93578b5045cd4ce0813645a28d3b778489b646194e68b2a931f26a9c6a7026f98de29719132972eb983d771affdfe42c42622b786e9

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

memory/4884-1838-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3540-1839-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

memory/2532-1852-0x0000000001020000-0x0000000001408000-memory.dmp

memory/1188-1857-0x0000000001110000-0x0000000001111000-memory.dmp

memory/1188-1870-0x0000000001110000-0x0000000001111000-memory.dmp

memory/1188-1894-0x0000000001110000-0x0000000001111000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar

MD5 41f66d1d4d250efebde3bbf8b2d55dfa
SHA1 eeb69005da379a10071aa4948c48d89250febb07
SHA256 9b9df27a5b8c7864112b4137fd92b36c3f1395bfe57be42fedf2f520ead1a93e
SHA512 109a1595668293b32376e885ad59e0e4c0e088ea00f58119f0f7d0d2055f03eb93a9f92d974b6dbd56ef721792ac03c889d9add3a2850aa7ccd732c2682d17ef

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extentions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar

MD5 65912196b6e91f2ceb933001c1fb5c94
SHA1 af799dd7e23e6fe8c988da12314582072b07edcb
SHA256 663728123fb9a6b79ea39ae289e5d56b4113e1b8e9413eb792f91e53a6dd5868
SHA512 60b15182130ddfd801dd0438058d641dd5ba9122f2d1e081eb63f5e2c12fff0271d9d47c58925be0be8267ed22ae893ea9d1b251faba17dc1d2552b5d93056de

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar

MD5 43bfc49bdc7324f6daaa60c1ee9f3972
SHA1 6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9
SHA256 58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4
SHA512 834f2bf4a5b35edffde0263409649aeaf34ca9a742ba511a06bb9b01626f9e774d2d3c8ba91a7905929dc8cd5e6471de29f7d0ab10260ece2af709b7fdbe4bc3

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar

MD5 04177054e180d09e3998808efa0401c7
SHA1 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
SHA512 3f44a932d8c00cfeee2eb057bcd7c301a2d029063e0a916e1e20b3aec4877d19d67a2fd8aaf58fa2d5a00133d1602128a7f50912ffb6cabc7b0fdc7fbda3f8a1

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar

MD5 289075e48b909e9e74e6c915b3631d2e
SHA1 6975da39a7040257bd51d21a231b76c915872d38
SHA256 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
SHA512 e126b7ccf3e42fd1984a0beef1004a7269a337c202e59e04e8e2af714280d2f2d8d2ba5e6f59481b8dcd34aaf35c966a688d0b48ec7e96f102c274dc0d3b381e

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar

MD5 04a41f0a068986f0f73485cf507c0f40
SHA1 5af35056b4d257e4b64b9e8069c0746e8b08629f
SHA256 1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9
SHA512 3f12937a69ba60d0f5e86265168d6a0d069ce20d95b99a3ace463987655e7c63053f4d7e36e32f2b53f86992b888ca477bf81253ad04c721896b397f94ee57fc

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\3.7\picture-bundle-3.7.jar

MD5 904094a40b7d81b12936f43b49952922
SHA1 5ccf048dd51a7d0cdd59a1ea6ce2e3b167feacf3
SHA256 0cd5746118a3a38b7e6126770bc53c0f7c4641fab786e3d6004a4caace4fc536
SHA512 36e2bc67d73319b8f10a572ee3ca6f541aa51ca16c1efea9430111f3a058c9c922a43865b064811117f1c3892e39aee3bc79d7fc5ce20ccd75a13d447ca68911

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar

MD5 acbc8aa5ba5cdddf5f1e67befe8cc597
SHA1 63b4bf89744b532e65c1afa3294743d2b3798f2b
SHA256 1f46b3a163012f9729905633b5e5e03ce385066ae43138a564729c942f9ca6b9
SHA512 d974a032d9af451c0dd51fbc0d64840f3e03eb502f40e4ab60d6722913b8a48d44a75752fcff60656e4d19089570a894222959745af11bcdf93ea1544192fee3

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar

MD5 13a8e72587ac6eacfb0986f75e51eb7c
SHA1 6c3daf89705427f73e6106d2d4d9619e99c5ecb5
SHA256 1fcffa073f722737431e2699b1f3ea48b92a3b825397d8f0d1464e4d4d15a014
SHA512 134735390415f60d0c42ff33a060bda508e273b35fc9aab271c20ff23f331b51cf3fa36443009e0987049f6bfb22c4098a1473e65ea0349e719fbf4b528f344e

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar

MD5 51050e595b308c4aec8ac314f66e18bc
SHA1 9c64274b7dbb65288237216e3fae7877fd3f2bee
SHA256 86f30fa8775fa3a62cdb39d1ed78a6019164c1058864048d42cbee244e26e840
SHA512 c5c130bf22f24f61b57fc0c6243e7f961ca2a8928416e8bb288aec6650c1c1c06ace4383913cd1277fc6785beb9a74458807ea7e3d6b2e09189cfaf2fb9ab7e1

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar

MD5 39c6476e4de3d4f90ad4ca0ddca48ec2
SHA1 ee9e9eaa0a35360dcfeac129ff4923215fd65904
SHA256 26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5
SHA512 fd04c19bce810a1548b2d2eaadb915cff2cbc81a81ec5258aafc1ba329100daedc49edad1fc7b254ab892996796124283d7004b5414f662c0efa3979add9ca5f

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar

MD5 8667a442ee77e509fbe8176b94726eb2
SHA1 5fe28b9518e58819180a43a850fbc0dd24b7c050
SHA256 734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b
SHA512 b1b556692341a240f8b81f8f71b8b5c0225ccf857ce1b185e7fe6d7a9bb2a4d77823496cd6e2697a20386e7f3ba02d476a0e4ff38071367beb3090104544922d

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar

MD5 948dda787593340a7af1a18e328b7b7f
SHA1 9141212b8507ab50a45525b545b39d224614528b
SHA256 ade7402a70667a727635d5c4c29495f4ff96f061f12539763f6f123973b465b0
SHA512 6e41ff42f12deedb8da06cbed73d0a9a5389660b7ee058436f8fcb6b14a6ab3105faf8e3f2c007d38ccc85af1e704505b84be5a80d8e68a434aae82b54b85f70

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\httpcomponents\fluent-hc\4.5.13\fluent-hc-4.5.13.jar

MD5 8f7e4f1a95a870ebee87ddacc425362c
SHA1 300bf1846737e34b9ea10faae257ca8fdcd0616f
SHA256 f883b6b027d5e05c53e48e4fe3548715c52dbd590ffa3f52d039574f1a4d0728
SHA512 98e30ed27d6ac078450efe5e236117445c93e05eb280399e056816c52643a3a33adce5e3a885ce8488186f38d05e0fb6c65dfcbaa509be8c6047ef2f0870d9b0

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar

MD5 540f330717bca9d29c8762cf6daca443
SHA1 eed8a2cbf56cc60d07a189a429ead3067564193c
SHA256 52de1ff2a7556ac2cc4284abd7123bc3d6274210fc4e3b1d9ba90efad5f6a153
SHA512 a4bcb8bbb43906f42faf1802c504ccc9c616e49afd5dd7db77676d13aaed79a300979ffc2195b680a9c6d5f03466b611b6f1338d824099816aa224b234760f4b

C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar

MD5 75a215b9e921044cd2c88e73f6cb9745
SHA1 18cc717b85af0b12ba922abf415c2ff4716f8219
SHA256 7c764fa1af319b98ff452189ab31bb722ea74ed7a52b17b0c6282249c10a61fc
SHA512 1a44af2f3f8dbfbf38ad5f71ef11b32d5822d734f77af2cdea419fb6af845e894acb60bffbcebb4533068d86b55a22a8b0f74be20b204c2343bdb165d9c787f9

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\opera_package

MD5 c986c8f3ec1d6b1e960bb86773dd709d
SHA1 ade1122d90add9ba8135e7bd790fcb4a3fe28e36
SHA256 cf0f8d1fed7d35138bfa446c7fcdcd2da8bdef19fd8a886c03b8b9d7047cc394
SHA512 ab1541786b1efbc20dd6b5cebba4b483c0bf3939f92b0e90cf8c9e65bde873c8f82b420418e10d0f05e4f4586fd6a78ba9e5967c19347c26487ac602d9296714

memory/1188-1939-0x0000000001110000-0x0000000001111000-memory.dmp

memory/1188-1945-0x0000000001110000-0x0000000001111000-memory.dmp

memory/1188-1953-0x0000000001110000-0x0000000001111000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\additional_file0.tmp

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202241031\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 e67257370bf633e49137279dead1cb50
SHA1 10799ab52a69054760f23c6a63357eb576eb5e29
SHA256 37cc482dc2851f1ee2db22ed612a76d590c83ba4d1834bce6574cfcb93ad8ffd
SHA512 43ee21fa31be5f398089bd489106510c1026d5186309a3a729d5eebd85e882a2857e3252805afcef30e4c237740f5418eb6fe597ca394914a4acde40673f2cd4

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre-8u281-windows-x64.tar.gz

MD5 1e7cc90cbe9aefe11ae9764500e95ce4
SHA1 ad930cd351e545d20e0aab59e6c22a954e5b0e82
SHA256 93db2d29b7d0001e7532a9092bc3b76401deee983985cf52605928f6e8efa2c4
SHA512 70ffcfc0c8a021c9b207f4cd7243f9b3171b877d9f86989dd9ac861b2f533e2187aa2929d97af97268da94174d18d988276496f397b2a7fc70511608e48b9e6c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\api-ms-win-core-console-l1-1-0.dll

MD5 919e653868a3d9f0c9865941573025df
SHA1 eff2d4ff97e2b8d7ed0e456cb53b74199118a2e2
SHA256 2afbfa1d77969d0f4cee4547870355498d5c1da81d241e09556d0bd1d6230f8c
SHA512 6aec9d7767eb82ebc893ebd97d499debff8da130817b6bb4bcb5eb5de1b074898f87db4f6c48b50052d4f8a027b3a707cad9d7ed5837a6dd9b53642b8a168932

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-console-l1-2-0.dll

MD5 7676560d0e9bc1ee9502d2f920d2892f
SHA1 4a7a7a99900e41ff8a359ca85949acd828ddb068
SHA256 00942431c2d3193061c7f4dc340e8446bfdbf792a7489f60349299dff689c2f9
SHA512 f1e8db9ad44cd1aa991b9ed0e000c58978eb60b3b7d9908b6eb78e8146e9e12590b0014fc4a97bc490ffe378c0bf59a6e02109bfd8a01c3b6d0d653a5b612d15

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-debug-l1-1-0.dll

MD5 b0e0678ddc403effc7cdc69ae6d641fb
SHA1 c1a4ce4ded47740d3518cd1ff9e9ce277d959335
SHA256 45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1
SHA512 2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-file-l2-1-0.dll

MD5 3bf4406de02aa148f460e5d709f4f67d
SHA1 89b28107c39bb216da00507ffd8adb7838d883f6
SHA256 349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e
SHA512 5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-file-l1-2-0.dll

MD5 35bc1f1c6fbccec7eb8819178ef67664
SHA1 bbcad0148ff008e984a75937aaddf1ef6fda5e0c
SHA256 7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7
SHA512 9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-file-l1-1-0.dll

MD5 580d9ea2308fc2d2d2054a79ea63227c
SHA1 04b3f21cbba6d59a61cd839ae3192ea111856f65
SHA256 7cb0396229c3da434482a5ef929d3a2c392791712242c9693f06baa78948ef66
SHA512 97c1d3f4f9add03f21c6b3517e1d88d1bf9a8733d7bdca1aecba9e238d58ff35780c4d865461cc7cd29e9480b3b3b60864abb664dcdc6f691383d0b281c33369

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-datetime-l1-1-0.dll

MD5 ac51e3459e8fce2a646a6ad4a2e220b9
SHA1 60cf810b7ad8f460d0b8783ce5e5bbcd61c82f1a
SHA256 77577f35d3a61217ea70f21398e178f8749455689db52a2b35a85f9b54c79638
SHA512 6239240d4f4fa64fc771370fb25a16269f91a59a81a99a6a021b8f57ca93d6bb3b3fcecc8dede0ef7914652a2c85d84d774f13a4143536a3f986487a776a2eae

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 94788729c9e7b9c888f4e323a27ab548
SHA1 b0ba0c4cf1d8b2b94532aa1880310f28e87756ec
SHA256 accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187
SHA512 ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-handle-l1-1-0.dll

MD5 bbafa10627af6dfae5ed6e4aeae57b2a
SHA1 3094832b393416f212db9107add80a6e93a37947
SHA256 c78a1217f8dcb157d1a66b80348da48ebdbbedcea1d487fc393191c05aad476d
SHA512 d5fcba2314ffe7ff6e8b350d65a2cdd99ca95ea36b71b861733bc1ed6b6bb4d85d4b1c4c4de2769fbf90d4100b343c250347d9ed1425f4a6c3fe6a20aed01f17

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-interlocked-l1-1-0.dll

MD5 a038716d7bbd490378b26642c0c18e94
SHA1 29cd67219b65339b637a1716a78221915ceb4370
SHA256 b02324c49dd039fa889b4647331aa9ac65e5adc0cc06b26f9f086e2654ff9f08
SHA512 43cb12d715dda4dcdb131d99127417a71a16e4491bc2d5723f63a1c6dfabe578553bc9dc8cf8effae4a6be3e65422ec82079396e9a4d766bf91681bdbd7837b1

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 8acb83d102dabd9a5017a94239a2b0c6
SHA1 9b43a40a7b498e02f96107e1524fe2f4112d36ae
SHA256 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413
SHA512 b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d75144fcb3897425a855a270331e38c9
SHA1 132c9ade61d574aa318e835eb78c4cccddefdea2
SHA256 08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f
SHA512 295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-heap-l1-1-0.dll

MD5 3a4b6b36470bad66621542f6d0d153ab
SHA1 5005454ba8e13bac64189c7a8416ecc1e3834dc6
SHA256 2e981ee04f35c0e0b7c58282b70dcc9fc0318f20f900607dae7a0d40b36e80af
SHA512 84b00167abe67f6b58341045012723ef4839c1dfc0d8f7242370c4ad9fabbe4feefe73f9c6f7953eae30422e0e743dc62503a0e8f7449e11c5820f2dfca89294

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 cff476bb11cc50c41d8d3bf5183d07ec
SHA1 71e0036364fd49e3e535093e665f15e05a3bde8f
SHA256 b57e70798af248f91c8c46a3f3b2952effae92ca8ef9640c952467bc6726f363
SHA512 7a87e4ee08169e9390d0dfe607e9a220dc7963f9b4c2cdc2f8c33d706e90dc405fbee00ddc4943794fb502d9882b21faae3486bc66b97348121ae665ae58b01c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 f43286b695326fc0c20704f0eebfdea6
SHA1 3e0189d2a1968d7f54e721b1c8949487ef11b871
SHA256 aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43
SHA512 6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-memory-l1-1-0.dll

MD5 808f1cb8f155e871a33d85510a360e9e
SHA1 c6251abff887789f1f4fc6b9d85705788379d149
SHA256 dadbd2204b015e81f94c537ac7a36cd39f82d7c366c193062210c7288baa19e3
SHA512 441f36ca196e1c773fadf17a0f64c2bbdc6af22b8756a4a576e6b8469b4267e942571a0ae81f4b2230b8de55702f2e1260e8d0afd5447f2ea52f467f4caa9bc6

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-processthreads-l1-1-0.dll

MD5 e173f3ab46096482c4361378f6dcb261
SHA1 7922932d87d3e32ce708f071c02fb86d33562530
SHA256 c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14
SHA512 3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 e1ba66696901cf9b456559861f92786e
SHA1 d28266c7ede971dc875360eb1f5ea8571693603e
SHA256 02d987eba4a65509a2df8ed5dd0b1a0578966e624fcf5806614ece88a817499f
SHA512 08638a0dd0fb6125f4ab56e35d707655f48ae1aa609004329a0e25c13d2e71cb3edb319726f10b8f6d70a99f1e0848b229a37a9ab5427bfee69cd890edfb89d2

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-profile-l1-1-0.dll

MD5 0233f97324aaaa048f705d999244bc71
SHA1 5427d57d0354a103d4bb8b655c31e3189192fc6a
SHA256 42f4e84073cf876bbab9dd42fd87124a4ba10bb0b59d2c3031cb2b2da7140594
SHA512 8339f3c0d824204b541aecbd5ad0d72b35eaf6717c3f547e0fd945656bcb2d52e9bd645e14893b3f599ed8f2de6d3bcbebf3b23ed43203599af7afa5a4000311

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9c9b50b204fcb84265810ef1f3c5d70a
SHA1 0913ab720bd692abcdb18a2609df6a7f85d96db3
SHA256 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40
SHA512 ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-string-l1-1-0.dll

MD5 7a15b909b6b11a3be6458604b2ff6f5e
SHA1 0feb824d22b6beeb97bce58225688cb84ac809c7
SHA256 9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234
SHA512 d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 9d43b5e3c7c529425edf1183511c29e4
SHA1 07ce4b878c25b2d9d1c48c462f1623ae3821fcef
SHA256 19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328
SHA512 c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-synch-l1-2-0.dll

MD5 d175430eff058838cee2e334951f6c9c
SHA1 7f17fbdcef12042d215828c1d6675e483a4c62b1
SHA256 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a
SHA512 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-synch-l1-1-0.dll

MD5 6c3fcd71a6a1a39eab3e5c2fd72172cd
SHA1 15b55097e54028d1466e46febca1dbb8dbefea4f
SHA256 a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26
SHA512 ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 285dcd72d73559678cfd3ed39f81ddad
SHA1 df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a
SHA256 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44
SHA512 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-conio-l1-1-0.dll

MD5 031dc390780ac08f498e82a5604ef1eb
SHA1 cf23d59674286d3dc7a3b10cd8689490f583f15f
SHA256 b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede
SHA512 1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-util-l1-1-0.dll

MD5 735636096b86b761da49ef26a1c7f779
SHA1 e51ffbddbf63dde1b216dccc753ad810e91abc58
SHA256 5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3
SHA512 3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 43e1ae2e432eb99aa4427bb68f8826bb
SHA1 eee1747b3ade5a9b985467512215caf7e0d4cb9b
SHA256 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c
SHA512 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 5cce7a5ed4c2ebaf9243b324f6618c0e
SHA1 fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3
SHA256 aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3
SHA512 fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 41fbbb054af69f0141e8fc7480d7f122
SHA1 3613a572b462845d6478a92a94769885da0843af
SHA256 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c
SHA512 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 212d58cefb2347bd694b214a27828c83
SHA1 f0e98e2d594054e8a836bd9c6f68c3fe5048f870
SHA256 8166321f14d5804ce76f172f290a6f39ce81373257887d9897a6cf3925d47989
SHA512 637c215ed3e781f824ae93a0e04a7b6c0a6b1694d489e9058203630dcfc0b8152f2eb452177ea9fd2872a8a1f29c539f85a2f2824cf50b1d7496fa3febe27dfe

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-locale-l1-1-0.dll

MD5 242829c7be4190564becee51c7a43a7e
SHA1 663154c1437acf66480518068fbc756f5cabb72f
SHA256 edc1699e9995f98826df06d2c45beb9e02aa7817bae3e61373096ae7f6fa06e0
SHA512 3529fde428affc3663c5c69baee60367a083841b49583080f0c4c7e72eaa63cabbf8b9da8ccfc473b3c552a0453405a4a68fcd7888d143529d53e5eec9a91a34

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-math-l1-1-0.dll

MD5 fb79420ec05aa715fe76d9b89111f3e2
SHA1 15c6d65837c9979af7ec143e034923884c3b0dbd
SHA256 f6a93fe6b57a54aac46229f2ed14a0a979bf60416adb2b2cfc672386ccb2b42e
SHA512 c40884c80f7921addced37b1bf282bb5cb47608e53d4f4127ef1c6ce7e6bb9a4adc7401389bc8504bf24751c402342693b11cef8d06862677a63159a04da544e

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 a5b920f24aea5c2528fe539cd7d20105
SHA1 3fae25b81dc65923c1911649ed19f193adc7bdde
SHA256 5b3e29116383ba48a2f46594402246264b4cb001023237ebbf28e7e9292cdb92
SHA512 f77f83c7fad442a9a915abcbc2af36198a56a1bc93d1423fc22e6016d5cc53e47de712e07c118dd85e72d4750ca450d90fdb6f9544d097afc170aeecc5863158

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 f816666e3fc087cd24828943cb15f260
SHA1 eae814c9c41e3d333f43890ed7dafa3575e4c50e
SHA256 45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a
SHA512 6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 6f1a1dfb2761228ccc7d07b8b190054c
SHA1 117d66360c84a0088626e22d8b3b4b685cb70d56
SHA256 c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed
SHA512 480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 143a735134cd8c889ec7d7b85298705b
SHA1 906ac1f3a933dd57798ae826bbefa3096c20d424
SHA256 b48310b0837027f756d62c37ea91af988baa403cbcbd01cb26b6fdae21ea96a2
SHA512 c9abe209508afae2d1776391f73b658c9a25628876724344023e0fc8a790ecb7dbce75fddae267158d08a8237f83336b1d2bd5b5ce0a8eed7dd41cbe0c031d48

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 29680d7b1105171116a137450c8bb452
SHA1 492bb8c231aae9d5f5af565abb208a706fb2b130
SHA256 6f6f6e857b347f70ecc669b4df73c32e42199b834fe009641d7b41a0b1c210af
SHA512 87dcf131e21041b06ed84c3a510fe360048de46f1975155b4b12e4bbf120f2dd0cb74ccd2e8691a39eee0da7f82ad39bc65c81f530fc0572a726f0a6661524f5

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 883120f9c25633b6c688577d024efd12
SHA1 e4fa6254623a2b4cdea61712cdfa9c91aa905f18
SHA256 4390c389bbbf9ec7215d12d22723efd77beb4cd83311c75ffe215725ecfd55dc
SHA512 f17d3b667cc8002f4b6e6b96b630913fa1cb4083d855db5b7269518f6ff6eebf835544fa3b737f4fc0eb46ccb368778c4ae8b11ebcf9274ce1e5a0ba331a0e2f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-process-l1-1-0.dll

MD5 dd899c6ffecce1dca3e1c3b9ba2c8da2
SHA1 2914b84226f5996161eb3646e62973b1e6c9e596
SHA256 191f53988c7f02dd888c4fbf7c1d3351570f3b641146fae6d60acdae544771ae
SHA512 2db47faa025c797d8b9b82de4254ee80e499203de8c6738bd17ddf6a77149020857f95d0b145128681a3084b95c7d14eb678c0a607c58b76137403c80fe8f856

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\api-ms-win-crt-private-l1-1-0.dll

MD5 5c2004daf398620211f0ad9781ff4ec2
SHA1 e43dd814e90330880ee75259809eee7b91b4ffa6
SHA256 55bc91a549d22b160ae4704485e19dee955c7c2534e7447afb84801ee629639b
SHA512 11edbbc662584bb1dea37d1b23c56426b970d127f290f3be21cd1ba0a80d1f202047abb80d8460d17a7cacf095de90b78a54f7c7ec395043d54b49ffe688df51

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\awt.dll

MD5 d490a92ad643cdaa908acc6c523331ec
SHA1 685485b7cfd294c23a49a67951c082b76472631c
SHA256 3dabdf89394fb5b3c87a7a148b53b6869698eb656d1edf6a88059f3fc8bee08f
SHA512 2d5addcee9308362187839925e27e16b36f458fa64eb45a50157c5d19b93ecdcb98d2c4d43433f009c509adce89da6130a70f92b259217704ed9c06bc1258b07

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\bci.dll

MD5 8e57838d8353c27b6829acd776dff101
SHA1 079218bb58f2256148a0aa04a7adf10a1849cd50
SHA256 37c897cb22573c16ddfbc1d7f227d8081f449136b22e418d3b0fc78fcdd47081
SHA512 992e0093c451d35b6b8251cb5128d1ffc2d62cef2742fd3b1aaf7d16783922ab5b80cc1ac65097a071862657b51612acfd093534e266c64711cc2b56c108e920

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\eula.dll

MD5 e89aa9d7c55f98d339a49ce2f7fa1621
SHA1 d52aa48e73bf59cd790ba4c2f5cda631822e4a04
SHA256 7c6714f9fa1e4d6b8c87b99090def9bc06a3d7f11bab42864dc4349f2401f1f5
SHA512 f1a09013a1eafc5ff86d1890e90a7add5ba4d410787d2de986811053755f42942a8b9a467b49fae4558b4b053651e8f2935a038bf4a0e63a4bc3be099dbab759

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\dt_socket.dll

MD5 410247c1e2d6fe985495a743f3470585
SHA1 af3b172ed825dbffc86b6bac3db15c4313e9ac08
SHA256 ff8007c358fb0a8e72c436b96bcc0cdc07641628bcc1162d85ba99f20268c4ec
SHA512 ec5d74edf21a16fd0ebfed506cecbd0e1e53e18363850322c0a7368ca1d745d7170bf8c6c5cbcd01947727aec747d567f86a0601856bf3a9fb033e487804a8ca

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\dtplugin\npdeployJava1.dll

MD5 c6705167c7d1ecc1ffda84501d327349
SHA1 13bc19a74199e1b065791481ef566517d60b79d5
SHA256 9e8ca7fc15b88b5c1c46d9373e29023247dab6f2cb756de35ba1f999ffc0a1b2
SHA512 440c6097a9dce104ce02749ec98cdf469db08985903b577e2595dfff2dd92fe6c50620c3a16e1b8781ac17b0da50694c4f1c451571e076f9229619dbe6ffac1d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\dt_shmem.dll

MD5 4c4736ec42f9fe5a625e1075d5a4ba76
SHA1 f801d4f4683216f397a4a7de068093ef9d721689
SHA256 65d7a60a309697026ce202a19c9efb475f48a860be3b5e3bb87d985ab7235a57
SHA512 e75fe34fa5745f5014aa2c45b713f0498d621ebf04dd364541f2d34e79a048e51fb34784fa9c399d316f20b38f7b42cbad565bb053bebc98414e9df9d17b1a40

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\dtplugin\deployJava1.dll

MD5 5466b1d563c7eee2abe0869b1026782c
SHA1 cd2b2a0f6bc6c770778b8d0795f9dd1be692b0a5
SHA256 e3b3f41eb00a2605c50fcb9c01be50fcf4bf6d16b06ee9f0d791b7a763ed9ec3
SHA512 2450e03945e0fc708a0f6dfc259e23a197d3e7c1a244d88b2e0115aa74cfd4f32aefb9705e69c83388c163ab51b929f93c0b083cf980f414684acc483f02cee8

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\decora_sse.dll

MD5 44fd71d6208e200a8531d1aaecfec0e0
SHA1 3aaf7431274da063441854b12b2eee9327714d7f
SHA256 49c665210084dd50379f5c83418896eb86d1d6700d94bbbaef8f9394c598e9af
SHA512 9d10601b56c7f1cf4de0288224e23897da9ddb5f0f6beb26acce6486a20a25046ac4bc60ff5179123d4a0fd8fcab7872a36426c09f0775a428c09a3fc52afb2d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\deploy.dll

MD5 c5b2c293650ecea377b5c586ccb035cc
SHA1 21855c9a5ac053143a6953a953bccb2556536362
SHA256 8f57325b5149713806d427f365083328837209aa26961f5b274b828f2718776d
SHA512 0b68f5c495e3238bb5b81d3d8f213208ec48f528629c4632801822a299e0747cab49f001bcd1c055e75c314703383052b2ac7605080643202e14ffbe233a1cfb

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\dcpr.dll

MD5 f6d39ff988711a4ccd27c661e995e56e
SHA1 bc8312b511e45338522314644cfe879d7e868efb
SHA256 3b2e8a2045363c6dc21afa5c11ab68b0288ece7b7dc439abeac425578cf406c3
SHA512 ebcce9d61b4d2a56edefcd69c98992bfb973bf4df6961ac2aaf7b37032751026854d9cad83b1bc9dfadb57b189f15696a6bf60601e25a0e80a70a3fd954b968b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\fontmanager.dll

MD5 87b86cda1d6df190d8471ed546256428
SHA1 a36169d7b8fa248a6647571c0319c7ac54e815a8
SHA256 8a96e6e5aac86ca14b4014773309beda90cc281eae2253dda3b4a0e469a3ce46
SHA512 201034c28707382c0bcc397ce1a2bfa81567723e29d3e484733a4fc5d4dcef84d099f96fc963e442e8823fdf1a4305231321c9603a7c166e3432f6fd88ed3151

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\glib-lite.dll

MD5 f2179d1d0c374bf3021e3186892acacd
SHA1 0ac7054b9a46aeaae965aa5f6a9ee423e9fca1b7
SHA256 556272977bcbb95ce0583e0e022c703f099ee2c3f78c057e9b11fd6ca7227f96
SHA512 6c4a880b3dadf2a7e3c929024e514f58db0c90e5a0f87cde4c95ca6b3a32ecf9517058c0163550e1615ebbd2505a0217b5b7beef33376e08b969b9cdc0ee1bf8

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\fxplugins.dll

MD5 2cb0aba2aaeccee0e64b48c7dc5e0c13
SHA1 13fa9458be298dde5573e83f0eaa099d88c4fe59
SHA256 d255ee9c855ebafc48f05f0844bb2eb1a7b5ae82842fff8484aa2e09616e9e3f
SHA512 b2dedbaf417e0851eff71c17467348a3fe52072afe2a97a73001ad40f8a2aa5fb7af8cc8722ba135dbf5b8db0682994c69236c089e612025004b9d75d7e076a5

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\glass.dll

MD5 1bfe0ca4030a9b0652079802c5a8f065
SHA1 7487b68b6440265609eb1e181a3eb7e61f90376d
SHA256 3786c96847b57d25dac2244c179051a3e9dff6a698dcef6d25581b725a5bc1c4
SHA512 c2b4419447b693647be1f0c2345da3cc0cf8272720c9712726d89c95b759d44797c279e51f244dcc84805ba89e6b9055391a1b65540d84ed57da060a98cbd097

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\gstreamer-lite.dll

MD5 622fd8994d2a6c32e5d0806df7a074e2
SHA1 088c5848a407342474dc3b3b78a76b016ef9b06f
SHA256 1193c9770a37da882664096783040c3bab8b79ab8782beebf4b1a1ac438a2a7b
SHA512 44ba498e8fc1fe37e425c1637f4fd12ae1c974eb8a61e68126e3dc03fc1c3146398012ec1b07641496d08d7d4d685bc0414677d085a98774b18155c093bb9567

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\hprof.dll

MD5 e6786f2ac8baf5e52815466cf7647bf2
SHA1 5d1fc0885a6ffde2803f8080696afbb3ebcda8c8
SHA256 aef5825bc6bcdd0787e9ad8a66130e7264adf809cf077ac5a4014a82c1e02ff3
SHA512 67cfabca24d232fd121df085fb04cac3ac9f256d26993e3ef2dee38972b58c132173fe1c577b726ead35b275864c578326c1fce14b0433bc9bec86266175f68c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jaas_nt.dll

MD5 e9b3538e0c65eeda59c0314a43a5628a
SHA1 39dff196e5df61f669bc7c164c44241609dd3b95
SHA256 7de04d5c23a6bea207e61b8916e30a91051f0cad4ed03db1b434e7c6ea615ea9
SHA512 afcaa97ab18334bd13bcc61fde33cb8c6acacae6177ebcf2797638f55d8da6bc45a4c793ce5141b2e6a27017b512f9f9dd162eb719dc59010385fee9efc9cbf4

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\j2pkcs11.dll

MD5 d8e9609228a58f6ee0f2c65f0951da50
SHA1 88110286f8ccb34e590f2810d052b92063a29354
SHA256 1194b079a5f6722e643bf8dc7034515bb1428038172369203dd7c7f01535ce39
SHA512 6a8b8ba2f707dec2e1e8767b8319452e48bb722c832f1d7f4e0bc75a8217c5ab0a8a50d2f3ac61aa265085fd5ac7cfb7f6c9bb9ac4e06ed6c55706db293048e0

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\j2pcsc.dll

MD5 3122ed91712925c702c8485eda5d973f
SHA1 0fb2a7e7f93c77cb7c73b705376b5d9e25c02975
SHA256 45d59e544a4ce244ebe2259f339d2f8c9a0d5c08fec58e23e9eada3f6a97be42
SHA512 e7f6c27f333fe64d5ff1791fea5fce178bc7e5a4870ab2e875b387b8adf1143c2ba52311231daf28eab5dc8a79d63b53d6d59ceee283e2f482705b41e55c4b5c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\instrument.dll

MD5 ff77f28ced53c635eefbc89495753e5d
SHA1 cbe5a5487661a64f38e05f226241a8ddb84083df
SHA256 4bf36c2c0f485b767d59d204a91dbf4ceb06568ab86d092bb8041a22ac4fde78
SHA512 65079278158f3e9cab0854becc94fbbcebcb4ecc6f89f3a6fe173a4a378033a545f12d093a4760601e8d0ef7baf04f5679458d0e496099c748f26ea10c3480bd

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\JavaAccessBridge-64.dll

MD5 7f5215e9f978c38587339e017eddf273
SHA1 b3f131ca5a2517474099f02c79cc61dfe37064ba
SHA256 1c6f684bf75232e3f6b5f2f1f984741fa07cb07e2e335fb2b5b2d6b46c63c555
SHA512 14d3e61caef04491a319361007c9f2974dd94294331e651318bb7b9985980b2a11b8c520f6544016d0bae79027bbcfef5eca25720cfe71ce7483ecf7cc4da29f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\javafx_iio.dll

MD5 478670109cdd98a317fcf0a392735e8d
SHA1 c76913bc9dabe37b927a1857705705bbceab809e
SHA256 e8e102d6f1a07440d57f7b30ada46671562c1f22f31486e789a0dadcdcc0154d
SHA512 8d5e42947b655a4b6e25498a971135d3955890e6ead6eb9bfb425afa8b849b78a2642a38c94705efe13a493367235181a877025bfe18450d97d6c3e732f1994f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jfxmedia.dll

MD5 2d146e5a772b59b798faf9424968e7cd
SHA1 d22fc56f02558b3ca051e07bb88f4e8712223ac9
SHA256 10da28d64cb67a7bf3ad157db48c9bfbbbc839efbd57b66bda2cf51e6973bb48
SHA512 d41b9024bfb692d8dadb1ff5ee4db0e24e39ed593a6792816ff0448e09cd263ab3c7061017b0ca42361c80748b9fc9bd8b413c520fd85b9566281f8952132a72

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jfxwebkit.dll

MD5 d4d6ffc8c324f8b388dbc3a12c5e29cc
SHA1 c92c02cdac9c72594b4098376049048df8ce99fd
SHA256 045ecd4b20f38ff8feb826caf319ae211eb69bace309b3c8ef5e410161239052
SHA512 de3a08437aef372963925b7dfb16692b5a81862bf65540e64c93ddba9b24fd728ad7ebe59e771b5e9630ffe0ec6f244631d4b43477886f088fab7328f0229687

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jfr.dll

MD5 74d62b779bdbd5ff541a8eccbc2eead5
SHA1 752365939c5f4a1f378ab136e6474bbdda1af19a
SHA256 f7fda38c0d1aca4a3a912408094dbee0404b3cc2ef1e460b891f3e50b805b3a6
SHA512 1c82a082baa740b3de562d26a6add39b70223d4e77923480ced56871dc1134358cead2ca792a704bf77014f1cc983231e158169794142806dd4b95819eb0bdea

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jdwp.dll

MD5 7a8d04f34af6ee50ceae3789e0cacbc3
SHA1 efb55b885b4dae389919f3cb5cadf7eebce62a63
SHA256 7a951fa676508723b79e3e206ad2e9a3b627f658b3078b92c8456b076caf6c2a
SHA512 5d2496cf8808965c5153dc0b5fb5467537e0ee4aad0b9e92e7c3dd352edba76d648e87e2da8a8f87da669298e8e5f3e69b380d3cba322eecf5b669bbc62b1689

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\JAWTAccessBridge-64.dll

MD5 a80d422ddf4449546f3decf01032a035
SHA1 cb85cae8d5aa5992a7a25ec6ce7799662d90daaf
SHA256 36281bee3a089620283cf8e85e9b839a004b48dc952b523949922612a2e35146
SHA512 d1e3e49140867eb89433c1e9a19a8ff489846ad79bfb278d4bea24ebed16efec09177962878be9a7057d51f52d29921e170f2fe308425de6d552f8f6cc4ce735

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jawt.dll

MD5 b7a1000a27c5774160ed66ff97c979d0
SHA1 192c06bafc5a45bd2f98e7c385853d255157afa8
SHA256 d4b402c9d2a6e662ae7219ae00eca9dcce94269aba73116c6af4e5812b384503
SHA512 83ba9b6737cd09053c047f8d8455bf950464347d0f80b060e5a08ba814752287c34c8428e1270bf02371441b604039fb6c144a87b57ee5566d75e1bfaeaf42bf

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\java_crw_demo.dll

MD5 213d33c3bc1c91c64c909acc951957f2
SHA1 f73ae3e39fc2bc815279ddf5e57536efd26e9427
SHA256 8b4f6d6bb6b5c015824c45a776f93ae700af7e8bc4c3f15c9e63dfa2fdb0ce3b
SHA512 82f07f611387a0aa7e1e1e8c2f73ae0ad1dc27a1443f369713d416db2055a4087dd73b5f8721643788a49b2937109bc73e9ba5e42631d483326316593973e06d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\javaws.exe

MD5 fd3824c639c079da7ca2e40d2e03614c
SHA1 bf3e9853a3e20c79fef2e04a24a0be87421edc76
SHA256 8a8006658eab33b332787b35636b4f803b8634868f94b64d393f947a1d93c765
SHA512 074d0f7c4454b240f6eb9ac05d9499b3f3f555895fa75dddd47fb9001bc613ffcb4a9a1febe464f5c16ce60f2830b24ddb3b663dcd1008bd8b34e5cdb39eca00

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\javaw.exe

MD5 74198e9118b9b57592f08fed2380ddb6
SHA1 e5c6541d4a133d434192155f758b750a17a532c5
SHA256 a8c0c9cd921236b8b47c62718638690e74edebdfd555f306ce3247207e032458
SHA512 c1838904824f7d7fba36e811a2b81f68beaba2f26b6ba1dd5249c6e3289583b818afb3fd934a08d526c30bd983240dcab0679f6a3f62fb29998430e75df92026

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\javafx_font.dll

MD5 857c873dd97fb776ab2a09a6bf1a0652
SHA1 a55d2db79bb903c2d3f78da1d7cfda141064590b
SHA256 7a2c11541e683483865c55d400f71704cfeb81a3d1ab222016cc4c8f3f8eed80
SHA512 e92a6e43d02724bebd7e2d1ee1c8d4eab5b2c55f1cb39d31c21311361a6c02b433d424ca32cbca2ab55437f3e2affa088e6742382e83f6c01421fee048220f41

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\javacpl.exe

MD5 1cb69e18bbede1266da41f00d0a45cd2
SHA1 ce7e3f06f7e74c5ec367cc7c9fa3f0c38cd2f307
SHA256 1e3334f488b8fef03432d87640c31176c13ed817feda163d8b7288793a67f7b5
SHA512 a9d10cbf080daeb347164adf485d9420a94c8aaebec8f33f029a91ae5bf7ea8b1aecd7d76f87db00d9923cf5d78c8bb26c654f392412e4e36313cfa0e9e52aaf

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\java.exe

MD5 c863273afd4c2ee6b2cbecde86ebe021
SHA1 b5f24ba94b910e30b511332f3a96729cb0a539d9
SHA256 093a4662d587079a9d73871b4b727d863d10280de9f49c5d12a1a7e7a239285f
SHA512 7bba04dadb70d8bcceac0a3e965000c2537369ad649adc90601a0aa0b555c97ee07011b86f600218681255f72ccfaf9dc6710168a21a33f5121ec45b55390760

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\java.dll

MD5 949fc2c63994ec317abcccfc1452ef22
SHA1 41d496159e826e894988ad1dcca7918d10e793e5
SHA256 6cca6ced25b89323900dc9e5f75604c922a78bd70887ef003313f9e2e7b9aca8
SHA512 26f13807dce767a89d053690023ca322409dc819120f213944291f06e597a0d4f0a08435251d69a74bc15811540ba7f2472bf5962f0f66515603e34b0cd2815c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\java-rmi.exe

MD5 158cb66b1e636cf32d593c4d7db7e858
SHA1 7889ca20462fec79cfcef497639c037e99350a7f
SHA256 c5f85de246b91a4d295a49f23930b8475d92d493f1cb94bb6f6602b0599d6e1b
SHA512 d88621d98822b008cd60ee6977aaf2ad5834a9cb1ae6dcbc351a0bda976af8fb9baa0345841dff0e3d68cf5e8c528dfd0f89280bbc20c9b8d0b4b8697bf084b8

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jabswitch.exe

MD5 b5cb189c19bd012180a757d8419fb36d
SHA1 2c5292f7bb2c851261f504de57d094c5ab36e333
SHA256 6b9db2995902e87e04c1123d9c1bb3893404cfd039de07499b778ea68b912fa2
SHA512 d41ca378edc86972efdae2f9222a6f8532c269299df961b047f41182f33d04128a445ffd0f72853306c89706c15817a1049d8fb9cf5f8ed0837b6be328982302

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\javacpl.cpl

MD5 fcda3200760c9b36bdd60a251d330661
SHA1 4c4ee011714f08a0171173a9ccfcba63e68622de
SHA256 e6ea0fc7e1e43bd0e10a17c572ce43d71b3576863bf77f7085401c19f6f7792b
SHA512 8d7bf54c03e2a5c5d17ab22f3bc66f9dfc867916ee7f4eb3fe85e07480923c7a875b23019b691c862cc10f345e503da8ad95dcd09a44fa73ca9c2b458d55c55c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jli.dll

MD5 1ad845c9e59affa1f2feec8fc6315857
SHA1 4f7397b957956a7db66e31ee95e698b109cd04d0
SHA256 f62245ed37326a3a7fba6003a91a2c2baf816ea81286262f2772ecc4fb2042ac
SHA512 e1be782a292afeb9a34a051559ebe5670779a909b2c71e25dca883d87ded9fbe6d9000e695ccd45c965ace4fc8911e7951f616fdfdf1eebd93ab19b61dbf2c98

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jjs.exe

MD5 a649a3454c7a6b4a53ee5d771c2ab707
SHA1 04c49fb609982375ede216303f18abac14d0d4d0
SHA256 10211ee851ac482ae429349ca4b540508bc292dc92cce5d12f31318843fd2e75
SHA512 1b8f7153bf9ba5816267a88331ee9e9fda22c50db92a82fe652dedca23683b931858d60661f8637154a5bbd4a9a374386d5063b79f09f73e5e685e97d58f6376

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jp2iexp.dll

MD5 ad256ff4303579453bea57922fc1de65
SHA1 837a4a0aa46f6e54604f7002bb74bab252a69367
SHA256 2da988ede307852b96c9eacf00b5aecc947b91f3700938cf52e86d217888d0ea
SHA512 2d5cb7a597ce54651ee0141236bd1878698fd2648c20b906cf54422f19cbe2ce7d2326f5d16ba74bd6f1e63197b536de16524f153b730f25f53d1ef29e129d8a

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\ktab.exe

MD5 68815b6c76ed327d7bcbadfde57e16a6
SHA1 22cb9005419bf2af52fd50823ce16791dbaf740d
SHA256 a98dde45ac6ec2a9190d156a0d282908a08c08738878c1c87b863c3bb0561892
SHA512 de1cae42d5db8b9efcd1a53a187543f96dd9d4c77e1d9ac8ef6f67a7a518c139edf11b9df091c9817e31e4eb3288cf62bf0610357af930c4bd0e64fd49607708

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\kinit.exe

MD5 e71812ce5d00ae92154553a95932f412
SHA1 956ac5a6127622b99dcf8e6e1256b0d7ec0d5a34
SHA256 bcc997dce7f72bf2a6b2be5d7fbec5c8de198cb0190d8389c2bd138495554c74
SHA512 a6308c24b13e3b41d587d00fd1e47cc69ceea2d733c1e9240051eea7b4f5e66d3c126a8e2d283420fd8bec256c37bbdbfa5dd4a9c009079a1d3a80492b497f48

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\keytool.exe

MD5 a8b499100141742fbb90089fe4c5f90e
SHA1 32dd5fdab96a6693c27c8b6cd8914ce213164336
SHA256 d6d2a0e5cdacdbfe30eb261204a019fbb835da0c7d42d5d4d935ac37077ac179
SHA512 8782c7abbf60a1ff773d742c8e831c186d5e79c9472fa291c11f827dbe5adb04f7b24045b54eb22bdf27a1accbbbc87458ab1f3dd37054d0f68a398809aa89ce

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\jsoundds.dll

MD5 c8f9ff0c99f21919edfa5cf51e5f3c5d
SHA1 09249700495e919468331d3c6a9a8eaece8858c5
SHA256 5e223ac8822e9fc8f991825f7df99b0c0246d01c77c3451f1a2997140580b1af
SHA512 36f318ea0c634ca2f47ccc7fff8ae388d5cf59c461589793eac55825115f0dd675ced98a2b73ca6db1bda4c0ad0f428812fa45dc7d9f5d6b66d539b9a0efec93

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\npt.dll

MD5 e62346482352eae1a37e7149617ba94d
SHA1 e5158f961a27a3d7e93f03a6b78dd13696bff1ff
SHA256 4e6a9dd7869a0a6b4edafb7b83642c862d0023098889e361a659ee9bdb787655
SHA512 62a18dd0091a65bfdcc8ad4cfecf7beee4c49f09d047583a35f99e9971774ebdb118734485f9bc889158871c901b094c595bd0cb644632f7a1387f8910d61ce7

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\rmiregistry.exe

MD5 1845868936406a4b04bc0041b82466a5
SHA1 5899265b5197108e482479bb73607b529b7b6803
SHA256 4ac831ae074760e3517cc5c5ad800c325049dbf3d98ce9d6a45555887e501d01
SHA512 a5dd10fde76f95b0d06da916e0f1e0c74ac95b41dd4b38e752ab8f304e0726d8ca652b247303f3e94daa1cb74e9a08528d8be01ac1e9ec92f69b4e33498bce9e

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\sunec.dll

MD5 5ea0d610e366e3e1548bd3659990d90f
SHA1 b7674cd5b71527691cc1108ed76a3a05a83d1a1b
SHA256 1783b234e032f92b5b5e725bb8b5bdb7a362dae7885c65038be786fe28f870e6
SHA512 d146aa497e92066a5c98ba86e46c2af04bc24e5d750580f26afca4986ca1a2bf79b4a36e481a722982a0f19a22ab4a255bd4afda0c7b8bbfd0c1ff10ad7ef383

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\bin\w2k_lsa_auth.dll

MD5 9186aad5f27243daf2c4ca17677b33b2
SHA1 ea54fd05a5a69b20fa73dc6dc017ec927ebc3de2
SHA256 c032c9421aabf96bd4931baca8ea56a4a3a88f50d481a831d4683c0bdec9b2c8
SHA512 c14d9906de48f53cd5eae7fa6789a8afe8c8b1303d1ec5ea87cdac0d9b6272541ce15b6d15ae3281b33c36ce3148b216642b867a7fab99d111a036a069c3a472

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\legal\javafx\icu_web.md

MD5 801ef9090d108780a89c29cc12589bb8
SHA1 6c4ee4d392efdad007ff360d28ee9964c7aae379
SHA256 522d75f2e378f73b1cac580158e71577fafe4305396e478877b273ffc7f399a5
SHA512 ffc7407e4adc4374bcb9b286efafd87d565b1a3d751d02707abffb939a568ef31a070578065ea55e63e0523d9744c62fb02e542dd153fd7bdb871633538cba6d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\legal\jdk\freebxml.md

MD5 409fc7d453b37e23e9abef873a810ed8
SHA1 0c9427f433e516e7cd2a2f292eb9d0a0a61010d3
SHA256 8800731ab11e49c7b4a9d18e0e21882d9949f7dcbcc4540b8024f962cfe65b11
SHA512 b3e2f4b3119175218577ee00001fefed21f84e1421713da3eb5c1d482a5092a7b28824d35208cc4ed72404b94bd5f273cc4db660938d1e6e2f8a2dcd8ed30ded

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\lib\cmm\sRGB.pf

MD5 1d3fda2edb4a89ab60a23c5f7c7d81dd
SHA1 9eaea0911d89d63e39e95f2e2116eaec7e0bb91e
SHA256 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
SHA512 16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\lib\ext\jfxrt.jar

MD5 d7114e4a28209817da9cdecade8f007f
SHA1 d69e15d19ab2500a1e00e9b7e820556574e2b008
SHA256 f98aa2942233224771e545e7e5fe9a5169602082b0e010b2267e2b6d45f22d1e
SHA512 256fff30b2c3daaf42c2f16d2d61719a34d1c31fb88312b6b776cbf9980497a87fd85118188ce61ec96dbc765e29b88c874d9e6c28da972e94c6b4c9a8312cb1

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281_temp\jre1.8.0_281\lib\management\jmxremote.password.template

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-20 21:40

Reported

2023-03-20 21:45

Platform

win7-20230220-en

Max time kernel

264s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7321033.tmp\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7321033.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7321033.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7321033.tmp\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0051-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0166-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0099-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0194-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0117-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0206-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0156-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0106-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0126-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0045-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0196-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0093-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0112-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0058-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-errorhandling-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\eula.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fontconfig.bfc C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jfr\profile.jfc C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\policy\unlimited\US_export_policy.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\glib-lite.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jjs.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\ucrtbase.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\jpeg_fx.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\flavormap.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management\management.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-debug-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javafx_iio.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\resource.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\relaxngcc.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\cmm\sRGB.pf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\[email protected] C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\COPYRIGHT C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\sunmscapi.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management\jmxremote.password.template C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-handle-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\bci.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\cmm\GRAY.pf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\cursors.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_MoveDrop32x32.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-rtlsupport-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\JAWTAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\colorimaging.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_TW.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\[email protected] C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\cacerts C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\LICENSE C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-localization-l1-2-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-multibyte-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\pack200.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\cmm\LINEAR_RGB.pf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\javaws.policy C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\sound.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management-agent.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_7340174\javaws.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jabswitch.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javacpl.cpl C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\prism_common.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\thaidict.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\README.txt C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\libxml2.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\cmm\CIEXYZ.pf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\fontmanager.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\java.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\access-bridge-64.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\jaccess.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\charsets.pack C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processenvironment-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\java-rmi.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jfxwebkit.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\gstreamer.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\java.policy C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIAD27.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6fa507.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAA85.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6fa509.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC79.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC99.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6fa50b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6fa507.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0122-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_143" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0217-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0095-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_95" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0115-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0087-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_87" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0147-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_31" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0091-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0151-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0067-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0110-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0192-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0179-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.1_01" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0160-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0201-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0218-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0134-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0219-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_219" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0094-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_94" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0204-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0070-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0087-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0147-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_147" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0092-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_121" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0159-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0077-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_63" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0123-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_123" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0127-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0150-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_120" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_19" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0207-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0187-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0078-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0207-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_207" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0144-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_144" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0157-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0179-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_179" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_09" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_88" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0054-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0061-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0087-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_87" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0098-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0205-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_205" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_08" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_56" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0077-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_77" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2016 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1720 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1144 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1460 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 272 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 328 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe
PID 1060 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-3499517378-2376672570-1134980332-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-3499517378-2376672570-1134980332-1000"

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x713924a8,0x713924b8,0x713924c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1060 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230320224335" --session-guid=834a5e23-0cb5-46af-a46d-8456a8c27906 --server-tracking-blob=NTA3MDhjOWZiN2U3ZjBlNzQ5ZTIxMDRmNWM4ODM4ZDBjYmEwMmM1NjBhOWQ3MzIzNWM2Y2U2ZGJkMDQ3MWJhMDp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc5MzQ4NjEzLjQyNzEiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6ImVjMmY4ODM0LTQ1YmQtNGQzMC1iMDc4LWRlYTA4MTNlZTgzMSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=3403000000000000

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x708f24a8,0x708f24b8,0x708f24c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xc56c28,0xc56c38,0xc56c44

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds7307398.tmp\jre-windows.exe" "STATIC=1"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding B7CE20AA27E9BB4DD9A4710BE92E4757

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\7321033.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.234.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.15:443 features.opera-api2.com tcp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.2.211:443 download5.operacdn.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 23.206.103.83:80 javadl.oracle.com tcp
NL 23.206.103.83:443 javadl.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
FR 23.40.2.175:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
FR 23.40.2.175:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/2016-71-0x0000000002CC0000-0x00000000030A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

memory/1720-73-0x0000000000330000-0x0000000000718000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/1720-364-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1720-365-0x0000000000730000-0x0000000000733000-memory.dmp

memory/1720-366-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-367-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2016-382-0x0000000002CC0000-0x00000000030A8000-memory.dmp

memory/1720-383-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-384-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-385-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1720-387-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1720-394-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-397-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1720-414-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-415-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

MD5 5a7901f7df307fba45b1c377f2c94ccc
SHA1 d6630cf733033cdfbda7af3213d49b32f5b06919
SHA256 d8471d5a5b4792c4b49e80b5cb22ef1e938dc3069b210646704f658548d7a9f8
SHA512 fc0036a7ed4b53edd72b91c4824919e6e8a82b5be1e82cdc134e267ef4792424124fb6ba5d7c86cf686910da0baba8453d7a6c12b39a5b4c0cb70658580f3bc9

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

MD5 05d7bba3d6ac92766c4495b8928202a6
SHA1 50b65a8ba5ed2633e43929ee4bd58c95a91a3363
SHA256 4804f3c4fae714657fdb85e98244828acc6ac938505c2da1ed694ae7b58f2949
SHA512 1544d5cd6f85aaeeacd26f2deb9da9eb510226b41079ee78c4dede14386e5ea3446efdfd475bfbfa3a6846fa2ff23d64f4dad3a4ddd304e32de80e4d7bcbc600

memory/1720-443-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-444-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 111dddf2f308abc2a8f7555d5f642751
SHA1 11e6cdccbf29a71a97011b9444cf20c83ad8b57b
SHA256 c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0
SHA512 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

memory/1720-466-0x0000000002F70000-0x0000000002F80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

MD5 bbdf2e8c0262e7e606d41ddbe5a3cd12
SHA1 acbb25f729af14b692ec9c8187a23b1a696f8e47
SHA256 d7c76896d206d977739556ad2d5811f7cf3117252afcd439a5aa0f2b645f6949
SHA512 0334fae3682889adbc18594b7917d8c93252a86bc04d08efc6860d5714ba4eb8aabc39c51e532c4aee57a938021540d2f2899781d9cd1de311036e1850a65067

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 03774349ce4a78b86bff91547dd43063
SHA1 2ce159a5c61b46ac79450ff49962197a0cf2c38c
SHA256 12f550c12f481abc941a3fb1dd3a5a99cd7675ccc92a66471462f6ca9348cd21
SHA512 9e62bde33999b0e7aa1d5ae94bc0c01679237cb0fa69f03ebb364872d19e5b40f3e051158a165c9c5369d7326d27f262b7715eda6ecb83d1e088125d83a01a32

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 aec508468d53ab8d55f5b4beb82c347d
SHA1 477d1ffb28834243f5811a4a2a54b4f0ca240120
SHA256 ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf
SHA512 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

memory/1144-506-0x0000000002B50000-0x0000000002F38000-memory.dmp

memory/1144-507-0x0000000002B50000-0x0000000002F38000-memory.dmp

memory/1144-508-0x0000000002B50000-0x0000000002F38000-memory.dmp

memory/1460-509-0x0000000000DC0000-0x00000000011A8000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

memory/1460-525-0x0000000002770000-0x0000000002780000-memory.dmp

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202243339851060.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/1720-541-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-542-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1460-543-0x0000000005990000-0x0000000005ED5000-memory.dmp

memory/1460-544-0x0000000005990000-0x0000000005ED5000-memory.dmp

memory/1460-545-0x0000000005990000-0x0000000005ED5000-memory.dmp

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

memory/1060-550-0x0000000001080000-0x00000000015C5000-memory.dmp

\Users\Admin\AppData\Local\Temp\Opera_installer_230320224334687272.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

memory/848-564-0x00000000010E0000-0x0000000001625000-memory.dmp

\Users\Admin\AppData\Local\Temp\Opera_installer_230320224335436848.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\Opera_installer_230320224335436848.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

\Users\Admin\AppData\Local\Temp\Opera_installer_230320224335717328.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 75fc6e0056d99df8e9b026582aa1385b
SHA1 9d53e2135f73f8d1b570c5e49e56ce8d85fc7ad4
SHA256 8645d740b0e65a8d9f33ec8ba3a01c6e3e2b782be935b640f40f2b9fab73dc37
SHA512 fb56f02a3da76e47820133b24feea64dbeb1fb78345882cc07691e6a5d29cd1713edf74ec73f577c44e4a1e52f900b8a97c30b27170444a472714a6557b1c03f

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 75fc6e0056d99df8e9b026582aa1385b
SHA1 9d53e2135f73f8d1b570c5e49e56ce8d85fc7ad4
SHA256 8645d740b0e65a8d9f33ec8ba3a01c6e3e2b782be935b640f40f2b9fab73dc37
SHA512 fb56f02a3da76e47820133b24feea64dbeb1fb78345882cc07691e6a5d29cd1713edf74ec73f577c44e4a1e52f900b8a97c30b27170444a472714a6557b1c03f

\Users\Admin\AppData\Local\Temp\Opera_installer_230320224335795824.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\CabC256.tmp

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb7df7d584e1af57233b707f6d712e7e
SHA1 9068252a30a4d87816014f887989d2de32617d4d
SHA256 e13f0f8cb503b12d4ff70f3b7021c367f78db22c079a6098a5490a19b4145d58
SHA512 b41d6422ad30a4c614d69ecba985cea387a71891fd637d825d7ea156ff6664a2f6f9cbfbb91d4eafe8d46bffa77a1972a949b4859063520e7e927e5b29f8f8b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 a20b5879a95dcafd85ac493c4e7f898b
SHA1 fc4a0d7388e53cb335532d2e5cfbe061ed7fc74a
SHA256 846f69b7f739c74b4804ba36519a838cd952e201f2c23bcd695e6ba5702728f0
SHA512 9dbd9b3d30a86bcaeabf915bd2cb492e27b94951cdc190d6416d4736cfff33901ab73e0ca27cbd6e2c54ee2c35acba2d8dc79d70955ad6e55fb1ca464290a0d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 8d7a7d5753c52c01a9b4a5d6927ba918
SHA1 5bf6827ce243fd0a406d6a23ea9effb556f057bc
SHA256 a85c7609afd47285f0d27f4f2d5b15858a1ba69b15cc7dbe5db4298664a0d2ed
SHA512 d043ed18e3d5cc6e2762dbd0f583bc6763e2b8a7b1b709580d392116d97b35223f7a81be318a3c6d62a1b474ca3116106a27293aecb58481ee28edb5cfd0d217

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

memory/1060-588-0x0000000002CA0000-0x00000000031E5000-memory.dmp

memory/272-589-0x0000000001080000-0x00000000015C5000-memory.dmp

memory/1060-590-0x0000000003820000-0x0000000003D65000-memory.dmp

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 140d799c60e148f8cc042ffa064fc046
SHA1 83c349321e880dc3ca1d1c21489a3718f6645695
SHA256 73fa88d34d90f4bee42f4dfad1f639ed6c19393c66cce966d71f5b8232cd1433
SHA512 12025bf79b852bdf46870c3d2e3b2a52793cc1ad49b62a2917b2e80ddf504560d77cdceafa3cc04b1b3fe19cff13d687a8bf5ed3edeac25cd9e485b005667b36

memory/1060-591-0x0000000003FF0000-0x0000000004535000-memory.dmp

memory/328-593-0x00000000029D0000-0x0000000002F15000-memory.dmp

memory/824-594-0x0000000001080000-0x00000000015C5000-memory.dmp

memory/328-592-0x0000000001080000-0x00000000015C5000-memory.dmp

memory/1460-602-0x0000000000DC0000-0x00000000011A8000-memory.dmp

memory/1720-612-0x0000000002F70000-0x0000000002F80000-memory.dmp

memory/1460-616-0x0000000000DC0000-0x00000000011A8000-memory.dmp

memory/1144-617-0x0000000002B50000-0x0000000002F38000-memory.dmp

memory/1144-618-0x0000000002B50000-0x0000000002F38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TarFA0C.tmp

MD5 73b4b714b42fc9a6aaefd0ae59adb009
SHA1 efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256 c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA512 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

memory/1460-661-0x0000000002770000-0x0000000002780000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

memory/1720-728-0x0000000000330000-0x0000000000718000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 e71c8443ae0bc2e282c73faead0a6dd3
SHA1 0c110c1b01e68edfacaeae64781a37b1995fa94b
SHA256 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512 b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 87806e300541d11561a19b676106875f
SHA1 9cc54f52bcd759a8647643d28aa617514185b2f4
SHA256 faff66b8462a38c755df783be8cf8b74c89bb39c565bf61455418bcb65b9050a
SHA512 7491de9808e8069ae2716f34d757de1fd3897d4e8cd01bc6e3ec2a5c87f90011efd8d35aeff362fa6cceee020f7d6dbb84b506318d8c52c7d884a02de58580bc

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 2799f9daca46770a871ce1b5eed32e7c
SHA1 a2792f571210a7f38cdbe49391017300ee7b1ce4
SHA256 fc22676f5b6cdae17b78ddfd16bb070687516fbc827a7edd0541f3a32d85c9e9
SHA512 c41f2e4c4ca59d6f9d11fac11296ab87f1b508b5d64e5db7762f2f6dd387aa96206b2b0fa127f17c0b8c24a0b56e81af12d5937474a450222d9c4416c1acb16a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

MD5 3094925a8de871bcc72ae50882d2a6f7
SHA1 9f7894bc4b2a498ad20b14b2b3cac175bf4d7a9f
SHA256 523e7230db0c47a436abbc442db93e41b6f549b32da6c2a10db7a18228491216
SHA512 bf2349354321397652d834507aae4c32885273209d1409b796170292e37ebf35878e2934d3f53545e66724561e646cc660f952e0bb5006cd7a262a790b64e39e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG

MD5 46a65321aa1fce57d465c26e8b6eb392
SHA1 9efb9a3acd5b32556ea66398c74b014f91087559
SHA256 61df7a1f0367209668d4f0f6a285b8baff864d1341d382ebbc7fd4e71036b666
SHA512 094d69016f066ae835c71d7a950217b9ad09e8cd4d74131787203cae950e572c18213dc1ded139b1fa46c7f803cc15bf4f596c9d51aefe0d43850ae2865f3707

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

MD5 fa8aa84ef4bf0de505f6e3447d4b55b3
SHA1 b99654dfa5f6c56857b4f4102af2d27503bcdc74
SHA256 f3b7e85e8e5e41496fb563816fbf79e6640feb1591bd5e0c0b876d80053ad913
SHA512 b3a7d0d5abe554301b8745bd738662d80e439fba8df6f984cc05151ec8c081a61f0538765653e8587b431cdc97d384ee35d17ab3324c06a2ca40a069e1525ba6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

MD5 1f5c8939031a7f93762862cfc88a8e56
SHA1 6dc4df87344db0ddf09c777e7a80d1b5661559b8
SHA256 14be26e969eb15ef7e76e0ad02d8aa0516c5391e8b09dba0a9a6c5f57ae24aba
SHA512 de45d700c86329c704777917863fd1ddeca90d2bed67a72794164882bf15725ce83c7733f664ee0a2af7df54a6be2def729d19237fb2c434115396ac126ff47f

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG

MD5 ce17d7ce06488f394ce124f17d5acafc
SHA1 8a5dceae9ea369b686123c8f940bb0ea07870ffa
SHA256 c4b04568930f03979d71f48a57b9ad06b4cdf687272f6753ff662006e8e6237f
SHA512 c33f1370213cabd1b84c936f1ac14f9bcc83bc03a633bbe25efe1e906bcee515d0e615c86b7ee3b34404dd1d95ce74d1a00908de8cdacbf9961de3f1ceb8362b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

MD5 09229c3bfb801177839a7c2e22e33a1b
SHA1 f679c05c4c7b2f3722069420c6d6481fc856e7aa
SHA256 cbf81d779b469942613297a3ca6c09d885e3b1d4aa952dc1994a7175fbfc7e3f
SHA512 503bfa063b29dda95f15da303f707e5b78a6bdb74662c222d8a8b7e3a33264016a66acdd9de44aea932e7cde80a43c2406ea6f0250d3df8e182217bc4a0a7ed7

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG

MD5 d8a095202e08fa1ac2578982e9a486db
SHA1 397ffc8af43ac18466b8df245b4faa6b278659e6
SHA256 28fed2b9a3cbde34da4b6b5d1af2d2844437d21f6dec85b3ca2faa5cd3b512e5
SHA512 ac751386a0004e335f4e5f4ea24bf6a474478c8a7ca54d018734e7cd44b8e9a0eb262b00fe1219b1c62c96b018b08ba6b1056d3a13e64b55c7e70d748a6ae9c6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

MD5 0b445ace8798426e7185f52b7b7b6d1e
SHA1 7a77b46e0848cc9b32283ccb3f91a18c0934c079
SHA256 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6
SHA512 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

MD5 59d6f22fdc11d6b116b38193ed5f4b97
SHA1 cddc7eb2110b3179dd6d1e32b4b37f3568a22ebf
SHA256 782cafea76d24d76885d88ee1302e5f78d75a4e335529dc20ad476fdb9e34744
SHA512 5b0fab5139736d30a69c98ea88d95a5c70f59aab1b82394c58b33617b824447b861a6e6067b62dd1ca1812a4989937e06ad473c6c94376af957871e9e63553fa

C:\Users\Admin\AppData\Local\Temp\Tar990.tmp

MD5 be2bec6e8c5653136d3e72fe53c98aa3
SHA1 a8182d6db17c14671c3d5766c72e58d87c0810de
SHA256 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA512 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

MD5 1557c08e187b7783083e0b80051fd321
SHA1 2c6ee47799d713e88fd589609b81912a4522044e
SHA256 0c0e74dd07c45833a5dd7ba931e5d528eb16334defdd06171df2f632d6e47842
SHA512 485f69b3878b2bd7fdf52ad020dde2cbc34dd1970aaa4e5eb8f8618f6091b5b827b428447859499c3d61ea9cde2edcbb97c8fb0560cd0aaff50027c0f97ee6f3

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

MD5 5eecdc666e6dc0b8e5e8d2fc3b9cc1b2
SHA1 72a16d461bd2410d5749c6bf939a127683d83a95
SHA256 052f0289886f9cc0931d7026dfe1f5253ad39123479627e37afa5c430e8f8ff1
SHA512 5d465d2c61d97ec2a52db3aeee8d42ececdef08930692842f9c6a41b0611cb774015d369e4fe5186079e97839acc78e8403ea6a6c33ee54a7aef3eea41c3d7db

memory/1060-1276-0x0000000003FF0000-0x0000000004535000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG

MD5 03b1d78771eb279766efb2d9f2fa8463
SHA1 8f10e304fd65e58136ccd6ab012ffc594e6fb707
SHA256 eec16d2cb57e38b485b6a269e9c2554c1dfc3b70dec9f7bbddc2b62526b3d832
SHA512 ca51cbaf20e6f62eb6ec69555d259ef61828d3166d09106bcd335dd417ed30660af71e7fd8db6bd22bf134cc530e1a55ecdd2c307e64e8edb28af95299d66f5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 8eec84d1f7b34fb8f0c92402959392b4
SHA1 4d49164ae8f7533d61e2ae137404d02d1308ce38
SHA256 2d6ea1e3e2247eb839116c10062aab24e7d029dec1b23bd7d34dc4b98a7f34a7
SHA512 662e5f4228b294ecac0ce0c892082984aabb7779ea1318df3c5202d775fbb0825fe672953bd7e8fc695960183fc1a4fefabc3eee68f0298ad20f3bf7cabdc5a3

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

MD5 5bc85d12eb492baa3be9230f1fbdc342
SHA1 456fe4284fa916ad3817e7c3d419c13f4c949737
SHA256 9a27f240758513aa1cc05500171fe22fdb3a485781cba4798cefc29f6944373c
SHA512 3d55c597ac29d7f810980dfd89404d3ecbd2e652ae1bc5e6710668ad5386a0caecf3149289df13f6dabed6b2e4305a26684ab3bd21b255b37f8a596fe8d641b9

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

MD5 667b0b54ee5ba0d1cb66190226596e46
SHA1 b8658b35e7cf44b24053e4d01d3b51233d6526f6
SHA256 3a9ab8c3640f1b40b33553d7d3dd3d15bd6e702ef510ec0b66a2f14aa744bf83
SHA512 9ccc773214a0074634be66801d81d7a593ab154351fdbd1b93f56ffa80cf824ee31ff2e13f26536d5f3096e90df43fa223080b4dc55340614b076c08ef976dcb

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

MD5 38c12e1a54f8fd216ed3f13b36798cc6
SHA1 ccf1fe585d3374ebce4c1ec025e2d8ec39968a7c
SHA256 608924ba294590b5b706658d9aaa71b480ad9aa1b6797bbc5cf1632ac6c616b1
SHA512 0918af63f006d7fa04a3faeeb813e61c060316a126c4742a948a30f5b6ea368c3b8592011319dad3dbf8427dfcc095aa72f7b651d6fc31061f861f070447331b

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\additional_file0.tmp

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

memory/1720-1622-0x0000000000330000-0x0000000000718000-memory.dmp

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202243351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 75fc6e0056d99df8e9b026582aa1385b
SHA1 9d53e2135f73f8d1b570c5e49e56ce8d85fc7ad4
SHA256 8645d740b0e65a8d9f33ec8ba3a01c6e3e2b782be935b640f40f2b9fab73dc37
SHA512 fb56f02a3da76e47820133b24feea64dbeb1fb78345882cc07691e6a5d29cd1713edf74ec73f577c44e4a1e52f900b8a97c30b27170444a472714a6557b1c03f

memory/1720-1650-0x0000000000330000-0x0000000000718000-memory.dmp

memory/1720-1662-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1d7e806ffac930de798c91889e83c8c
SHA1 6fcc1c1cb25df7ce12441cf69dc02d20c7768538
SHA256 af69ded4a6bb4997f972225c8bf44df44209c343ad1b61a067967c828df11349
SHA512 265b126aa73dcccc49f76516f25a3696a212c33d868f5f65ce5e5aeb2491b941f9eeccbac2874881a621e981661d3e5909b1ffe2a2a909e12f76944fe0d3b5b9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 36a4eee7c556d0e7ee05ceafefa617ea
SHA1 9e996d8ebbf25c6930c3321a4eb8f334127173c2
SHA256 5ee96faf95fe7df3086608380a242168ed06671361af5385fca5acca2c674723
SHA512 d34b7fde9cb88e26972d085c47322c6a9c822082bb5a551819ecdbd2e9dcfc7fccfdd89265d589a2a057fc34a04977a3432bdb5373dc26a47c585248241c56aa

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4ed8479a812da283b57a5b4decda2797
SHA1 0528dfa0e6ec7ef2104bae6ab7bb8901a960dc1b
SHA256 5034f3d1b9ed7d41c8fbdff5d7890f3f28cdd2b0a5a41d266c0bebf6285ea8d8
SHA512 2c80c7911120502ca8a6d21134bc2889e15be9c8400f65c6d0b034861dc2389fef78d34d704336bed861f348f7384348a9c58d79a68315acfabda8433e77110d

C:\Windows\Installer\MSIAD27.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\6fa507.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

memory/1700-2013-0x0000000000400000-0x0000000000417000-memory.dmp

memory/1700-2014-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1700-2015-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1700-2030-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 7fadb9e200dbbd992058cefa41212796
SHA1 e2525d7ba66bb07bc1cd5ba93f88c54e7e2042b4
SHA256 b05abacd15117b1ffcd2a288308f50c0542214d264b852eddfa9025307ac401b
SHA512 94b7bf1f1f5cea2a74f8c326113dd25652cb14e5fa356ac83d16b6ac5a5cac26c9d2b20259f5c2cf8ebc1e022490511e2996335a5d8dd7f5b64dce429fb6dfb1

C:\Program Files\Java\jre1.8.0_351\bin\javacpl.exe

MD5 7a9d69862a2021508931a197cd6501ec
SHA1 a0f7d313a874552f4972784d15042b564e4067fc
SHA256 51ff63cbac78bd133333e98d91b02b652c88cd57cedd0052519051a17be77856
SHA512 5c331e6deefc8256ea203d63770484f6b485d4c3832a60ecf4a540dff3cb75a76dbde37980fe1763ca487401b68126f58f8d1a4c72ee610f5144c624c4736850

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

MD5 24ccb37646e1f52ce4f47164cccf2b91
SHA1 bc265e26417026286d6ed951904305086c4f693c
SHA256 adf2d659c2b2a4afff1ca58f3a742d27d767d27eabeca6a8b6ee243e9c913a39
SHA512 cb174e7a219f6ffae3715e37beb428979bc1462202729c05a25fa7b8da90e2dd6faa92c03cd9ca21567d354dce7acc1852669f4071298e953d6a286243794e32

C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npdeployJava1.dll

MD5 ff91ac355dc6b1df63795886125bccf8
SHA1 90979fc6ea3a89031598d2146bf5cdbbb6db6b77
SHA256 14b30467cfea0071dffc658dd31b8a25b7b4e79608933f171911c2cba6aa9a0a
SHA512 77aa8c7930730004bdb8d49a82712e1042db978102f6eca0d38317b6fd98ef03e52279130eadc7a0da1148e759db6589f7f8334d4c2eccfb2613e8f19542e197