Malware Analysis Report

2024-09-22 06:28

Sample ID 230320-2d7hqshf5v
Target TLauncher-2.871-Installer-1.0.6-global.exe
SHA256 318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
Tags
bazarbackdoor backdoor discovery spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96

Threat Level: Known bad

The file TLauncher-2.871-Installer-1.0.6-global.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor discovery spyware stealer upx

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Checks installed software on the system

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-03-20 22:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-20 22:29

Reported

2023-03-20 22:32

Platform

win7-20230220-en

Max time kernel

81s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1496 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1984 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1536 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 2032 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 884 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe
PID 1828 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-1563773381-2037468142-1146002597-1000"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-1563773381-2037468142-1146002597-1000"

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x710324a8,0x710324b8,0x710324c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1828 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230320223035" --session-guid=7ff1241c-5197-4b37-8ec3-6453c8596543 --server-tracking-blob=YjEyNDQ0NDJiNjZjOGVhNWZkMjdlYTcxOGJkMDdmZGRkYWRiMzBjMjU5YzgzY2M3MjM0NWEzOTdhNzg3ODY2MTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc5MzUxNDMzLjk5NDkiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6IjgwYTEzZTY4LTFlZmQtNDkwNC04NjVlLWM5OGU4ZDYzMDA4MSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4803000000000000

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x705724a8,0x705724b8,0x705724c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x1186c28,0x1186c38,0x1186c44

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds7196404.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds7196404.tmp\jre-windows.exe" "STATIC=1"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding F1A11563158524F84D5EC1A7A412535C

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\7216325.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.235.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.234.70:443 tlauncher.org tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.16:443 features.opera-api2.com tcp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.2.211:443 download5.operacdn.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 advancedrepository.com udp
DE 46.4.112.226:443 advancedrepository.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 23.206.103.83:80 javadl.oracle.com tcp
NL 23.206.103.83:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 2.19.148.12:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 2.19.148.12:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

memory/1496-68-0x0000000002C00000-0x0000000002FE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

memory/1496-70-0x0000000002C00000-0x0000000002FE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

memory/1984-138-0x0000000001110000-0x00000000014F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/1984-365-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1984-366-0x00000000006D0000-0x00000000006D3000-memory.dmp

memory/1984-367-0x0000000001110000-0x00000000014F8000-memory.dmp

memory/1984-368-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1496-383-0x0000000002C00000-0x0000000002FE8000-memory.dmp

memory/1984-384-0x0000000001110000-0x00000000014F8000-memory.dmp

memory/1984-389-0x0000000001110000-0x00000000014F8000-memory.dmp

memory/1984-390-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

MD5 86f8a0a9d3c46bae28bd9fb545a7843e
SHA1 8eac29774c722c091557d85a1aa2a8226f882455
SHA256 d31c557422c73f37b744ba6a21a395e7e371e1e2595b0ca231f449d5e8acfef8
SHA512 285e43b0b5b4942b415de58e897c87de60334a905bf2253375bdae90d74aef503d795da2e528d16ceab0f11ebace777c43ea697e7dd193ba24a3ae5f35909490

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

MD5 1fb45f663376095db9e36f932fe43360
SHA1 19cc5e4cb194b21aff5dab730240ebd16271479f
SHA256 5fe2cc4e72140634efea1f4ceda1b33d95f8b7733adeefd57a4fe716da7802d8
SHA512 9a270426ea86d7ea258151017edc18071a1d755e34d073ea56215ddb5bb73fb52bbdfc1ef9aaad2b65ee77ad69385d14657ea08ed1a21a40397c3403e10d7e82

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

memory/1984-432-0x0000000001110000-0x00000000014F8000-memory.dmp

memory/1984-433-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

memory/1984-436-0x0000000002FE0000-0x0000000002FF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

MD5 34b9382484083844ad9cd96c0e1f134d
SHA1 c28807c9ec77bb3f1dad8812114ddf493825788e
SHA256 2474e205be32a614539fadcbb14104fb1fef84c26dfb6b393afa5d0583ac41b4
SHA512 744e0f1f38e7891e82c893a732d81f61b2f6584100e5df5ffcdbf154f101b2afd844b71641d5bd3d5e9422b466a0bd5384adcf71150ab2432aedd22ef98ae7cb

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 e110afaf63d5ec307d115326fff8d01c
SHA1 0dc29d0ba0d0517f19598a3d2e2cdfeaf7b1be85
SHA256 458b7df59e6944fb1689272a3890bf47c2f1aa454998289604942575ed83dba7
SHA512 1c18c24ef68095567c431cc63b860854519960c96dc02ac7ffa8470856b551ac9ef329d4c2d465a74c5ed22b8a3bba3d58c9c084cadf683126b20ed64db0e7fd

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

MD5 aa4de04ccc16b74a4c2301da8d621ec1
SHA1 d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256 e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA512 28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 51be149c8e20df63087c584165516ecd
SHA1 feabbb95b65e6929f086266b06ee1cfef83539a7
SHA256 b949eb246d81688efea07a7655652107ad435f37d493d93dd68c88a9fe6f3e33
SHA512 6f24e4caafd6af85c2f8641d7f2b066dfafa7d6abb512fa62f3642eaa42b549692b15043a3bf0e13cb1fae377fc1d3139dcf5cea3d4def24de197f75297e17f0

memory/1536-476-0x0000000002DD0000-0x00000000031B8000-memory.dmp

memory/1536-477-0x0000000002DD0000-0x00000000031B8000-memory.dmp

memory/2032-478-0x00000000008A0000-0x0000000000C88000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 e801c5847f5f9d207db53aaaf5c6f3a2
SHA1 8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256 196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512 303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

memory/2032-509-0x00000000008A0000-0x0000000000C88000-memory.dmp

memory/1828-511-0x0000000000970000-0x0000000000EB5000-memory.dmp

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230325201828.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230333161084.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

memory/1828-528-0x0000000003A60000-0x0000000003FA5000-memory.dmp

\Users\Admin\AppData\Local\Temp\Opera_installer_230320223034548888.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\Opera_installer_230320223034548888.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/888-532-0x0000000000B10000-0x0000000001055000-memory.dmp

memory/1828-534-0x00000000029D0000-0x0000000002F15000-memory.dmp

memory/888-533-0x0000000000B10000-0x0000000001055000-memory.dmp

memory/1084-535-0x0000000000970000-0x0000000000EB5000-memory.dmp

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

\Users\Admin\AppData\Local\Temp\Opera_installer_230320223035874884.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 ef6b44206d34f2cb4f22d66522ad3fca
SHA1 141674e916826a0e5b92cb59cdcf18dc00e909df
SHA256 a3679aec95e52e12eb27170b5c87ce7f06fc51b5011c8a2326ca966274ceb4a8
SHA512 999dd31686da71ab43f801cbe6a1cbb4a4bed7a228a2665d2e9670528eced5bbdf5a33e839fbcd310ffe630eb5eabd8af4c7367635eab408c7238c7f101f405a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 a20b5879a95dcafd85ac493c4e7f898b
SHA1 fc4a0d7388e53cb335532d2e5cfbe061ed7fc74a
SHA256 846f69b7f739c74b4804ba36519a838cd952e201f2c23bcd695e6ba5702728f0
SHA512 9dbd9b3d30a86bcaeabf915bd2cb492e27b94951cdc190d6416d4736cfff33901ab73e0ca27cbd6e2c54ee2c35acba2d8dc79d70955ad6e55fb1ca464290a0d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b3be73c179d0eb0bc07dcbad9fea8e1
SHA1 e7dc7e7227686f60d3c6eef3cd82900a75830641
SHA256 d95f5de848ceba0ea7c33dff3c30a680766a6393b283d0b8439253822f23995d
SHA512 bd04be2af43b2fc599695dc3429f40d0e02840b90497783d4b8254fa61918cc0480551d90460f33f986f3fb445a3229b534d54621caf5778dc65b1c7e0110d3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 6ba6bd4ac6fcf13010d51b72cc13d0a2
SHA1 651c126e36e3af0e50f324bba0fbdfa6dc3fa04c
SHA256 fbc20379a870ea2d15181ef1786b7f13cb15764dc401c7b0afaf9b0b462daec4
SHA512 9de6b78b80211f2f3a14688bf9dbb71f068ef4ba063cd0a2cddacb6f926d62faf5acc36f90a83649ca9a747ff9e0ee662578c8fbd8d34e83a6b7fc703dd13c33

C:\Users\Admin\AppData\Local\Temp\Tar427F.tmp

MD5 73b4b714b42fc9a6aaefd0ae59adb009
SHA1 efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256 c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA512 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

C:\Users\Admin\AppData\Local\Temp\Cab427E.tmp

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

\Users\Admin\AppData\Local\Temp\Opera_installer_2303202230361241484.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 31d5d32719dc43bc9aa03bea176327be
SHA1 f8fe0c77ab5bad7b4149827119ba392acc6e5d12
SHA256 ebe83543dd40328d6e3dc1b3155d2d8e82e842a7592daefa42730032c0ed89fd
SHA512 04e46ef8f7199664cb4eae00c803e81928e4d5465505bcbf1c7bc3b71ad0b32541329ea7c0e7102d9d430d76162478c58c191f14c4af12b34c639bd4045313f8

memory/1828-569-0x00000000040E0000-0x0000000004625000-memory.dmp

memory/884-570-0x0000000000970000-0x0000000000EB5000-memory.dmp

memory/884-571-0x0000000002B30000-0x0000000003075000-memory.dmp

memory/1484-572-0x0000000000970000-0x0000000000EB5000-memory.dmp

memory/1984-580-0x0000000001110000-0x00000000014F8000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 020a4049daf1ab24ec6cfcf89eaff1cc
SHA1 cce8b896859db9b9c2f177f08c46fedfec01f36c
SHA256 c4dd07cf6bd07cc9457d301ec0902c7d148edbc0652b70802d3575d6bd302741
SHA512 4aa577472e8cb56705d7d1ed0122e2d6723b868a16cd06ac20f77cf3fb5e3b69475ede67d5cd937be4f0379edb529aaaaad516f7058fb408fe2dbffd326391c6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

MD5 c33494962486b6c66753033da0637e7f
SHA1 59c6b4bb862adcb24abcc3660aabbc36c4ac797a
SHA256 caa23e63c2e9c0a6572f0db25c8e3490b9c866ede63315cd4688ba297404a838
SHA512 1cb4b7cf8224f01d2ca2667a0762c529913157d38209d04801c09880a3bfb8dec14c696e477827f144f992483a216e1d5b430a16244b9ce85cb24b8e2a57effa

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

MD5 2684a1ed513d8adcabc3bd1cd7e473cd
SHA1 0690eb4427754fe55cce82db82fcaa422ea7bd55
SHA256 eccf440f384eb9054baaaf1131f636d051942386650bb9ee31f78cd548d75d29
SHA512 b2d3bc45ba4e17ad3ed1ac176f5fd525b299ec8df9f286dd0057b67e38b932d36839af2ed3c4c5a6e5e8f01b20b7776fd8bb7a4864e8a4fc36402367d6c56e61

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG

MD5 d807ce818485dac7591c7d3086ab04ed
SHA1 90d9ec0448fe7b479a26aaec78e50f7b97069b44
SHA256 eaa07be3dd865be9a2588b03689a3e524f0acfd8b9ffb0976202e82f5b050951
SHA512 698f998a04b73ad3f0ac92ff6218f18c57a81a00104642e90b28002319bbeaf16976d2a8631c525b8b21662c2c527950cf4e7303f20b9c56ef47dc0b315fc082

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 7ccd3fc84935804f0f526cc0a6363349
SHA1 ac0d2026c8812b7909c9fc5c27e1132c95d7a10f
SHA256 73fa75e621b6cf62090399d7832f08f37e991148f15d7606aedbf923ec833c36
SHA512 ab496b6ca26fed184e00b2374ed2fcf5f7195ae886692d585f685dc370b6485ef804f180f974b84cbc174c529b6eb6e0ae4f61ddf8e7828042fb8403da9e91e1

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

MD5 0b445ace8798426e7185f52b7b7b6d1e
SHA1 7a77b46e0848cc9b32283ccb3f91a18c0934c079
SHA256 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6
SHA512 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG

MD5 6182adf3942819a755e1c2d55ff5af0c
SHA1 c2eb79e7b308ef87be3095c954bdd4758ed8334e
SHA256 e96cf2d137a32c95499af9f9fdd6bcbec0541dfd796ba66ada600dbe3728fa56
SHA512 e2ef7111e080760391069f014f997c91f9d5aef63144424aca4b612f7e555956f40f7f0faee7db68ca61d8d2900189f91135b00463bcf70153d624c2a3e8d834

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

MD5 e65fa73caf1c2ba69052baaf86873db3
SHA1 e13e1e53b05365b93dd2092b1350ed1c2973eb01
SHA256 1f08862ef6969b8819a6307378dde0926854daca82f0ab9972100e5f92b96fda
SHA512 cfcdd2ebfa0d83bda0725f6af8f2b4163d82b4c9f26cf01de48f9a3ae69c6b9283404240e0365d3c746b2b51b2755e41395b3b78bab8e6c713371ef4a60c6a52

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

MD5 5152c9182cde951170e38aa8477943c8
SHA1 d1753dfab280ffb6dde5cdcd3ebfa10c01b337f6
SHA256 d76a808ac0bca36c95cc236e9ac2a14ff55e0257db19be95e7d084ee917dd4aa
SHA512 eb1e0ad4dfad344d6d9cb185bc5a3fd9d98f9ce1a30a0a9dffda7fbab83d945ad501f3008607a26006396c24cba211a629f24a244d3b664cbd33346d8fad15a9

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

MD5 7bb97ea0561e147e5c859a184e724101
SHA1 b48e79f96f22c8bbd9b0a0cb3b33d476fcf245fc
SHA256 dc69aa58a2261c5629b5aa5e38169ed4190c651fddae856f09d3216e5ba694d7
SHA512 a9a23f9677b96ebb041598ff3dc8a2c53e3c36bfca1665af69b4c188b01ad2b37501039b41f2c80c37171073f1b6be5b28d23b8cbbdd399008ac9fa265fb0e7c

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG

MD5 82f9d4d69207053f21d3032b3b4a5665
SHA1 0d490c22242ee953ac1d4b34c7568dcb289e8241
SHA256 60773aa4f64d139a8c6d44fa0d027a401a2dcef1f44de48bba104359a86b9b31
SHA512 f9a78b440eac00ede67d539899f9472de51b31c88c2e5f83b752dedbfcd7ca0f9a827c78103ef02a8201420603b421204cb8fe821a24d858c64ef6457c052fe5

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 58e22c0ee91280156cdaadacac7acddb
SHA1 189c552c94a9b0ae0208763bca77f2801debc224
SHA256 765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714
SHA512 9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

MD5 31138426dfa172edca26189a966c47e3
SHA1 fd7805dc98639e2c7cad028a0643310fd2fd3321
SHA256 21facdf3388ec5cbbf0f4e2e283cb8dd5e6e22f4649284c2b6531ba60ed42159
SHA512 9a09815e02ff59140fba8b92594210bc8bcfddee461a6a7dd8280264e79e305d4535bb022083282807d1d0e0eaca342a015745ec6587d0421e415bb986338293

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

MD5 2ad8515432fc7c39b4aa6769bd91fff2
SHA1 f450f078cc7ad04373bc6e7c30f19aedf24bb1d5
SHA256 c4e842fce8568dd11cce378e5208ff344b5ad36055504853ea0ce307455a26d7
SHA512 04e007aad7c07edaff7d3add4def6378c1488155e3dda3ebfd0e3371dd898649a67a468f3c29b5a8db0ab3640015e866d2b4deb6caaef7305c564d2fe637000c

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG

MD5 fc38fc157b9cbf7ab02910c4ed55c2b8
SHA1 1dff59d4ac74fb9070a45a0b5b31668e3cdef00f
SHA256 4802d86138d1af69ed0c8bf4b92fda816123650c616284215a24b9949731e78c
SHA512 9a7c17d5ef703f1fe8804def77092f73c0e232b70da4a525f0e520557d59de3ebfd7317ef283d7f17bd6402848dbffe90e140c3a7a465ae4f448329e0b367efa

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 cccb690a14ea83076887b97c4fde93d8
SHA1 b0809957675da0869cba47ed2e17c66d0866314e
SHA256 052290eb52a337f2c4ffa625df9a9f57cc1778c4572f2d2ff8fe42066e4c2f67
SHA512 c60b29b870618c96a806bf7abdadb2c8d767eb9fd8ffafea5d2f7cd8ddfdcacb8c8e215c560c01d9e0bee5fe1f9ef5b2d8a4a178294e5adc86bd84e89a00079d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

MD5 e29f528351d36605277ebc88bcadda23
SHA1 04dc938f856e1881257ba967c76083dded5e5ba9
SHA256 07849d1ae7312dd8280412ad1d7444cddbff2d5157339b54e2cb9dc175c4da9c
SHA512 69994bc90e8bd45bb9e41db1027f02fb694652d169408b0ee7c6fe5b0ba97f3f2ad3c03245dade3ffe40a01bf996050cdb52822b798863bcf63c1f6cee9c4b4d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

MD5 ca6d82e8421520272d3bc4f04fde8c11
SHA1 dea5fcd58380bfcc889d517d750103c633f0cd28
SHA256 c25b403d58ec98cf47d5e8593586b62a76db69efd52fb39983c5cb8928b2df95
SHA512 5d8facc2dc7a595072d4bd0f0766413327ce58301c6bfecd143925fa3a63612da74bcdf8d2f363da538b133d81c8aec03da2cd856184330be62a8d8110b669a9

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

MD5 1af3e2e782b622c3d42144e67f54aa27
SHA1 25e254fe1dbd0bce5410834cb426eb6ba086af54
SHA256 ed56950fad13c267311244503fd20ab88d2b5aa4a94af5f17b3ffe5920d5e7d0
SHA512 51c6ace93e363bf8d6034a00480ca1f19c993bca9053f3d6336a76572c9b1789889db4604d77021fba3435a4d0554b535c270dde477967aba8b188627565e6cb

memory/1984-1416-0x0000000001110000-0x00000000014F8000-memory.dmp

memory/1984-1417-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1984-1418-0x0000000002FE0000-0x0000000002FF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 e71c8443ae0bc2e282c73faead0a6dd3
SHA1 0c110c1b01e68edfacaeae64781a37b1995fa94b
SHA256 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512 b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

C:\Users\Admin\AppData\Local\Temp\Tar7955.tmp

MD5 be2bec6e8c5653136d3e72fe53c98aa3
SHA1 a8182d6db17c14671c3d5766c72e58d87c0810de
SHA256 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA512 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

memory/1828-1556-0x0000000003A60000-0x0000000003FA5000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 e71c8443ae0bc2e282c73faead0a6dd3
SHA1 0c110c1b01e68edfacaeae64781a37b1995fa94b
SHA256 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512 b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8802aaa37c16c13a66d3e5c1abda7025
SHA1 d801372f4d0eaa7d76bae724e96f87b0aab0312b
SHA256 98015da2b6a822737be3406cf051626e7f9548e8a9b0f1fced4370df4be152d7
SHA512 08bc94840f6c1559a1080c8c13dacc9f9d70b5dd987d05bcc2b94db47d9497e0c38bc2b4890f2c7ad4a2c7342f0b8998ae180e86d76d8f916640b357693305b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 901d156e1b1255a48b3580711c46245d
SHA1 5c4c1b2f24dcfbec08d24f45f44102357962a365
SHA256 c3c44d53b893cd5d17b4b39cdffbd9f2ef8bb64043cd2dfb5cf02bc0ad9e9b92
SHA512 fa25071e31e5e8b894d8d3229a3f390f681c7a0dc31bd42c47f1b378d1bf65170f1dbae5815d79820dd0ccba2db7ac4fe5bd5d3524cb969e214e775269504664

memory/1828-1595-0x00000000029D0000-0x0000000002F15000-memory.dmp

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\additional_file0.tmp

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

memory/1984-1636-0x0000000001110000-0x00000000014F8000-memory.dmp

memory/1984-1638-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303202230351\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 31d5d32719dc43bc9aa03bea176327be
SHA1 f8fe0c77ab5bad7b4149827119ba392acc6e5d12
SHA256 ebe83543dd40328d6e3dc1b3155d2d8e82e842a7592daefa42730032c0ed89fd
SHA512 04e46ef8f7199664cb4eae00c803e81928e4d5465505bcbf1c7bc3b71ad0b32541329ea7c0e7102d9d430d76162478c58c191f14c4af12b34c639bd4045313f8

memory/1984-1659-0x0000000001110000-0x00000000014F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 9b5c002acec580df472f2a858c53c645
SHA1 ecf8454118335ad9b78a5a46d33c9a1cd62069c1
SHA256 506d84372987cbf260b610b7df6200628c9406ddc73e42d2868977880d20b6c8
SHA512 dec013b34f68d7acd491d459b2dfc47e47c6a8952ec41d2c919879f4697ab29ee19f125d695cb77e7f99bcb23bca218c4a28fd262113a28f0b627aa9be06ef6e

memory/1984-1775-0x0000000001110000-0x00000000014F8000-memory.dmp

C:\Windows\Installer\MSI10AA.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\6e0417.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

memory/1000-1995-0x0000000000400000-0x0000000000417000-memory.dmp

memory/1000-1996-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1000-1997-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1000-1998-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1000-2005-0x0000000000400000-0x0000000000417000-memory.dmp

memory/1000-2012-0x0000000000400000-0x0000000000417000-memory.dmp

memory/1000-2013-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1000-2014-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1000-2015-0x0000000000230000-0x0000000000247000-memory.dmp

memory/1000-2017-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/2252-2373-0x0000000000320000-0x0000000000321000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

C:\Program Files\Java\jre1.8.0_351\bin\javacpl.exe

MD5 7a9d69862a2021508931a197cd6501ec
SHA1 a0f7d313a874552f4972784d15042b564e4067fc
SHA256 51ff63cbac78bd133333e98d91b02b652c88cd57cedd0052519051a17be77856
SHA512 5c331e6deefc8256ea203d63770484f6b485d4c3832a60ecf4a540dff3cb75a76dbde37980fe1763ca487401b68126f58f8d1a4c72ee610f5144c624c4736850

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 7fadb9e200dbbd992058cefa41212796
SHA1 e2525d7ba66bb07bc1cd5ba93f88c54e7e2042b4
SHA256 b05abacd15117b1ffcd2a288308f50c0542214d264b852eddfa9025307ac401b
SHA512 94b7bf1f1f5cea2a74f8c326113dd25652cb14e5fa356ac83d16b6ac5a5cac26c9d2b20259f5c2cf8ebc1e022490511e2996335a5d8dd7f5b64dce429fb6dfb1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 3b1c6b5701ef2829986a6bdc3f6fbf94
SHA1 1a2fe685aba9430625cba281d1a8f7ba9d392af0
SHA256 6a2cdce88637830202e1031bc8c11f083103a6bbb8c1ce16fb805671a46633c8
SHA512 f3391d790bb6acb1c25b82253b19c334e7cd73648e9821b7050fefbd5b0bc4b48a0cedd97e425a83c788f9b798337d33dee2e989771604c4f886da46d2debea0

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

MD5 24ccb37646e1f52ce4f47164cccf2b91
SHA1 bc265e26417026286d6ed951904305086c4f693c
SHA256 adf2d659c2b2a4afff1ca58f3a742d27d767d27eabeca6a8b6ee243e9c913a39
SHA512 cb174e7a219f6ffae3715e37beb428979bc1462202729c05a25fa7b8da90e2dd6faa92c03cd9ca21567d354dce7acc1852669f4071298e953d6a286243794e32

C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npdeployJava1.dll

MD5 ff91ac355dc6b1df63795886125bccf8
SHA1 90979fc6ea3a89031598d2146bf5cdbbb6db6b77
SHA256 14b30467cfea0071dffc658dd31b8a25b7b4e79608933f171911c2cba6aa9a0a
SHA512 77aa8c7930730004bdb8d49a82712e1042db978102f6eca0d38317b6fd98ef03e52279130eadc7a0da1148e759db6589f7f8334d4c2eccfb2613e8f19542e197

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-20 22:29

Reported

2023-03-20 22:32

Platform

win10v2004-20230220-en

Max time kernel

143s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-1675742406-747946869-1029867430-1000"

Network

Country Destination Domain Proto
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 210.81.184.52.in-addr.arpa udp
US 8.8.8.8:53 58.104.205.20.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.234.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 70.234.20.104.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 131.253.33.203:80 tcp
NL 8.238.20.126:80 tcp
US 8.8.8.8:53 97.238.32.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 7e08af319c9eb3297e09ca7bb8387de4
SHA1 4cf091f77a3eb9437ef33985e64bd10c1257284f
SHA256 6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512 bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/4044-147-0x0000000000A30000-0x0000000000E18000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/4044-441-0x0000000003320000-0x0000000003323000-memory.dmp

memory/4044-440-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4044-456-0x0000000000A30000-0x0000000000E18000-memory.dmp

memory/4044-457-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4044-464-0x0000000000A30000-0x0000000000E18000-memory.dmp

memory/4044-481-0x0000000010000000-0x0000000010051000-memory.dmp