cbd0a40c04e71d448ab7f8a70ad7afd04ad55202621979b6e20c4c0efe2b826a

Analysis

max time kernel
70s
max time network
411s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2023, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Animan Studios Meme.mp4
Size

3.1MB
MD5

834f766a021887e496dd260078f64f65
SHA1

db27153e0507e67ef5ddfea0feaeae12fb7fe517
SHA256

cbd0a40c04e71d448ab7f8a70ad7afd04ad55202621979b6e20c4c0efe2b826a
SHA512

b60f9867393aedaea97f483194bc6f6e06cda1387f9361763c114fcb3f474a6d8172fd3a0c8b0d185364bb7b86a319ca650d590fed64911f213c035a67aca009
SSDEEP

98304:cLeIC5eYmjBi4LYXt8z5AmHCl/8SIYZ5NYnp6Mp1ab:c7OeYmjBi4LVy9pNYnp6zb

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
320	TLauncher-2.879-Installer-1.1.0.exe
716	irsetup.exe
4988	BrowserInstaller.exe
3480	irsetup.exe
400	opera-installer-bro.exe
1340	opera-installer-bro.exe
1964	opera-installer-bro.exe
2124	opera-installer-bro.exe
3296	opera-installer-bro.exe

Loads dropped DLL 8 IoCs

pid	Process
716	irsetup.exe
716	irsetup.exe
716	irsetup.exe
3480	irsetup.exe
400	opera-installer-bro.exe
1340	opera-installer-bro.exe
1964	opera-installer-bro.exe
2124	opera-installer-bro.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001afdf-510.dat	upx
behavioral1/files/0x000700000001afdf-511.dat	upx
behavioral1/memory/716-514-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral1/memory/716-848-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral1/memory/716-892-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral1/files/0x000600000001b0fc-898.dat	upx
behavioral1/files/0x000600000001b0fc-897.dat	upx
behavioral1/memory/3480-906-0x0000000000C10000-0x0000000000FF8000-memory.dmp	upx
behavioral1/files/0x000600000001b102-915.dat	upx
behavioral1/files/0x000600000001b102-916.dat	upx
behavioral1/files/0x000600000001b102-921.dat	upx
behavioral1/memory/400-922-0x0000000000FC0000-0x00000000014F8000-memory.dmp	upx
behavioral1/memory/1340-927-0x0000000000FC0000-0x00000000014F8000-memory.dmp	upx
behavioral1/files/0x000600000001b111-936.dat	upx
behavioral1/files/0x000600000001b111-935.dat	upx
behavioral1/files/0x000600000001b111-934.dat	upx
behavioral1/memory/716-937-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral1/memory/1964-948-0x00000000012B0000-0x00000000017E8000-memory.dmp	upx
behavioral1/files/0x000600000001b102-950.dat	upx
behavioral1/memory/2124-978-0x0000000000FC0000-0x00000000014F8000-memory.dmp	upx
behavioral1/memory/3296-979-0x0000000000FC0000-0x00000000014F8000-memory.dmp	upx
behavioral1/files/0x000600000001b102-962.dat	upx
behavioral1/memory/3480-993-0x0000000000C10000-0x0000000000FF8000-memory.dmp	upx
behavioral1/memory/716-1034-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral1/memory/716-2014-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx
behavioral1/memory/3480-2343-0x0000000000C10000-0x0000000000FF8000-memory.dmp	upx
behavioral1/memory/716-2342-0x0000000000DB0000-0x0000000001198000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\F:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262497881705696"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3888	unregmp2.exe
Token: SeCreatePagefilePrivilege	3888	unregmp2.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
716	irsetup.exe
716	irsetup.exe
716	irsetup.exe
716	irsetup.exe
716	irsetup.exe
716	irsetup.exe
3480	irsetup.exe
3480	irsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2956	2264	wmplayer.exe	68
PID 2264 wrote to memory of 2956	2264	wmplayer.exe	68
PID 2264 wrote to memory of 2956	2264	wmplayer.exe	68
PID 2512 wrote to memory of 2980	2512	chrome.exe	69
PID 2512 wrote to memory of 2980	2512	chrome.exe	69
PID 2264 wrote to memory of 3172	2264	wmplayer.exe	70
PID 2264 wrote to memory of 3172	2264	wmplayer.exe	70
PID 2264 wrote to memory of 3172	2264	wmplayer.exe	70
PID 3172 wrote to memory of 3888	3172	unregmp2.exe	71
PID 3172 wrote to memory of 3888	3172	unregmp2.exe	71
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 4980	2512	chrome.exe	74
PID 2512 wrote to memory of 3288	2512	chrome.exe	73
PID 2512 wrote to memory of 3288	2512	chrome.exe	73
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75
PID 2512 wrote to memory of 748	2512	chrome.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Animan Studios Meme.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Animan Studios Meme.mp4"
  2⤵
  PID:2956
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Windows\System32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff842079758,0x7ff842079768,0x7ff842079778
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2648 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:916
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6ba1c7688,0x7ff6ba1c7698,0x7ff6ba1c76a8
    3⤵
    PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4224 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3080 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4364 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5020 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4364 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3236 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Users\Admin\Downloads\TLauncher-2.879-Installer-1.1.0.exe
  "C:\Users\Admin\Downloads\TLauncher-2.879-Installer-1.1.0.exe"
  2⤵
  - Executes dropped EXE
  PID:320
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.879-Installer-1.1.0.exe" "__IRCT:3" "__IRTSS:23652861" "__IRSID:S-1-5-21-1311743041-1167936498-546579926-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:716
  - - C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
      4⤵
      Executes dropped EXE
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1841947" "__IRSID:S-1-5-21-1311743041-1167936498-546579926-1000"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.63 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x6e6f33e0,0x6e6f33f0,0x6e6f33fc
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=400 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230418000409" --session-guid=48694b39-56ec-4c0b-9afd-c84bf3245b64 --server-tracking-blob="NGVjYmNmMGE0ZjJhNWE2YjJiNGEyNDY0Nzg4N2EzMmEzNmZjMTgyZDY0ZjU2MmRlOWQ2NmRhNGI3NWY5YTdhZTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MTc3NjI0Ni43MDg0IiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiI2ZjExZmQ4ZS0yZjNlLTQ3ZWUtOGZkMS02NmZmMTQxZjdlNTMifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C05000000000000
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.63 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6dc033e0,0x6dc033f0,0x6dc033fc
        8⤵
        Executes dropped EXE
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe"
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe" --version
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0xb36c28,0xb36c38,0xb36c44
        8⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
      "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      4⤵
      PID:4140
    - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
        
        "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
        5⤵
        
        PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2396 --field-trial-handle=1744,i,11970549818401252759,1433273894178501411,131072 /prefetch:2
  2⤵
  PID:3668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3336

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
PID:4644
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  PID:2664
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C chcp 437 & wmic qfe get HotFixID
    3⤵
    PID:5028

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
PID:3912
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  PID:2536

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9092b8d9b73149339258e809bf93fa8b /t 3156 /p 3152
1⤵
PID:5508

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5696

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9c259a84e89544cc82d02d3a4c357215 /t 2796 /p 5696
1⤵
PID:408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
1c10382533933d58daeb5dab33a3d842

SHA1
7d070d21b7d5b59ddec3fb597742ebc353277ee3

SHA256
40cdfeb4ab6cb4f94d515ca199a8f3062ca0a6ef59aa345b4789831ef3d832ed

SHA512
f155eb9a021b462bbf0a38f6d7046cf53064ee6ae2d85738699690ede0a67b288672286e42b3af0fdff838223bb05bce9b6c2cde151a03d37488d8771b341420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
07d266eaf384ef9a50aa701ff186dc5c

SHA1
2a1069b3128b1e5ba7be760aec3e9e84de9d0ac4

SHA256
9f8749c8afd3d49939fc87f3c9bd942ef61cae67fb0a0b0077f0ffa19e98af57

SHA512
505205b67ed5c186e9bd8ce75a9264984586a06cd46684cd0265ad08170fe62ace79a83d4fce4f820be2924df836e1ae08c0f32180860b2667c8221cab2adc11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
22b82bb05e43109bec195fdde1e32373

SHA1
60a970ff329a4a5acb906d65a9f52b6026b88752

SHA256
2fda291cf4e4056785b640f37bb055c337882b4c29641b67986feca6e1f8ee7a

SHA512
8d91f1da32b9a2f11f2fbf558f5d8582cd3cf9a89a607bb736e635a941048f7f94e57575d13bbf32d2eff23168799375402907ae80933ed006ebfcd6848e6319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0855d713b4df10ef002d67b89c9e1944

SHA1
04d6993b81454184c160415b049a11c1d17c82be

SHA256
6ae2e2afab3dea4eac9ae319465ea9c7d3527af0cbc6f369a6399d380b8659c7

SHA512
8329e665fe39a2a9f721d8d060e306a6b1ca0bf387c0d00b604f25d560a0690ec0fe0b67247297940019903c221381f1b3286a5ecc3227c21b2c6f59ef527529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e408592fc25de41e20cfe144bd6e2181

SHA1
27562f56050e73fda0269964e2548e69daebdf7d

SHA256
660a08cbe8842522163d0a03ac3ca968c4f503c5853667ddf03c310d749b2335

SHA512
a897cd7c46fe0fa5f9d819cb7f710d6f86acf5fe27e74807cb3e2ed7f6096b9ba8d3e61a6743062b621c78735cb03c0332f4589208c274bca200d48af2feb3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a697de8aa20600cd4b5a8fb25a600ee4

SHA1
e095860a3cf48fd6bf1eabc7018f75f5bb31a277

SHA256
f7d6d73b0f3cbebae8357945fb4c69bfb97bcd0d344d44957675af2b61f9fa7d

SHA512
def40241ba2e343992b7fe6d7fd0007fa724a1cc265b5f67b12497cd7b6eb9341ced15ae494f9cbc46aca5ebb3f8607a9fae8769c3cbd4f24f6244ef0d941b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9f66e1a527a0e56d6afafd9252ad1fc8

SHA1
e59c1f43f4efc487e911143f2dcae5d0660c2348

SHA256
d86b9050b5f6697eb0bf22f669b107edc70369394852ec880822fbe8e2b7e64d

SHA512
f6e8c2bdb30373d368ec9b032474cec46f03fd4c7c33b04437e6195752043410f8519c773f8eb367365088fe15f8d550e3061d587b302c62c2d9abd4d6d00969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d163d5020718832d3f72b0125e27ea75

SHA1
9e7d97f1b2137b2131be198c23d9791133138d44

SHA256
83a4e216ebdcfea01aaf2c69ad2e16df59944ffcff5ed0e53fc44c5b1392c88d

SHA512
44e160eb6e612ed17bab9eca5ff8090642a84f2d42d98b7b480c902b94828facb8f8a9312dbadd3742cea7f8250b82741adff1a593ae49978a25eace60a774fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
048f5f2e29f97f6d4ce0886ccbe95246

SHA1
b096bd4d6e1221d0d4eb8eb005a647891cd7c86b

SHA256
317ef5a865c61fa26db20b3f8c6984811306e70e1f83f170ea5696b0abde18e2

SHA512
a2d53346f476f14cd693b988910a5ed2faa19d84fa12950596f834a223798945ee54a3ff5f4b57c7b05947a0b005ff2950725545b2516e54d564c3fd1d52d43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54f857846b768d8eb64739df24dfe1b3

SHA1
7b04772c31a54acd738090fb9fb20cc6deba01ab

SHA256
3a1e98993a08800924a18e5a0927c64ee6b867502075a2cb8641b1864996b290

SHA512
439acaf7f72bedd0af6689c57325af5e55ff1b499004655a03340f1890cf4e6a333a105121ce8218a35a9732d37b4e48664995b05329b14a55ccefedbb129390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd3676f8d96829ee9e66380378c57ed8

SHA1
172fb13b7ad557213d61058949aa617b60b7fc6a

SHA256
444c0d3a7265e3efd29633f1172d80566a1be74b5ea815d48ec642b7314e5f67

SHA512
1e7e296c8c91455c0770abb50c5f323cd2fd86e48806f74a6cfac06237a3342a7af4f6de42778f42eaab84f43ee74bd22d0f377d308988cbbc8aaa5901c4347e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c2bb2532-7534-4571-87f4-dff274e9ace3.tmp

Filesize
1KB

MD5
a86f65b2f7bebeb6d0017965f71c9568

SHA1
122b8a5251e23e946b713e6285ea1e5ec9426b7f

SHA256
9d856e8d6d51b2d56dccf6ab1f7d5f9f689510de3221a974bb93c39c74a77b4b

SHA512
98cf36a4161b6092a388b4b60d58f8a478db970431a18b92caef8580d88911bf45231a7eebc69e356829fc6f744b8d09651f2b37c2e740dc28726a3483be3d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
642e464ce6e24b3805913ac531b11805

SHA1
c3e2d43a5b9a9fa487c7ce26daf5cb746d8a460c

SHA256
c38b6eafd0df133e8be49dd0d19487258d759db3cc88e79e78ca07b6316c26d3

SHA512
757cb66fc44d7d2336ad971e53199d60b6ba7129d3a5d843cc0182d68b87b76ed1e760e3c4bffc39f85645ab5dbb4faefe2bd9ac469836cd774568b021b94d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0a158ee8723a16f516e0b2695ad7ef8

SHA1
314a204e9b42ae93468124abbed29db18cd10ad6

SHA256
f021f89d25482f9dbb2908c8bbb0026c3fca768c55ea2e9a4b6debba3139afc9

SHA512
f7d6fe8f5c944e8783fd76fedb4b4e794b78790f7aa2c7e733448016011406fc800067bdf3156926b38194137a68deb1a6a363bfa72f717bed3dc1d63c6f9854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd2914011b4fdd9f45760d4c6f894800

SHA1
1603e5593bf7e38e3f73f9cfcf986fddc5052091

SHA256
e5284378f12f636166e1eccc1a6ee9f29bb6c4566addbae5bed1a8ac0ae6d113

SHA512
5954652f8e79c970673630b6ff71863a1669c90e1ef17d6e4ee23d6e122e8328a396c6b5d6edfe84920823015b39eb9b601702e135ce40a7c4cd92a658db0935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91426d9b7284090299e205ef9ef1772b

SHA1
97e10e49aa3cc0fc57ab7f96285e48533d87d2ac

SHA256
b47efc60787756c87ad566b2c02cf2856bf362be6d25fbb251fbdadea7a57cc5

SHA512
27385aeed8294c137ef4cf9e8cbda7a9a070af3e2bbcc19d79b8d85c27709b57e00b2e2229bca41f5ac4a2d12f118fcd6442b6c8c2bb0b58a0ef68944f4fb6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0e866e0967c97a23e6a11961891c3f4

SHA1
01a69e123d0bed010d3f7b29a550071ba59df443

SHA256
1f0a44623ae1142b470b35ff14709b775cbaf2b4a0393f5b2bb4a3b18205f904

SHA512
9b773a00f671a918208773399b500e61b35b6d57a981445fd0758db993f759c00146a5d831235de0faf77d1375c33df91506f24457b56cd8a177098a6ae9862a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
aa789c51a077473726d76ca79546da45

SHA1
ad78e5ccfc87bd55867b1e89ca3f214a884d4c79

SHA256
956e925461c0a89f8d84b9423f22c005a886f8061385137cbb36c41ca8365938

SHA512
59d6eee1a066310312e88f4aa5175a64159da7fc3ae971a64ea7643257881ad12e14881a801ec91b8c0301a4c3e87f4b48356864daf2d66a72c6cce11ec5cf21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
5fd7ab33e468f962c37cf8aae4c9b99a

SHA1
e32178c089b0bfbafb09eaf06302e4a86865d176

SHA256
664b46163cf8af16af842a5f5c9a6625a2dae0f03883c1907117959256ad8748

SHA512
b2ffde8c69b145868d74e49f488194c12cb07a7b29e63884755de130c6075ac3fcf179f831dbdb629a569b7857e6faf6bcc056ff1e2a2ff322a5e7f7a846ad5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe577c15.TMP

Filesize
95KB

MD5
5fa7a3a9eca120ff1b5b61240e0d318f

SHA1
3034d9e9e74f7161b0a1cdad90f165575bafb23e

SHA256
3f99066c028f447f543bb5492a5592c0d167aa4b66d9ace7ac06f8e967972249

SHA512
68a6115cefb6d7e388be0cf9ea8eac88cf99d7707f87a89db77d9b8c4418946f7df3b6aafa629802d63e3e5489197a84d6b6d6cecf76b9ec791db7863955ba86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
c1f92b19d23bd7a1ff0977a4c69e1378

SHA1
f0d3ec52325e8171fa0c954df155ae6517b9b71e

SHA256
51de6c922bf0eab19abbf190666c5fcb983a6364845360174bb98acccd89f0fb

SHA512
6cabb2af0234ab34b372af9debb0146d4e8162565a78afab205043413b667151d1083143a2fec9a8572e000e85b625f6d3d971fffbead5b71a4dc89cf6a805c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe

Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe

Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe

Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
2f3d9e21e232b9bfea064d3b2264db06

SHA1
bafddc657d8d1bb531683b29b0342cc065ee51d2

SHA256
25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d

SHA512
94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
2f3d9e21e232b9bfea064d3b2264db06

SHA1
bafddc657d8d1bb531683b29b0342cc065ee51d2

SHA256
25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d

SHA512
94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
2f3d9e21e232b9bfea064d3b2264db06

SHA1
bafddc657d8d1bb531683b29b0342cc065ee51d2

SHA256
25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d

SHA512
94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304180004091\opera_package

Filesize
89.4MB

MD5
c6735cc32afff2727b6ea386243b7c4a

SHA1
2745341cb2da9194e8db834d98aa58e9121df7d8

SHA256
05f443431f03df5610953680aed2e08b888879d6c3e79ed969b2ebb89380b94b

SHA512
f83a092dc9d598044e6cbbc9fec5a09540ee3d049441c33d66c0122494a93a0ea2a8a28777fd0fb8897665ecc306b5d76fdc14b0fb9e879f48ca1c4f68ded7b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304180004062961340.dll

Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

Filesize
339B

MD5
a45137507477ea159a4c0481fadbdde8

SHA1
772e535525cd41abb781167334f923f1127f6d24

SHA256
fcc6693f94f87dbb9f03bd664f029db87257c79ac9a974d2caadc790f20ea67a

SHA512
393a8d9387b388524fbf7bc8387d521c830e7d384aabe278251cb4fa1291d32e2875c464a01f93670259bc2009d69507b632a692d43244f3eb7551414c9d635a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

Filesize
644B

MD5
f54bbaadafacf2ed607c2b44e76bd5f2

SHA1
e6e313e86b0adb771643dc9aa465652646d83329

SHA256
2dcd3efb7e14a1439973b066c810eb3187cb851a7d01b2a03376d978b6b0d927

SHA512
1d7f940d290c3c7eca12739f7e4753901a1d070ca9f43171b4fe25530ba48b3b376c16b125a32d6e701d63d576ef829824472bcac99e568784543bfc4c50b732

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG

Filesize
40KB

MD5
4f71465fa9fcc2f321a1e934f214ac33

SHA1
38c9f15f23e4e5158b04c2eee54d0fcc8104405a

SHA256
ea29ba222b5c2c2f13a71314ae449fca748e96343a6d1520140a9534df57cda0

SHA512
6f151ae73b3ef807a3397cdb57820a839f77923320951bfef09c0efcab84e3fbfbe02dfe71e912b7d1b36ea78bf70c254a0015227fa5dbf861f40551fd0e1645

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG

Filesize
1KB

MD5
f785bd0f38d4132c404ab3233bb1766b

SHA1
7c8f01921d026646289d92d4e08529482f2dd881

SHA256
4ddf6c789a700dbbca5c405f6b9625e2dee8d6e279f8629eb1e451e5040fbd0e

SHA512
45f806a91993918177e838ac21bf59f37e2000aeefa191d0b538e156165eac82309cc0c67b5379bdaa7f7bbbc97ae25ffd741a6c35c07377a893721442811573

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG

Filesize
2KB

MD5
c70b569d43f5e00ee3dd81530899f191

SHA1
38b7f73c29d9d355625bf7dcc611d657c263dbc4

SHA256
778c8b5a8e7422ce84f4113fc1cbd90204f3b3c0b3bb8545b3fe68003525e9e8

SHA512
f0aafa93ffd1edb8764f7e435fa982b0eb596b1962472dcefac26731382c58d44306e876f04675146595a1e7ee6ae8170e2fa01ed0fca075e36a9749709f4df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG

Filesize
1KB

MD5
362d3183b2acc152c99ec123611f3297

SHA1
3db69a12917cb11a14fb9294d73c5409fe11a398

SHA256
8ae66727c5c92ca76a131aa104cc126858e8e3ed490ae08482109dfedd9a8cda

SHA512
2c7f40564479d1fe90cb59b4b413e8bf9a5bb7cd2f94193f8759e376549c0269afce030df7d306b4cd814f604ad460d744fb00d961f6d2608a4ecb6b186a4f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
01e097a324673878a3cb5e8e0f3cf152

SHA1
35ef5c438eca9672c7ee19bcde3952f83dc77928

SHA256
d8d0719a20d267a73d298d2ec1fbc050fe2ce25447c7441058ea3966acfbbb22

SHA512
e873763e96b3a52fe73f3fc9b3bcfd764c807c0206b5984d5f7dddd7debec4e6f0b6705ca6a7c6379b83c2fea792d7a16880ea109469ac1af41cc7bdb5f96e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
d88e18e2a020a756a8de999b76e7b1fd

SHA1
150f801600b9427039197847aaac784f8ba15258

SHA256
38b8f2202a5e48a8f528708922f504379896ef52b3882ce82efc3481c51804bb

SHA512
d048a569d155aa4636f25ed2963fd5e2234643735ad461df3ad3201cbe152b646c2893557a236fa9683aa3cb07351fa79b9e5788f631442e5142cab0bc98654a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG45.PNG

Filesize
438B

MD5
87221bf8c9222a1489e949e4266a2980

SHA1
60c9d850f696e56b53dc3f940f52463d228febf2

SHA256
8d6e1d814dd38525115ee5d77e2d2ae6df8be31562a3c6805012097d6625efc4

SHA512
fa7ba5edb212a0ad70de123b1eabebd8d4cf5e2e3f59841330923c91d6ce6d8a0bbbf0176a8215a183ea860ae5286a4205b73f70df4d032cfd6c03109d1e433c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

Filesize
43KB

MD5
16c0e37cb0c5540fd9f93a8d82d94e52

SHA1
52d5aabf804381b47d13a358d80256c4088eec21

SHA256
2b772e66ebc70c93deb0b9a9e054373ee33d9245809e16174b1f132f786a063f

SHA512
dd54308739f9621f5fe707c69f24657431fd58b46e357a79d25c3d8e96d3b2914ce19d94beeee0bbd32311737670f06b01c364f0c7d70625a4246da64c29b0af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

Filesize
1KB

MD5
a7a8625948d61d814dbb29225e04f908

SHA1
16bc91a8bb3c22cf78447644a32010ad869eaf99

SHA256
61979f700f77d187c8647cba3bee95ca4a70e187bbb76323f4055385dd8879d5

SHA512
04b0bb58095a6e8f1d29203f21eee99fd837494b74736e91e5e304eb3dc3ccb32796b6959361ede965731b76607a53b0f9d211cb4b3d94b25ea34898e760d295

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
114KB

MD5
bd5626a0237933e0f1dccf10e7c9fbd6

SHA1
10c47d382d4f44d8d44efaa203501749e42c6d50

SHA256
7dfc1176d8a507135140b23a0c014093b7e2673f0f3e5727c3d85df4e7323762

SHA512
1fd864a5386580cf8bbafbacb12a043ef51948b729b9aedfe6dc81e6c2948a100526c7c600069f22454d550f7f736ad3045a930cc2ef97458dc1d6c782928087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
eee38fbb9c426cb84fd428ce541feb6f

SHA1
42cb4e2fc5886a0d26c0a94e733f605c872816c8

SHA256
43a49d333c4b401de512123e895ff168aae73fe0851e23d914850506e7b793a4

SHA512
6b594cc81bec9631a3400f3f52141db7927b919411cad4c0cbab419b9e76a49f8cd8d2c6300ddf11f2a5d550165658b2d158ad755c12128087863edcdbf7c36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
635B

MD5
343396db82a01995e264a6f12c1f5105

SHA1
f3c71ecc4baaa7844174d645cbb0a795e8e89456

SHA256
8b966c3b664da53a7fd678278bb0b808da0312c8cc6749c84827f9d1087b14f9

SHA512
ec4eea97b6083d7ca420d86be06a9176d8d52887ed4c0b61949c906241594f1c5417df4716e51d77e6ec1895e6331806c1648aaf35efc434dc5fe2420461caf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
4d4b854b4c4c2227bde57dc46ec66fbf

SHA1
e6a8d055630eafe9821ad98a717cd56819d2016f

SHA256
4883e116ce57eb11154bf95c737fa11f88e824336fbcae648f5a7c32a3da6e79

SHA512
dfe9e6acc5a5c413f0dd065ab17c37a21c1c791cd6052bcb3695f2453b0f46f1c473b1b66a66e8593245ba0e9ca813b674872498af9f78239d7440d9c67f894c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

Filesize
1KB

MD5
58c10711ee61290c5e53d6c235d14c7f

SHA1
6cd433f1d5224b7441efecfef8e0982bbda4415b

SHA256
2d8d51d2405fd3534f5fce5ffea5b9a100ce4aacf35caa7d165c7c6672949b35

SHA512
b895b6f07fefc06695cb521fa923534c8ef99312ab6c27295c86de29fc1bdb09e3ba17cd4aea75f8dd9cf7e1a3c4494a6ef960eadcb209eecb1b623d70c367f0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

Filesize
45KB

MD5
32b9a83f00af4123b811eb6a85ee7971

SHA1
a1e6bdfe76e6103aca76bd21ce60c0b48e4de570

SHA256
a39a8cb1d54a2036257211b6364f84caf033fccf3394e9f890434563770e594d

SHA512
eb272c6dbaa3e59887cfdfd21dba5e2abc56a12beeda55ba091aa9b02da71af5ce11c0f7af4fb34f58da9836f91d787e26ab9f898b8669c861e9bacee973ca9f

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

Filesize
352B

MD5
034eab9a50571cbab86294322e639886

SHA1
cae94b8cfe3ecce8e750d6fd34d54e766ea607aa

SHA256
449d678cc9a235d42a5a2f4e685536d9af87c6b5fc022f28dba32b08b4e88ee1

SHA512
b364c0cbb38bfb35e3c2d29705df72a8ce7dc111f04ebc05eceec4294987f18200581a31b78a79b05da890b5358e5463d1640d2230a8af930804efa3d4da42b0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG

Filesize
206B

MD5
bc193c9f3fd0730341d2ba951f734652

SHA1
ebe3f410cf0bf5f30fe36b1c1df96fa27e73b01f

SHA256
e9137bc2fefbd9a3c4506708f283fe52c40b00b35c2677fc31e196b305b00e67

SHA512
355cb9a7ba6e2a77a51339bfa732537bc77d36da372fe926f1e4bf25de865b09c98122d9559f5ec234b41a83cb97de4fd49427a9476169653ac6058912261c1e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

Filesize
1KB

MD5
9eb36caea38bf80ed9fa40a3f67597b7

SHA1
3c23e2e30119f6dd321d34a82a339d52723bfacc

SHA256
6be2e43a38969226e1cbb00605cdac634d0de3e82ce605b08dcf1cf596f64370

SHA512
22b57fc57d45ec73865e5429210d6016d2bab0cd990877c8272b4fc6ded8effe3bfa0c9b0890d7b0de8296e6bc3c262f29637b8ce7840efba2f963e70a978e53

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

Filesize
1KB

MD5
23e26969753c07af68f232cdd684c003

SHA1
f14666db750cc2f89ccdd8852b4259fcfa663271

SHA256
17f138eea95423738d2c9b75834b607c671cb2ac4d71c9aecf100a8b847003d2

SHA512
7c57a6309da9ae381073e005d374b9c8a82c7b4e92322b91433009d41f8f34655ed9d45958ab1743023faa9e7aa0c82a05d9292b078efccb64c19992b7e4d4d2

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

Filesize
41KB

MD5
7aae2de61d5e6296c00fde67046dfaeb

SHA1
87a65e99d520045c39997b53c6a0aa08cec35e57

SHA256
07b11e82a30598438ac4221d6c8796739c42c2a596365464f257481a37fa00c6

SHA512
c5ebaf43ffc19a1a3b2f49e070ea1d5532ae433c3bcd02493e31bd3389b6c3edfb1e04373902fbd252eb7370612dd96c3d36eb3fac8240111f57020ab99fa882

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

Filesize
1KB

MD5
0bde2ca44cd4e4e31c5c0364c66eb57b

SHA1
8496e4a8dcea6e42af33b503dc200d4a1ef07101

SHA256
38031284395ba7a773a335a861536b487bbf60b81496424b8a9a8a6697a919de

SHA512
4e60f45022b0c6739db94097401f6046e5f95b26dca71e685db834338451b7ea0b3ed3afc128d564c3f79074905b7986714f75925c41f763eda6b901875af555

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
7KB

MD5
f0bf0d81c150a6ddbbd7a90647c86a29

SHA1
3fb09dacfc01783636a3e9cbb470952ed2b1361d

SHA256
6e85cb185b8981361c6dca2cce34804d69a925fc3db036b4b26bca1847a416f8

SHA512
e669459d88e03e97a8d193e2582edce669920aadbdb8c55b1f9bf4467959bbca0eb7fbfccd12964820720062bb4a66e2e1657f2878b1f4df889f808ca58a5010

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
28KB

MD5
f10b9a94ea39206c71d6fcdac035a6ae

SHA1
3fa5155b3b353eca7fa0110670d16150252ab034

SHA256
04a77b62afa5da3cec226ed6287a4c96959f58f13d837e5c5496dfeb8113d78b

SHA512
6e38de842cfabcc6272e790ad9a91ecf8ab881a9e1f2079157e5667710c748ef141fed651a2c640a9c8a7f9d5129913295d8050328647d2a897f0e8fd1633b65

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
fe105de091976d89218cc425dbb862fe

SHA1
f85221d7b13e6b59e726c2b005f4eb70d9778c55

SHA256
bf75265cf4278f17ac03ed2a497e5ee00072e9242b4f78408c85ded137563fb7

SHA512
4d3bfd2d37e1e8c45401d71ea2bb2bbc1e15d0ffc348acbfada40cc337766d14facdf654e741e5841677bae7cee21f087625a4dc168a53fa08b7924fa7c7cc22

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
fe105de091976d89218cc425dbb862fe

SHA1
f85221d7b13e6b59e726c2b005f4eb70d9778c55

SHA256
bf75265cf4278f17ac03ed2a497e5ee00072e9242b4f78408c85ded137563fb7

SHA512
4d3bfd2d37e1e8c45401d71ea2bb2bbc1e15d0ffc348acbfada40cc337766d14facdf654e741e5841677bae7cee21f087625a4dc168a53fa08b7924fa7c7cc22

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
fe105de091976d89218cc425dbb862fe

SHA1
f85221d7b13e6b59e726c2b005f4eb70d9778c55

SHA256
bf75265cf4278f17ac03ed2a497e5ee00072e9242b4f78408c85ded137563fb7

SHA512
4d3bfd2d37e1e8c45401d71ea2bb2bbc1e15d0ffc348acbfada40cc337766d14facdf654e741e5841677bae7cee21f087625a4dc168a53fa08b7924fa7c7cc22

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.879-Installer-1.1.0.exe

Filesize
22.6MB

MD5
601b94e3b018e39e0da90881fe89156d

SHA1
dc5340d6e1cb98c6ae2fa6882a4c7284e990705b

SHA256
845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

SHA512
493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.879-Installer-1.1.0.exe

Filesize
22.6MB

MD5
601b94e3b018e39e0da90881fe89156d

SHA1
dc5340d6e1cb98c6ae2fa6882a4c7284e990705b

SHA256
845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

SHA512
493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.879-Installer-1.1.0.exe

Filesize
22.6MB

MD5
601b94e3b018e39e0da90881fe89156d

SHA1
dc5340d6e1cb98c6ae2fa6882a4c7284e990705b

SHA256
845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

SHA512
493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230418000405948400.dll

Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304180004062961340.dll

Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304180004094721964.dll

Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304180004098972124.dll

Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304180004108343296.dll

Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
memory/400-922-0x0000000000FC0000-0x00000000014F8000-memory.dmp

Filesize
5.2MB

Download
memory/716-810-0x0000000005FB0000-0x0000000005FB3000-memory.dmp

Filesize
12KB

Download
memory/716-2342-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/716-514-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/716-1034-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/716-848-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/716-849-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/716-2014-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/716-809-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/716-2020-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/716-937-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/716-943-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/716-892-0x0000000000DB0000-0x0000000001198000-memory.dmp

Filesize
3.9MB

Download
memory/1340-927-0x0000000000FC0000-0x00000000014F8000-memory.dmp

Filesize
5.2MB

Download
memory/1964-2006-0x00000000012B0000-0x00000000017E8000-memory.dmp

Filesize
5.2MB

Download
memory/1964-948-0x00000000012B0000-0x00000000017E8000-memory.dmp

Filesize
5.2MB

Download
memory/2124-978-0x0000000000FC0000-0x00000000014F8000-memory.dmp

Filesize
5.2MB

Download
memory/2664-2461-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/2664-2456-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/2664-2441-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/3296-979-0x0000000000FC0000-0x00000000014F8000-memory.dmp

Filesize
5.2MB

Download
memory/3480-2343-0x0000000000C10000-0x0000000000FF8000-memory.dmp

Filesize
3.9MB

Download
memory/3480-993-0x0000000000C10000-0x0000000000FF8000-memory.dmp

Filesize
3.9MB

Download
memory/3480-906-0x0000000000C10000-0x0000000000FF8000-memory.dmp

Filesize
3.9MB

Download
memory/3912-2436-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4140-2334-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4644-2415-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5600-2405-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/5600-2358-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/5600-2383-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download