Analysis

  • max time kernel
    25s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-06-2024 18:45

General

  • Target

    TLauncher-Installer-1.4.2.exe

  • Size

    22.3MB

  • MD5

    7467a35cd1f34498c32d68fc11cf2dd6

  • SHA1

    3349ad795ff859a581f8d1c99d735f1817ca17e6

  • SHA256

    8f657e915ef6ab8f9f0ecb653f2b79b19a6e68bb14d997b4b8c6e005c3923453

  • SHA512

    840fdc04e600fd6e0c01d2ee03b0e2f904f08ef1e59dce14b9c4897fa1971f4ad8431321e3061ef09ae981bcae5f008e613f8497745e29f9f007842877b6efa5

  • SSDEEP

    393216:/25KXSlsQ8C+Q5JIkc2rr6of5MJ7ZWqxPAIgtMIMlFRqH0fHbS1K8kn/rbhQyDkd:GKXWsQ8CJIArrKJBH5lFRqH0fYk/pUJn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe" "__IRCT:3" "__IRTSS:23398040" "__IRSID:S-1-5-21-2297530677-1229052932-2803917579-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1724
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6eb9758,0x7fef6eb9768,0x7fef6eb9778
      2⤵
        PID:2764
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:2
        2⤵
          PID:1060
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:8
          2⤵
            PID:1052
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:8
            2⤵
              PID:2220
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:1
              2⤵
                PID:1576
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:1
                2⤵
                  PID:2108
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:2
                  2⤵
                    PID:2200
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2652 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:1
                    2⤵
                      PID:2860
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:8
                      2⤵
                        PID:1652
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:8
                        2⤵
                          PID:2328
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:8
                          2⤵
                            PID:3004
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3752 --field-trial-handle=1332,i,12176801428421574730,6060250204476839914,131072 /prefetch:1
                            2⤵
                              PID:276
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:2804

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                              Filesize

                              70KB

                              MD5

                              49aebf8cbd62d92ac215b2923fb1b9f5

                              SHA1

                              1723be06719828dda65ad804298d0431f6aff976

                              SHA256

                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                              SHA512

                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5776c4f9-0509-4420-ab73-1aa69d429642.tmp

                              Filesize

                              281KB

                              MD5

                              edb3ccc151e1a656ece00b895258f16a

                              SHA1

                              7247b76733f579f9343c766d4544e6725d968ab6

                              SHA256

                              d354703a856548cd8237fdd8a3f4b3210c68b2aed570822747ff78ca3a70a941

                              SHA512

                              734e3e04007620e1733355a69d0276decf829472e5acd99d96e56bf5f869e53b0a836ba330ef4a758797e891ddcdebc5d9a34390396ee72254681b15eb00727a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                              Filesize

                              16B

                              MD5

                              aefd77f47fb84fae5ea194496b44c67a

                              SHA1

                              dcfbb6a5b8d05662c4858664f81693bb7f803b82

                              SHA256

                              4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                              SHA512

                              b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                              Filesize

                              16B

                              MD5

                              18e723571b00fb1694a3bad6c78e4054

                              SHA1

                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                              SHA256

                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                              SHA512

                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                            • C:\Users\Admin\AppData\Local\Temp\Tar23FD.tmp

                              Filesize

                              181KB

                              MD5

                              4ea6026cf93ec6338144661bf1202cd1

                              SHA1

                              a1dec9044f750ad887935a01430bf49322fbdcb7

                              SHA256

                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                              SHA512

                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

                              Filesize

                              116KB

                              MD5

                              e043a9cb014d641a56f50f9d9ac9a1b9

                              SHA1

                              61dc6aed3d0d1f3b8afe3d161410848c565247ed

                              SHA256

                              9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

                              SHA512

                              4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

                              Filesize

                              1.6MB

                              MD5

                              2885c4a1dc2bc52ea298b8d9c7e1bfbb

                              SHA1

                              964bff819cbfd38692900403460c67b9d0dae8b0

                              SHA256

                              4007ca82da52600902ad2e269445e0ae15701187d111ba7f59546c7dfe1fc3dc

                              SHA512

                              e0480ece21136a29a727fe99001fae8a9009a4ce92bb1a48644cf20dfc57fe70cb685b6427a6582f85ac2ffee93d85fe91c7cb1bc5b8e2121f3cb38907da2e50

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

                              Filesize

                              12KB

                              MD5

                              3adf5e8387c828f62f12d2dd59349d63

                              SHA1

                              bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a

                              SHA256

                              1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0

                              SHA512

                              e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

                              Filesize

                              43KB

                              MD5

                              9d0f62b656198cc2751cab6bf2a36a46

                              SHA1

                              616dbed062f7ef1be165cb167ea5788867a34923

                              SHA256

                              d1ec7db451e7e25d970fd62b22a7779a3f59eb3978a0081120d069ffbdb14295

                              SHA512

                              2591c988f685b9140a7fada6320f3ef5763ecce62cc47bf0f9bba6885b1714e136bb552672d9656efd19a08ea891e1686270fe56289598c6093dc8483a5f7636

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG16.PNG

                              Filesize

                              644B

                              MD5

                              faefac14b9ba4ba2f2571fb164539f77

                              SHA1

                              9dd91143d4a95e52f9c380e3c3ce23c9180eaa15

                              SHA256

                              6509bb99d5392d840700e08452366518bc5ed578ee36b964adbee69f37048b2d

                              SHA512

                              f9851d8f801fc78739ab038375401582a7d8554df0efa05bd397127a0e431520c6715c5ebe65cc012306aa542128484f387473d200f58b0065581403721c9e24

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG18.PNG

                              Filesize

                              40KB

                              MD5

                              e802a83fd63eefd5b70eb246f075639b

                              SHA1

                              5d201c7d3172ceafa318151acf499270f33db060

                              SHA256

                              50c8dccb06fe1332b471400c9d5d1bfcb47df1833077ada7e54e0018a82deee5

                              SHA512

                              7febb82664b9b160f5b00d978bb97d2f993a7d40a70696a40ffc472fdea23a636f5faaee6a67fd74c55d7c17b685e38e7f6d14be88f9f260d6520f17af06f09b

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

                              Filesize

                              12KB

                              MD5

                              f35117734829b05cfceaa7e39b2b61fb

                              SHA1

                              342ae5f530dce669fedaca053bd15b47e755adc2

                              SHA256

                              9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3

                              SHA512

                              1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

                              Filesize

                              12KB

                              MD5

                              f5d6a81635291e408332cc01c565068f

                              SHA1

                              72fa5c8111e95cc7c5e97a09d1376f0619be111b

                              SHA256

                              4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26

                              SHA512

                              33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

                              Filesize

                              438B

                              MD5

                              b66b94a905366bf25b5163fe5925e0d9

                              SHA1

                              b0e91b1797a1f9455d111e9d8dd5bd4aa72e935a

                              SHA256

                              0ced93717234ba2914c3a3b5c2dae4a7c4c52fd5393415e7c1482e4cb4ccf7f8

                              SHA512

                              2fc07db7c8791eb2c0eb67eb50b472f61fc180a281159f9a68d3e49391d89545726ef0a481d0efa8267eee64ee6514835a81a09bb537e62889612baa95a5bedb

                            • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

                              Filesize

                              9.1MB

                              MD5

                              833512c89f1ab92c80131d415f89f442

                              SHA1

                              dd9953ddcc33278bb97502ffdc6e7462e8005680

                              SHA256

                              717f80429e16e7c467a8472dfb0404e22fdf2d67ecd94018b6536dc9d995bff6

                              SHA512

                              f23201251ea19b6122f60a788a027bd59aca1233b17b265709a51a2babc1eea1394a4400eadcc6792bb5f9843d73a95660f60f487779cbfc05766f53fa3ef3d1

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

                              Filesize

                              45KB

                              MD5

                              b3900ec4c610092ddcecd3fe8d14a529

                              SHA1

                              f3c0713b0fa185bc2acd774ea4b6a7a568b20f2a

                              SHA256

                              d077af4a50d041a710c2362e29da0dcc4eae5c90cc7aa3f058a2cbed28f1c5a4

                              SHA512

                              5dbcab9c44fced17af4a1dcd713c81c079689e53a979501e2a0714494f553305d03bf52270b533828a71a9ad2c0c722f87a64a91c3b0e7cc4484774b4b54daf1

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

                              Filesize

                              206B

                              MD5

                              cecc7c02d44d9c449121a542bb0fb36c

                              SHA1

                              6984cb702147fa42d975f101b286d802c66148f9

                              SHA256

                              a64ddc02113b74aedc3e77837b5045b178e82978e68e9be9d04425eefc6fc690

                              SHA512

                              e4a5bf35cbfe71789cee597df48268679b76093ac3dfa22cdc71015e734f6f68027e5efa489e6d010ec3b67f0eb56508cee949905e6a2d48c438b02d19edcd79

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG14.PNG

                              Filesize

                              41KB

                              MD5

                              b5fb5788225a22d2235f27b5f4f0a275

                              SHA1

                              0820031da047efec3105b7f52c4254170102700f

                              SHA256

                              58f73ecf94e61492320c1cbaeed3b989fb60131d1441320cab502768c67a58c3

                              SHA512

                              1cdda78535038b51ef264acfcfc299bfa3521f69ad6d86b4451c0a3e311c882fd442094e99a213304670f0b4c50aada99b3559c4b55422261cc6b37b431955f3

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

                              Filesize

                              475B

                              MD5

                              cee48467f5141425823298a0726aa52a

                              SHA1

                              8af5b57d4163514bdf1f1548ba612f227539b532

                              SHA256

                              d8aba6d89980c78a3554511653a7147210f544dabc457011a45957be596a7b72

                              SHA512

                              48c7ec8ba3087e06a38d66d2c3548c37ff02efe508a6303d3361de38c1d27ec8f8b17aa07eccb9e2c7ea10478d548c8049a3a50f13dffb0a006eded034e9fff9

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

                              Filesize

                              368B

                              MD5

                              b196ede7761b55fd40b2167723f489b8

                              SHA1

                              c6fb9ec2a28bb6cb0c052d05018e9c81205244c9

                              SHA256

                              987b0a991162db5aa6d7560abd18474818e0639aed080643132c42b701fd1d8d

                              SHA512

                              661f91be3e77679cda55a63ab50636b2b68256e08bb4ed511e646bbf6835f85c3959388632843a1062677b5e405c1d76a09890086feb3d23f52cd72885763497

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                              Filesize

                              17KB

                              MD5

                              8cbb1dbdfa9a6e046f2e09310f93b138

                              SHA1

                              5a35daf608e109f97ae2ed58eb55c70a4c87d44c

                              SHA256

                              73d10eae23e7b72072a67bba6d5227b65ece549484e5c18835dd09da6812f426

                              SHA512

                              97093d19f4824cd4d5b41a63843c598278c23dcbf750a1551ccf7b7228ad433e95bae7031e685a09b689b95f71e258c0449bf53c1b3580dc3f5a4b5279953342

                            • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                              Filesize

                              4KB

                              MD5

                              288c344bbd631bd9183ca948a43061d5

                              SHA1

                              7ceacafa732f04a03490745e9f6167dce08aed0d

                              SHA256

                              dc4c432ae91d2fb2c19fe0fc2a0d6c89d46e723e55b071c98df03657c8b64b85

                              SHA512

                              894a21e9b52638b7a45117662b7d34c48975ae5c91e2e2ea6a7c434178b1774a495e707f308ed1e4a7fa574b1040c6e374d4ecdb06b6e3e0a759ddc807017719

                            • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

                              Filesize

                              1.7MB

                              MD5

                              dabd469bae99f6f2ada08cd2dd3139c3

                              SHA1

                              6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

                              SHA256

                              89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

                              SHA512

                              9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

                            • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

                              Filesize

                              97KB

                              MD5

                              da1d0cd400e0b6ad6415fd4d90f69666

                              SHA1

                              de9083d2902906cacf57259cf581b1466400b799

                              SHA256

                              7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                              SHA512

                              f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                            • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

                              Filesize

                              1.2MB

                              MD5

                              cd0ba34e6182159d0c7a70c40fa0bf6e

                              SHA1

                              a20c20dee4b7ecd1e2c1f6b025e2766b583e2c38

                              SHA256

                              fe88a318681b47a1e9aad79cd8b42fed323555fed23a04633b1bd16921380d86

                              SHA512

                              2c540e510bd22fd70dc6393599b13aa1cd820b8434692b4fb2cdc60c08f4c03e4a4d0357e75672d4c08573d15ba3d1e62692756c30be00226225b5bec0efd79e

                            • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

                              Filesize

                              325KB

                              MD5

                              c333af59fa9f0b12d1cd9f6bba111e3a

                              SHA1

                              66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

                              SHA256

                              fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

                              SHA512

                              2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

                            • memory/1724-584-0x00000000012A0000-0x0000000001689000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/1724-583-0x0000000010000000-0x0000000010051000-memory.dmp

                              Filesize

                              324KB

                            • memory/1724-682-0x00000000012A0000-0x0000000001689000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/1724-683-0x0000000010000000-0x0000000010051000-memory.dmp

                              Filesize

                              324KB

                            • memory/1724-19-0x00000000012A0000-0x0000000001689000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/1724-1231-0x00000000012A0000-0x0000000001689000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/1724-1239-0x0000000010000000-0x0000000010051000-memory.dmp

                              Filesize

                              324KB

                            • memory/1724-1802-0x00000000012A0000-0x0000000001689000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/2112-1222-0x0000000003540000-0x0000000003929000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/2112-18-0x0000000003540000-0x0000000003929000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/2112-16-0x0000000003540000-0x0000000003929000-memory.dmp

                              Filesize

                              3.9MB

                            • memory/2112-6-0x0000000003540000-0x0000000003929000-memory.dmp

                              Filesize

                              3.9MB