8535bf7f8914c54823a1b57e5977c84add0caebfc967567dcf13f8fd843b8b1d

Resubmissions

06-08-2024 22:57

240806-2xkhbaxbqb 8

06-08-2024 22:55

240806-2v9dnatblm 7

Analysis

max time kernel
90s
max time network
107s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-Installer-1.4.9.exe
Size

24.1MB
MD5

79673d0cd668ac6e4ecfc7dcc4db5b23
SHA1

0a576f857765e759f582126f099b0c04c6c6349e
SHA256

8535bf7f8914c54823a1b57e5977c84add0caebfc967567dcf13f8fd843b8b1d
SHA512

a9d1c9d47cf67bf80a60c6250cd84151551e549a1ff179faa62381260d03d531dbd5b1df2bc83a43f71ab5a699aaf593ba6606416e3c8957b6c2fa8e3863f8c9
SSDEEP

786432:+KAWuabJBM9irrKJBH5lFRqH0fYk/pUJ8a:+KDMQPKJBZlCUfYSpUJ8

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
572	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
572	irsetup.exe
572	irsetup.exe
572	irsetup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000002a8ed-5.dat	upx
behavioral1/memory/572-14-0x00000000002C0000-0x00000000006A9000-memory.dmp	upx
behavioral1/memory/572-706-0x00000000002C0000-0x00000000006A9000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	irsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	irsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher-Installer-1.4.9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
572	irsetup.exe
572	irsetup.exe
572	irsetup.exe
572	irsetup.exe
572	irsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 572	1380	TLauncher-Installer-1.4.9.exe	82
PID 1380 wrote to memory of 572	1380	TLauncher-Installer-1.4.9.exe	82
PID 1380 wrote to memory of 572	1380	TLauncher-Installer-1.4.9.exe	82
PID 2268 wrote to memory of 4620	2268	chrome.exe	87
PID 2268 wrote to memory of 4620	2268	chrome.exe	87
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 1892	2268	chrome.exe	88
PID 2268 wrote to memory of 5116	2268	chrome.exe	89
PID 2268 wrote to memory of 5116	2268	chrome.exe	89
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90
PID 2268 wrote to memory of 1404	2268	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.9.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.9.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-3761892313-3378554128-2287991803-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0496cc40,0x7ffa0496cc4c,0x7ffa0496cc58
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1984,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4440 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4552,i,1772395744119635385,17518318558038956077,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:884

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4944

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d98919ccf72b4f39ba2def1e505dea80 /t 4632 /p 572
1⤵
PID:2044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
84d5f31bde416fa44b8afeffa3649d2a

SHA1
883ddfd1efc59d6c5d8ab8166daddd13f5cbc0bb

SHA256
629cda4f63cc73ba96f7502befe6aceb46ca2212d8296fe15b0bcc438ceef3f1

SHA512
045c490b5175e317591deeadceae3861f1922cd8093f475730de01153382f6ba42d9c663ef667993a517a70e428b9c82d41d8e77a91541df9dc01031e30be2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
16c65c7aea92af77f3b3613f8ca7c8e9

SHA1
d58dcf63c6bb9231b00f77fdb9a15f89e7bba715

SHA256
78fa78deaffa3e018436f986e0a42b680799c6ab23b7d54b679b936d7e0da2cd

SHA512
b9f2a2910106ee92a8bce5d574c148f539b0d8e2ece2a8fde2a02608ba768adbdf3a4e7403f56d4221146f828795d24d83de5fe8773004f2bd1cf8e8da2ffc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b806cd401c4d1f263bae49d331479940

SHA1
bdbb2dddd3cb9eb08852bbce09025716275dfe0d

SHA256
81015b1ec6a20a4b8430c59093da3d0e5246a6ea3da80a196d2fd21f1debd093

SHA512
91df4789c5badd2ad2701abba8dcbfafd009b7ab7085d0ca6ad547cf65d959026d3da60dc85fa9a1f4818dc31e2271678ed96cd2c95717a6745b07ead39066f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
07467c386e2cc340358614d2acb908c2

SHA1
c4d9b359d4abff6a3cd3f545749906c90f9cc427

SHA256
68972f44ca66909df666f2c9510d2673ffcc9ef37cce032399aa5084a4a256fd

SHA512
48a3c28b9d80235cc93ec38564e9c279dfd342660976fdd36b8bdff9bfce5bdc907fa9835cf2c59fcb35b2c7c6f638678ae792fc21298cc631f92860a58219bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c59d3c1b4d9969dac914b4942f568de4

SHA1
363c0e7ac07d4561dea69a19c0ba2bf428d7889a

SHA256
5acadb8476f2d8a9f1189800cd87acab03ea69a5bce38e16bf00b7d48952c87a

SHA512
60797df6440f76554a47db2d27b98afcab1357a0bcbaaf8fe181d228cb0d1c5b512c37ec942ee7ba123ecc2d87381ebfa06b4e412785a597ff27035121c13d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
5709bf23dc91a7179962a98043bcaea2

SHA1
e980b5296588fcf0deb9e84823c9238398b8d5be

SHA256
95b4eb21da5245c05302bb21ad61148d1e469e6492dfebd49c92f96f9569a5f8

SHA512
fafd20d79b7f953f9cd66d9a0c7278fe37c2c9941af92104df699274fc49f667eb8082ed3ef7790d9687e0ab06ac46e828633889b5db3afde03dc1f5bdf2f33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
199e6e6533c509fb9c02a6971bd8abda

SHA1
b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

SHA256
4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

SHA512
34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

Filesize
1.8MB

MD5
5c9fb63e5ba2c15c3755ebbef52cabd2

SHA1
79ce7b10a602140b89eafdec4f944accd92e3660

SHA256
54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

SHA512
262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
f3b300079862aff353b412d490bf5abc

SHA1
b61ad13daa7d39a02aa1329788ece0737390a45d

SHA256
c052cb74d9b0ce37efba9c018b5bcf74c51cfbdcaf990ae53cb9772ea318945a

SHA512
d6e02701ec0990fd9a4b0e82ce69048a35ac114e7515ed2ed6a445ec9f8ad9f98287491e087a269b3e973fb55da360e2df1a516a9fa850c68cfcfaadacb2fbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
memory/572-706-0x00000000002C0000-0x00000000006A9000-memory.dmp

Filesize
3.9MB

Download
memory/572-707-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/572-680-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/572-681-0x0000000007270000-0x0000000007273000-memory.dmp

Filesize
12KB

Download
memory/572-14-0x00000000002C0000-0x00000000006A9000-memory.dmp

Filesize
3.9MB

Download
memory/572-834-0x0000000007270000-0x0000000007273000-memory.dmp

Filesize
12KB

Download