Malware Analysis Report

2025-08-10 12:05

Sample ID 240222-y5h3nsfb57
Target TLauncher-2.899-Installer-1.1.5 (1).exe
SHA256 0b1b9037233b62a601b31def961ed5a43773b7407d864c7ad40da9ab9ab91b71
Tags
discovery upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0b1b9037233b62a601b31def961ed5a43773b7407d864c7ad40da9ab9ab91b71

Threat Level: Likely malicious

The file TLauncher-2.899-Installer-1.1.5 (1).exe was found to be: Likely malicious.

Malicious Activity Summary

discovery upx

Downloads MZ/PE file

Loads dropped DLL

UPX packed file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:22

Reported

2024-02-22 20:24

Platform

win7-20240221-en

Max time kernel

86s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1640 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1628 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 2640 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1628 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
PID 1628 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
PID 1628 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
PID 1628 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
PID 2104 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe
PID 2104 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe
PID 2104 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe" "__IRCT:3" "__IRTSS:26073958" "__IRSID:S-1-5-21-330940541-141609230-1670313778-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1841988" "__IRSID:S-1-5-21-330940541-141609230-1670313778-1000"

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe" "STATIC=1"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding C117A40ECFA7E1DC7669A732C05E2452

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\259539237.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.64.88:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.64.88:443 tlauncher.org tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 23.204.232.117:80 javadl.oracle.com tcp
GB 23.204.232.117:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.37.0.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.84.88.195:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 bba68732fb535f542f19acd46af00ddf
SHA1 501b7058ce18858a22f6ce198dfc34fff832872d
SHA256 da4577994a0653b6eccea81ecd078397f2088935d24dde5d8de30fbf178dd0e3
SHA512 36b3d68b7163b7be4a12cc9b6fed2136300c8fdc4941e00b42faffe94f40436d104788808d4fcccfb7340e3b4a4bc4740bd66dab840260461a8ecc7785fe43b6

memory/1640-6-0x0000000002E50000-0x0000000003238000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 217d1bc2ab47c7c7d1205ea3fb03375f
SHA1 645c008b078bb623e4aea8732b4594e66fa4f2ed
SHA256 d8d3a1e9b3b088b7c95a3b144ae563e9305de9055f9fa257ab7bd7ee5e03bc24
SHA512 8d9fd459c84273deeaeb3bd5c56530157d600894ac2791528d1f5c9eb2bef22439b5c81b71db02df600ae56f6b223412c454aa4b77f76877bc2fcb9cd76bede9

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 2e82f2825e499131f1ac9a0ac9c394f3
SHA1 52a1f11d8a719142a10d60fdc94ecf01bbe130b0
SHA256 e0eaa7b2ce8d21edc4c4bdfa54e07af8471983952b4bf4648429139c6720f366
SHA512 f10e2a43067c3140dfe3c3b141d37c2255df267bdc9db176588acfee679f694715a5952d9349a783ac1afbf37a01c4cb6a3be78a65704bfde48e148916139252

memory/1640-15-0x0000000002E50000-0x0000000003238000-memory.dmp

memory/1640-16-0x0000000002E50000-0x0000000003238000-memory.dmp

memory/1640-18-0x0000000002E50000-0x0000000003238000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/1628-21-0x0000000001090000-0x0000000001478000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/1628-273-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1628-275-0x00000000003C0000-0x00000000003C3000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\CabD80A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarD8C8.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

memory/1628-304-0x0000000001090000-0x0000000001478000-memory.dmp

memory/1628-305-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 cb50d496ae05fa1c8bfbcb3b7f910bfe
SHA1 3ec4d77b73c4d7e9858b11224314e99d082497a8
SHA256 7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34
SHA512 22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

memory/1628-354-0x0000000001090000-0x0000000001478000-memory.dmp

memory/1628-355-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

MD5 45ee4bb308bde05d4a114960fae2b9b8
SHA1 4c33fc5e4543ba014133f6d98e7c15fa7c562565
SHA256 53658222455fc8320207c6d00597586462d1ddafd80a5b07eb1dfd114f17d1b6
SHA512 de441586f1e8da32e3c5afcd779e6f8a01c29ca904db3e6db04b49335753067a4d0142beb2828af33152d09458937cefb8b4be951cc57e9d12f736b76580d360

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

MD5 fd067308f6ecdda0ac1f8c6c3db13073
SHA1 9f5e3d184ef9decadeaad47c92f7d89fa25e6221
SHA256 e71fdeb30be88572674bf52b8caf9076c01e55a40ebd027c28849280a979a959
SHA512 fcfd0467df08958c7a4ac0603852a0433a3f2c762010c2ce7a03cfc42a8d7642c20f011131da80ea86812b49fc6ed4323c9edbfa4c7c0e5109974217bbf1f8bd

memory/1628-376-0x0000000001090000-0x0000000001478000-memory.dmp

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 7b0669f2b325746319cfe0559b88a159
SHA1 a8d84b1ec8c76bc3a5941cd6844ad557f9d98588
SHA256 b1099eee7afe3b0cf4d22d80dd54e2370d0f247218cd551e30314922e8bc8357
SHA512 141e2a43a4a4e4576e79b9bdbb9d2612b143b9ad88cc922a6a1d761d35c840807004f15944a6cc92c4d34eae7c3dc9e8b4f44df8d30a9bf81af40eb2f331a3e0

memory/1628-381-0x00000000050B0000-0x00000000050C0000-memory.dmp

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 1ea3d1dde8b04f32592e1ed10a4ccc53
SHA1 5460b90c1007818fddd5ae739df70b680b47c48d
SHA256 e8b3241428806ad777540c1d9d12f406530246ac3b71a79c0b65c9b049e58a6f
SHA512 cb9d9092d485c5c8e4f013e0ee0d706b28dcb31eb9aed75477862441ae56a7b7d44df664d90d4b17f0102adb008de6f573c70768d5315303ce5912b80c9f13b3

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 1941039e03fb7fdabe8e68e92e164357
SHA1 a3ed4d2f1e5befe511664dc2b78cdc42d8368cf2
SHA256 2577c4c914b51d14a822f5af7fdd9c41ce2111eb785457bb350faa78ddb76785
SHA512 68039ae40a9aca13d078f69b7e3700f69f73a208bf3c75903634466bf620a39e1c6270fed7ea9ad0f539f2dd120b841fbe0bc69ac3d7d3ec4ae239e755aeb620

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 0734da0e20048f3a463a21c9772a0714
SHA1 5ba51be79adaa1a2186929e11c97b55bca90a69b
SHA256 c4332c0e66a1b0101273cc7bee15d2b1b66aa9983f8d1f59ddf08096cdf1b3b7
SHA512 2a9b32e4350b5cc1b7dc74394c3012457b16257ae30cc8c8e8fd3b6401db7eaeb9e94c0f9709e8f36d7514ac68ced81afd8c756fe710a7074db5d71ede3229bd

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 532e9238ddac3f3e97462d3e710c5625
SHA1 fd04f644a9c848d7a761d424eff75b80fc9f0463
SHA256 cdee0e36ac38af7149e2ef3220ea8f08136bb1ad853a74df4ae8b0a08cfb8736
SHA512 66aacd24bca49c5f6dfd4f2436f9cb6f4bd720895d07daf11f3358c47258567430b226814d8f28a01df5d1ae40d7ae12250f8323373dd25095a38793a001571e

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 85f2f472b26da4a79c16d7d71fb8c532
SHA1 7c80863a87a2c071ae1ea0f397626da34c7cc900
SHA256 dc41c22bb049a8817d51b91bb388669c46b3e9281a734037fec2f3a6a81cbd40
SHA512 afd75acf74edd394f370ffb656888f2f0687c0b454b2839e28b46673b020ae8c073d62085a78b5030454889dd0c87dfc333843e58cb00cf7e95e6cf52a8b5f76

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

MD5 e03bd571cc5d6ee141d605b551c159df
SHA1 514ed140a60de87dee350eea098e6eaab48e0011
SHA256 af8531e28dbaf03f838592c535495f564c9254e981a411e01fd2ffdc22cc3bb2
SHA512 64ebae57ee5d093521d162defbd823d65a8fa3676e27dad7b0606bce34ad76ea1c88154451dc1da83a4b40cb571ba2b34377a4efb40280a73426a6bc6bbad969

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 ce601201a462ae8a859679229138d5f2
SHA1 6553d62b8ccc3448d3032157630c656245496f43
SHA256 83eabc1c8d55c90aba2606783151395c1e41d1c9e8617cf40e0554dc74e6791b
SHA512 2211aa4bebd82115a946f8b0a402cde8e18ffb153d1c2ca755d04cd0a86a94885a235d3191741567e6fedcf452d62ef9bd6fc7233ec86191d05c20168f8528d7

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 b4e31eb1262cb6994134cdb57633c9b7
SHA1 07ddab1613f9a173261846bc8e180acec40a7896
SHA256 aaffbc1a0b7b2656598645cbf1b416f9f48569213620e1935c8619a81bc30d80
SHA512 4b5191e6eee0fc00e75880c63617b81ff89f35ad506095f098a134b7db97ff93e33ba2e3549876bdeff843f2e46739d0e29b6647bd4e4eebbf0a06513c7188f4

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 ca7c8fa4dff12bca74b381fb391f2d07
SHA1 0fef5ecd084deecccbaa7c56f95d6a17ec00bab9
SHA256 95ca5fb4f59ee2fbff2aab84f27a76226b83953873f271949962d663304e164e
SHA512 764c43e13c5e1d74a29d70a0f57434e4b7754713f33e0902475ee05256ea064b3294b492bb409152ddd3502a090fff88433ed2e1208a03d7e5e1850c563d91a6

memory/2640-424-0x0000000002C30000-0x0000000003018000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 9d40639f2b97580ebbf6bc8d13e66868
SHA1 c05861c7d4600a61f911d94f9b2c3b712d3ac9a3
SHA256 d50613356cda25aa314762ea0e01ccd1e9107ce63bc6ff6d3a89121c6a8035cf
SHA512 927fa9b1b6c8b0b3c437eb31050fffec3f0507c8d7ecc9e1f34c36c8780d5b64202cb81f4f515ff6d3cc9a5f18327515dff0424cc490b106ac472c8813a06a31

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 4f7d69a655841eaa03e1a6a437d1894f
SHA1 f8e3386712c6705073c417d8525a648ed4148dd9
SHA256 2a4167322c387ce0736ff98edc3e37e7c3e5d1ef75f66ac651cbd1fa98cbda63
SHA512 3f7ef48f3a17050231dfa995a2872d1c96b5e39cdf9ae8345bc36dd148afe0b11dcf993189ba87d0fcc325e68402e5a22bea6116397d436eb22dedc1cda421f2

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 48e9315b5ea5890cef8394ab8a09d217
SHA1 f9dfcf10a4165b49ddc46ffc6f60e70abda11a60
SHA256 33c6bf184bae734ae4a7b8cf1981175dfcc49f3eb896108515e376d71d676f4f
SHA512 87a4539aed9cad0219c058284537c836f4bb25ae2c23758b3a1102f9e91583f5f7d52e6576ec847ab735f875c2ea26a10b8075d08662f28ec5f04184281086b8

memory/2640-425-0x0000000002C30000-0x0000000003018000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 8618ae72bc5f06812c1b0fc9d724e06f
SHA1 1581707a5565115ebff8adcebbc92a71d1e044fe
SHA256 beec201d835e5700d6a992fa629ddeba718cbb73d65f1091adadb9ac568cc986
SHA512 69b8c0e1acc5f5001246c18dfef0ad4e5b812a01b525c6c6b79889d3277f0112afcd2476ee8aa84008222e99493c7312b3b926d03ca9b29be8f9b57de83b9f9e

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 8da1e586eb34434c838d28716935d1f6
SHA1 c66646807c3a9449bd72a797804e6191342a7f32
SHA256 d21790f7386821db77b9e6c85cc9a156e25d53d27de13094d2db3cec4bc8285f
SHA512 754a9ed5931702a4a7e12a6bbbee428d329fbfedf0cecfc60a8acfbb4adb6129f27b36ffda3759adab3527ca5a97730b6b04a12cd7a3117c3e130af9f871aa84

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 703e7395f6b0b184d04b29b702daf8cb
SHA1 9f5f5c3ba108bcaf4fce6c5217318a9f48fedf63
SHA256 2967489a7d29bb1a0fe8046a77380830fb0fcd07f1bb454fdbd5741d2b75388d
SHA512 c4b3e88868a5a9e5d6f09b198913fe34087b6f1cc125c3c0b2ac047f745e28b2336b8675299a901de59f2d48ba9ed44a34b6fccd6c52653eb45998c7a3515514

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 308a0e3b80abbdbaebc78a18c93c7afd
SHA1 14569a6f929dc7eb0fa925a04356c3e21ceaad2d
SHA256 2cdfed9b2db65f701a9292d362f450ebb9b501e1b40a0c55c31e0e5e87ba52e0
SHA512 aea3d49c341dc4ac0f6b9a010093c15d5f5e7839bd8f5d025551b1ed4d8cecef9216870604489accfd6240776524c44844f2fbc4d3ed9e9ef86f9e4a5d7d7fab

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 5afe537753f84d41e20efbc57af12eab
SHA1 541b593e38e68326e661183d2dee829ade8919fc
SHA256 2b5b9d5d4d19df067a7daa594fe7710634e047e4a58c86dc54e967d49eabed7f
SHA512 ac088f49f85eca4eb1b273b1c900bc0ac6cac3e7eb456717e294d6d80a2abe23488f00eea5fc6b4fe06ac9aefae63acc1f333d670514cdffd8ba6473361c6731

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 e23c74fa894b9f2f4115893773655f3a
SHA1 67c5befb43e7785ce69b0daa51b1b0764e677a5b
SHA256 b35f1546916f8a63d302091d865376c7806e90752ccfa4ec0289d0ee50659e37
SHA512 3a4bfc2a205986f942be941005638cbc599f72b1639e473b2f0641071066562d0a1f5d8defee5f91b2b34c48d690277bf5122902dc437e6ca5b2676f27eb4f7b

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 4a6a32076a6ec33b804682a0630d916e
SHA1 5f59244343506596b8b13145cc7b7685a85b25af
SHA256 91106348245a378a20028de836ca8c4f8b21248d6d5b115892f1d915d3f83ab5
SHA512 a0ac7f21f4d9c247915615faaaff2e164e6defb58bf015cdd3420a63238df8d3c984545179a4567d48882c4c59b483819f6bf59ca532d2449cd6deb081451fd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd45c3a3cdfe8887973de08822037282
SHA1 4baeb90a9a923de267d81a513122a6e3dd29641a
SHA256 b9f060f63bbee7c7664062a45cc907a53260012634b96800c38b0ac75a1ebe45
SHA512 1d3686ae4a214d00023c3815dc3f6de572d6a0107c8fbe519ff34f6e02c4117460ab3b943234f6b485ae8e5d7bbea3229c95f510960d357a94614820c0e76da7

memory/2244-460-0x0000000000310000-0x00000000006F8000-memory.dmp

memory/2640-470-0x0000000002C30000-0x0000000003018000-memory.dmp

memory/2244-489-0x0000000000310000-0x00000000006F8000-memory.dmp

memory/1628-490-0x0000000001090000-0x0000000001478000-memory.dmp

memory/1628-545-0x0000000001090000-0x0000000001478000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 3e9f9853b5fc88e74c69f15f051b3ee3
SHA1 74da0cf0a75983857a2ab26f438b4a5c6b01b543
SHA256 bda829516bdea379e41b63acdb1682b98d2f469db1d17f323468b96c4e72d984
SHA512 7af68d83d555e90b0d56eea7b9293d0c540e841131b5f025c4a280f562e31f3cfb527c1e5e4a96afa660d32bd5ff61dcad6cbb55e19f7c007814d2c2f7ebc637

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 65e111ba091f9b3b647fd1a2b062d5b8
SHA1 a4dc7a6bf1caf771fffe6b5318e9b76387f0d38b
SHA256 d3e8b9a0664270772e04b7fdc584d7d7a5349c93ca5310e2efa9ce269b0baf55
SHA512 5d1afb4ca830655bb6d25dc35f71a45984bd70d5c4e83d25636001e79f6b62094de3da96192f22da1a1acc3b9024145eb7ce3f313b016cdd7c999c3f15549c8e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 bad9fa79fb5bbef1cea454473769e0a1
SHA1 4aec795850507f2ca31127d4494ab1fe88e7cbb1
SHA256 6dc072d178babb4060ff77ff76148e2eaf75e32707dee7f1496258667f1cd49d
SHA512 8157d469b231d0b51843efd5a5401edaf44aaf2d79a28011365fdd6c3f3677ce98e2866ec686ddd8a0d0986387445e91fdfc9799d0d4ea5619c7569f193dc42b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

MD5 dfb34059c6287b527bf92f4266ea9d98
SHA1 f084d4e3a6161d7ee5005de99723dfaec1b2dcd4
SHA256 6adf6e0e619701e456550ef004172f8316c3f5e69f835bc1dea15418ffcd459e
SHA512 f93fb7ff531eecd41b4d93dc7cbc867f8298abd2be3611fc5216c50f7dd21da60afcfc0fee25be92fed0c1279089e1221ed0a6a49c229ab2768da5800969a07a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG6.PNG

MD5 97df0bf4bc798d11c56acaaafbb097c9
SHA1 856a8b57615fa06c54725dad35484cd67bd3551f
SHA256 d9da7ad17b8a016ff897a1c1978eb7194c1f58b735ad90775769c8bde88658e4
SHA512 f410c2178bbd00418a1559f927afa966b47295fdcab77b26d634429bf7ecb780d62aa5dfca097b5692eb1f6432fe4c153e83ef89881e05f3a1b07a3d3c83698a

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG9.PNG

MD5 c79040a0266403ea0e5458c0a9e59be2
SHA1 5630fef198da8a2456e7f9068a2dffccaab6905a
SHA256 c26855278bd382e34910eb4e44645de037966434ad54e774ef7b63835fc7d110
SHA512 c09a09a732695a3e87886b1bd12f72050da94e2f67851636bbfcffdb9dc375a4b8734bc8b5ef023bec435c43d2f2210f1c1c33745e5029beaae5a09482dea1e1

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 7c2d2237bedbfc5c5d97e2d94158ebc2
SHA1 2d43b6949b3bc17e09b8ca114e96b16161a369a8
SHA256 6c0b9e5408929a42547b87f0acca6db4a5484e467ee1234f0dd79992a1c1c784
SHA512 4d09e86a30bffe142da412da1649c81dbb025c8c65ab19e0b43fededdca33de9ef54d2d215aaaaf22f07f2d4adb2cdf37fee4271247ccea54375fb7b2fa15d80

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG12.PNG

MD5 4d86270282886913c795db8cd2a381b2
SHA1 64eab9bbda3658193c3398a624eea9e182149b9f
SHA256 831fc49c0eb803308a6c3d15071a185a1cce7c2bc0e2bfc4fef4a342f216cca7
SHA512 80ca27452b9a876688bb568167ee69c5df650568d1da406367536d562f99f3b7d603f631912c22aca289a891a74443dd72971a6498f859dabb15fe1fdc9a3b7f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 e7830def8bcec4df730c20eb8684cd79
SHA1 6b684865fe1c5a42e96cab277c372588aaab029a
SHA256 bf908d45bece57a9bd760180e9cab64f65a8a8f6ab8d7a2398085dc69de80152
SHA512 02e9d020686c6a843b701b317bdcbc21d2215441a563276cbfda31d09a7e7d4e47b28f9b6315250825b031f31c6140c34864e222f9dde3f29f64a86baa602cb7

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 a276012e40be3d7463241e00decf51fe
SHA1 faba63b5bc9689a2e46b1357ea42dd7be00c5f22
SHA256 a842eae9b4001e87cb43198a58037a177809b381c15250e5d0b414e23b4f2d75
SHA512 0cfc0e3fa9c15a44be13f140b79a01264894ef5ddf0dfa15a4173bec7cb691258ca3c0e437a3741203b54144e9aaeb7c48d7ca85785d00850a907ca922fe1e10

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG13.PNG

MD5 9f6d4685d41e8087270553bc4ad239f9
SHA1 1a1b5e3d7c5d4ceb2a03e460f67343ca0b42c636
SHA256 59e81ad4b4616784ecfc0ebaa2eb9ad4caff8772daa4c62eb6ef4b760e73476e
SHA512 3b536676f0d98e444b653ab95d89f46b810570c2fee0f4364a757a4959956616dbf3d3e2266ebe1a03e7ef04f2083d217c39fced6dfa69cbac6783337ccd9e9a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 66848180d72d7b981cfa68787ae29607
SHA1 d8c21f0044cf1a71f701b83a46b2247daed4c8fc
SHA256 e8db72179bdce364b1464bce89cb5a439e22e778606faa21b2d224f80eb497ff
SHA512 adf31f80b47eee0e820d62fd0afbbbcc9441c635de0a2b2618c5cee252fca7635c7d68b8d0b6300b61b7e1422d09df1ad40109c9d63c5a59b4fa30d80ac5e750

memory/1628-890-0x00000000050B0000-0x00000000050C0000-memory.dmp

memory/1628-893-0x0000000001090000-0x0000000001478000-memory.dmp

memory/1628-894-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 118ea89df3153053840c33e968124aaf
SHA1 c7d42a2f4ccb015c95c8c0acd52ef67048fe3c6b
SHA256 c10afba12fb8f7e2744cde79bfabf1e3156da45f38b3c3d5ca49eb8198e8b043
SHA512 120eb721b9d9ae1922f07c940ff1bda63e9de2c28d9fc51896777933197f63ff9cb91e790cb314c23cc0691ffe9bbf5a966d76b60d3d7a371042c7ff21587d7e

memory/1628-911-0x0000000001090000-0x0000000001478000-memory.dmp

\Users\Admin\AppData\Local\Temp\jre-windows.exe

MD5 c5dc444071cbdb29e4871ed0f9737311
SHA1 02ece988e628ffa29f4dd0993b041c207a414c34
SHA256 ecd8de99e3afa3837e89f7b73016191b7ece4d11ddf50eef91d8c6cb317e5da6
SHA512 d89204c780ab4e0e4dc2f324c1af1fef56be941ddc48bdab63dc2e2827e91657de703327d04c0dbacfe7c339e929125d15bafa08202f873fc51066779ea27de3

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

MD5 0e984785aff148df8cee96882f56e7f4
SHA1 488f4a04f442d3c9d4b8a886d1088cb9717c64db
SHA256 4679d29cee122767b6258c0987a2f52bf3adbefe4fbb16b2ae3fc759bcf6d03d
SHA512 2ba04f0d0358dded8f2f1b212dcfe9c76d64f1044faf35cbc4db17dd2227326f3ee29eeec295193f96418a425fbbde9e0fc2b87a2c6a09051d87bccfb722c455

memory/1628-921-0x0000000001090000-0x0000000001478000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe

MD5 cce532fd3472c74641b4606102f5a2d5
SHA1 d50d42c46a20fee7cabfb227486a7c2b33fb1d12
SHA256 5342af7f475811e18d3e3f6da8dfc8eca5c671c9e201de7db0ca5801d94c2622
SHA512 438fe311dad3c105e381b8f627cb868baf5c6d54b41dab5cd2919f96ae2d3a8a16030e4fb3cbd1b89b79c55a4e3a6d8ab24a46f5cb9c2466fddfaaf46ea6e565

\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe

MD5 bf133bdd4ee02c9c69747f10b22658f6
SHA1 c8d6cf49720f1b686aa2b371c347fa6164189dc7
SHA256 8ce90eab43655e91772bf01feaa3ce48db1bff041497634422a6aad9a149dc37
SHA512 1e7a0a4fdb67c32eb755d4b12d12740687729dbed9141b3e5918cda9b71dbcec0044658b44c9fd0af2b13ec3a3abb155f656e04b46a3ffe29b2bf6e71d1212bc

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f62168d7af9b1a2028f8cc27ac811417
SHA1 95fc49b077ef3b80b6df97b229ec49ec6151bdf5
SHA256 3c7cfd10f653e5517eea77ab972f8018d5a4e2bcc98b47e65cb80c4b2de37760
SHA512 fd8d54b60856694933c3d5ad159e4d0a91e77271af8f1cc1083186317e7331f502a49e102cee28f33b44f441f53df63e6501adb35ce2d6d0bc7ce64cfcd8ed0d

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3bfcba8feace78572d55aa99aa112743
SHA1 9dd13de3cd9779ef1c5bc7f502bf4a6dc27e0f09
SHA256 97042cb1708336c4fb92169ed3f33dc16ba557bb6787233d95fdfe39c167c7e4
SHA512 4ee66a753d1ba30d8e87e3835f66e63440c49e1b4f91a3a9cc3089bfb98134992b0f9c8aa801ef5534a1ad60e727d5bd421b56f1124b61818284416f6ff056d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37fc5249da2edfe3dea84bf4ac91e12c
SHA1 1c97e751aef133ca4519f9d84a8b7a253450ec0f
SHA256 5ccec7066d0550912e0620f2fd8810851b4d612c6b0cd6adeaadccfbbab4a5e8
SHA512 bb161c1ae89618ec6a41e49dc0984c7752bd71c44b0f4519688b46d424b6bd51254ade15ae7f4f142be5261047d36927b30e0898ac3d8963a2f1351e3def5154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 4f71907417c370d5ba51cb3d29eb3c6e
SHA1 bae827085de5ca56b1c6a5ff34e7d22b4f6bce6c
SHA256 f1af602061d0e5cacf66f52a79d807528b55a2219d6360f375bf4b51632bda0f
SHA512 fb5c4f2e50ae34f533ded1e6433fe5a896c6a7a443d0b9eaf9df1078ccea16d6fe1510f5cbe9cd7c8a34e542ff8e11e5169868907d04b483eccd7bb331ffcdaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 6a8d7f54e7b20b5545350375f58f7bba
SHA1 22938acbd10bf46bdeaabe0a8535f5104d672742
SHA256 6075328ca34cf39cc241e280a98793c4d9529d866a8ef346fe4f610d20e8685d
SHA512 3a999baae2dcc3f8b0c4e32b22ccd88da032e734b830775191b680a45082328a43f8655d7999382c685a53624d28d7a60cb72d711b54d60369b4c241db6409d8

C:\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe

MD5 7345091480206a2df087f4203763b748
SHA1 5003d2552ebec4bf7193f320704eb94bbac0f705
SHA256 4b272871df851e8eb26211e2d1f365fa0d07464a4d1f8229880c34579271ac42
SHA512 71a7606089fb1f573ee3a2935b66acf7936cc2b305d0c01d32a7952c44875f6dc700bd295a7130c450c28c542d277cf7a5c2972996c5bb3ef8e075a17e601dda

\Users\Admin\AppData\Local\Temp\jds259515915.tmp\jre-windows.exe

MD5 052b132e480c11850d2d5b5b3fb7406d
SHA1 21d7c863932c75e54fccaebb26855490da9e64a1
SHA256 e6ea456ac01a1ad24d818d266ede8e61c6413118efe317258162bba1bab71ce2
SHA512 fc61466445b6f8464d85d4a026adcb017a4e51d74ad916ebc6b087925d9930f08942e05c98f5bcd277ab8f1b01db1a2b734141f5055b28a17c24bf195a96fb40

memory/1628-1058-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

MD5 de87afc0389a7f617b9c4c75d9ab8d51
SHA1 b1264ed42c5db7ea3136f00a761cfb98f2d7c838
SHA256 996602c1bc24e59a0bbe0cb1b5da66f8118e067947d72ec011af7c041886e0d8
SHA512 d7c0b6093dc0fc8bb7710ac580e4b5052d32b9242099ad448b9e18b63eeaa11267e65508ffb8a5d3d1a4fc26c725e765c40b227a926d76ac69e9657fac078963

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 b9294d55ba93e6f05662702102ddf117
SHA1 9f8e4d6295f2a8da2098a326d45b48eb2e6bace9
SHA256 28f48a621e157bc488615077104789e1442360b1027f2d978ef148c8c85cdc9d
SHA512 276e8820268e81ab994d909878070aba9f97a99b5a87641a38584a1fe7021d8e6e63648d087e8ae1fce46d7b3debf6fd51340e620d6a24d4e116b49fcdb17888

\Windows\Installer\MSI2F50.tmp

MD5 9f199097d2b9ef5a0072fb2e37348e3b
SHA1 c6403fa849c80bbf7ed3d04fe32344f70899c4fa
SHA256 b78af077e0fb11f6350781541f603efcd70f02f246ce210b5496e79a5496be25
SHA512 45011d58d0bfcca7d70f477cb6983a767e6d3bea9badd514ed92133a610ac9807ef401b423c63098ad6f84469a73b7c295983fa6e786cbf1416e58a92356bb8c

C:\Windows\Installer\MSI2F50.tmp

MD5 4951b926b39055e516ba32b6320c3059
SHA1 0785fd47c89058013aa945a190f50dc301cad2d4
SHA256 dc33340fc6699d62d4da98ab3c6c9372015ad3c4236fff7e72297e6a5d9720e9
SHA512 8372bd2bea7957c62f54ffa6ae68e4edede701df06caad08c83962f009c265ccbc73849c2c55091582be0ef8a1e3b995bbcb007fe1325e1cfff974a933bba349

\Windows\Installer\MSI33D4.tmp

MD5 8cc0d29517ffe4354fc27faa5c42ff7b
SHA1 6dd218a59642ed94b9316143e758863dd580cdf3
SHA256 d6a2e2b8f73464c6511238c63547426c421b3ab3daca808271923f1f2e2b10c1
SHA512 012b5b9bd977f2b6236849ddedd381e94c32ff95ac1e053aa4ab45e701cc0c657e5076744314af7cd87893c2fd795abe35c18d46de9c6c74e9d0efbec5a1af85

C:\Windows\Installer\MSI33D4.tmp

MD5 daa3076fa51a77ffaa2265567ee2edfa
SHA1 53a7ea0c6d85b4b1f681b42f5db5167e0814e16a
SHA256 3eb4d07a64b8e2bdc8231be76812cfcd71e5ab569f9112f184459fd63274b354
SHA512 a86e790ea9336d11d9ba192dd6c22f700cdef2d23f6c263763a01a61ac1bce0b29bd197d0a2d20e9d7c06dc849d3bdd6aa7620cb6d5de92177c4d3b85aa8fe03

\Windows\Installer\MSI357B.tmp

MD5 f2634bc20f70f0a22dffc564c3fff275
SHA1 ab6d0f60bdb15ec02f85f0c031a72e33f93be9f3
SHA256 020e0708faec328808d6a1bc6f064ec0cac42ebab8136f2aab902ad7ecda9023
SHA512 a8e93a308600a8ed066583f33ec2119b9cb4754f5738843c2f08ce01149724fc0472125c4977069da8542b46e9722fc014a3e2245959cdfa9cf8613d69266118

C:\Windows\Installer\MSI357B.tmp

MD5 39f82a56eda50fd09a82e80f1178eea4
SHA1 10af06aec2fcaa2e5eda2d9caeffedf4b4e5845f
SHA256 46bba8690ca11bb71ff7f1c3c290501130aa97e4706e48c4e2bb275e7a1202b5
SHA512 e62d39b637c09f22917ac126f921398e7027c8f6e97815854a3bc717754a268480336a6ce01f37d615b2f492ae515f2bb6cf9d103165ef55bb77d899826de78b

C:\Windows\Installer\MSI357B.tmp

MD5 99810e6eae2991b25f410e21a4b5544f
SHA1 644ff1ba92a1a44016705e8d98ffdad194f155e3
SHA256 b2de6e8f2e52cd7b9055747f8a29daf72867f62a27f3985dd448b8995b975a6c
SHA512 7416ba7d5fa190f8faf322b37c26508e931579432cc6dd8227a173a15e6de970dd693eef945173e8eec5d54eb92072b8ca8e23eed0639877c88f8108d8b9f3ca

C:\Windows\Installer\f782481.msi

MD5 2f4fe65aa617a717ac9524a2d40e0941
SHA1 921628460cd8eb499f091f5501360014614ccd58
SHA256 9838c0574a60bd9fa93f0a6738dc47557f65f0d223083c3a3ee425a1a9da0821
SHA512 f576c508fd3dfdc452f5081d65ef4114754ae406223bcb0f7124afcd42cea033cc2a14cdae00f94c05295701338cc7f70699d330bee07262f4da31cd1d663f4e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 870eddf8b6f9e567b227a671102e4573
SHA1 84e0c2a4d00c8f6fc9bc7fb9ba6b19e4183be33c
SHA256 658fd23f2244270d3b8d983d158b2409ecefa1f3f2451302e0bd0b1e70e45b6f
SHA512 c7debebab32a4614386abeea2513dad3b5a46d4b8a576d9c663e0f366ab9ca8b0a1f5b4e42caa1a77a4387e2a936aac8f764efe571db248e711cd7e50ba0e251

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 d6f9655a07a97cbb5c177aa488285af4
SHA1 0ccaa8e50f4869b47bdbb0da3ed71693962b6de9
SHA256 38a8bf73917289126ff900e8f30124fc78ceae5772e2970cf970a035b4fc28b3
SHA512 4d4db015e537909c43e5c8e170920663ab79600ac0cd42e624e09b6d2a02bae2b4bf586f267f2f63e2e09b02ce730cf426966f53dc3e6ff323a3d07fb728e90b

C:\Windows\Installer\f782486.msi

MD5 58fcda7cd26920c28d03b1f71548c368
SHA1 c5c4f6a0b9fdc14f576df431c66c4f1aa8b8873c
SHA256 f4ae3fc8b34d67b0428af564471b41781dc103d8367f8f18e478906c91927058
SHA512 cd54080a364da81bc43f25f9609b8647d030197b5cf30caa252d69303aa949614ad91d8f40010ded062daa010853e150f0a7d5a4920faa40d6312632b27a6f51

\Program Files\Java\jre1.8.0_351\installer.exe

MD5 b7c653f3aab91f18bf7b5b37047afc86
SHA1 e7b6f1b61108cbad211f08fac99c17e2ac8e6389
SHA256 ec9b7ff83142da9247ed41ba8dedb3775063c750f1d3b89865cdc5f9f2336285
SHA512 dd8f3bfea875807cdc411e0fa99171a44d2733c9fcd09e150b94eec84cd4c9fa96633ce6c9383912e9348e889b40d1d67e802b2012ef6832d21a0f83d419fc80

C:\ProgramData\Oracle\Java\installcache_x64\259539237.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/2604-1287-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2604-1292-0x0000000000230000-0x0000000000247000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\259539237.tmp\baseimagefam8

MD5 927d6e7256b720335afa2c277313be65
SHA1 ec873200f6e0f7d50a976d2abba9360abf246553
SHA256 35e68189e09f138ac750507f0601ed0165a543f9f023a3618db40847197a0b0d
SHA512 82605dd657c39c8f9244cf17b46bbfd3c5f32ab3e9210a86410e5c89aee2024035efbe708ea758a768e7764257a97184e36623fe8e89bf18df0ddc6ec291db3c

C:\ProgramData\Oracle\Java\installcache_x64\259539237.tmp\diff

MD5 a655148e36545d95f0d755a441d3137e
SHA1 42c157a80272c9e38a47684370c784194641b129
SHA256 200cb8fec51af2f16861583b22e41f1faf8f5886ad64117323532e485af2b76f
SHA512 3dd357382306cb49a7eb1e639ef528643b9e56ca8428226d2b1faafccfb8528dc8f996f7255b99af13c38e4c8c219895e995c67f38e8bb5bde24d9fad85a1628

memory/2604-1294-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2604-1293-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2604-1299-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\259539237.tmp\newimage

MD5 5218509e1330865e1a4f051901a23dbc
SHA1 b8e519f8fb61df4150a8e87d5d8daa202925bd3b
SHA256 2b87b1d0810c2b2b1d70c6f9194d6f000082e4a6c2d25a0d5e0fa300889a8713
SHA512 80a63e01f86339cd1ae3d0db408b0bb5787f310842b77d361716caa84275bd69893ec2195f8d52303e9b3fef6658ba0b133616071ba5fb07ddac12d675b659e3

memory/2604-1303-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 7cee85c3c5d4adb43ed1ca3aa4984b67
SHA1 1ca2cf48075f10ec7ae3058e986db32494b96948
SHA256 d41957077b95305d327e23104f832200550d10a30567f56927fc06ce9f38d6ff
SHA512 e563ece4f7c53c25b42c330c6e85cb9052260c9da785fc941c63e267149649114f18feaf2ceb79f67f0535acbef15921e27930c2b153409a2d5733e3102a5bf9

\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 0d94ccdcb072a3f884693e0bea3899cd
SHA1 4c05015ca407a4c7690dd96f55ba0c6db4e3e71c
SHA256 ae16ad1c1b90b4d463900ca6457a4278f4deb79477e984bda100e9224dd9621a
SHA512 f8c3a431724c87c1a2c7cde14d5cf5b25376fcd9d5e9eaceac65d7c89f5100bb7318b27c14494e68442847b837d1b97ebc226eb694fefb1bd5a25c3e22e9453d

C:\Program Files\Java\jre1.8.0_351\bin\VCRUNTIME140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/2452-1661-0x0000000002330000-0x0000000003330000-memory.dmp

memory/2452-1662-0x0000000000110000-0x0000000000111000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 c3acd72630e30c1466dd26d0f90b0b06
SHA1 1184085b88d81c04b83b6c107b867b3bc70b4a55
SHA256 915cac849cb0a62c5c645bfd90763d5cd4585a76f4f23ec407e071aa756beeac
SHA512 46c88ac0f4e66142ccd613fcafa5e1a42b335cf04738d410e586f4c632efeee4cb1a772837551095bf3af4171b7e6913cf8054a4a7d4593dbbf453451ca6c294

C:\Program Files\Java\jre1.8.0_351\bin\javacpl.exe

MD5 53eb785cdc1bfaaac47eca57902d7325
SHA1 066a691003a595422cd25fc61bc78c79d8a23e3e
SHA256 89369b9f56820badaf2b0fa43619f3ee15ae0f8b65543076eb417e0b2e2f5fd0
SHA512 979c9071acd5a17562f80ae7df6db0ac26ff4789987aa13e82d96167347a9343cbc11f814d15939b6a4821b98b1523a31802a6cc7bdc82ed05dfe2b17b7b8d67

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

MD5 24ccb37646e1f52ce4f47164cccf2b91
SHA1 bc265e26417026286d6ed951904305086c4f693c
SHA256 adf2d659c2b2a4afff1ca58f3a742d27d767d27eabeca6a8b6ee243e9c913a39
SHA512 cb174e7a219f6ffae3715e37beb428979bc1462202729c05a25fa7b8da90e2dd6faa92c03cd9ca21567d354dce7acc1852669f4071298e953d6a286243794e32

memory/1628-1869-0x0000000001090000-0x0000000001478000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 20:22

Reported

2024-02-22 20:24

Platform

win10v2004-20240221-en

Max time kernel

145s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.5 (1).exe" "__IRCT:3" "__IRTSS:26073958" "__IRSID:S-1-5-21-1414748551-1520717498-2956787782-1000"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 5.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.64.88:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 88.64.20.104.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 bba68732fb535f542f19acd46af00ddf
SHA1 501b7058ce18858a22f6ce198dfc34fff832872d
SHA256 da4577994a0653b6eccea81ecd078397f2088935d24dde5d8de30fbf178dd0e3
SHA512 36b3d68b7163b7be4a12cc9b6fed2136300c8fdc4941e00b42faffe94f40436d104788808d4fcccfb7340e3b4a4bc4740bd66dab840260461a8ecc7785fe43b6

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/2648-14-0x00000000004F0000-0x00000000008D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/2648-267-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/2648-268-0x0000000003100000-0x0000000003103000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 81dfcaabe62aba27e2a18ec620f6a38b
SHA1 4eb17a9248d7c860a198e177f2af48e63fbbdeb6
SHA256 9052dd1f9e0a0b85548ffaaf746b5b8701c001fd38d6ef4e7973caf4ea50c0c5
SHA512 6e2c23c5e613234f1f3bec6cef30bb44bf273afcabda834b04a12235a9ada2c571b4ebb170191b6cf63dafe29eb84d6b2091b145236b16e437cd64aa3d29ee4d

memory/2648-292-0x00000000004F0000-0x00000000008D8000-memory.dmp

memory/2648-293-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2648-317-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2648-319-0x0000000010000000-0x0000000010051000-memory.dmp