2aab5f27a6947ef86868c5118a09743e54123444f8e846064b05277f51060723

Resubmissions

13/09/2024, 19:09

240913-xt8nhstgkg 8

13/09/2024, 19:02

240913-xp3xgashrq 8

Analysis

max time kernel
36s
max time network
39s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-Installer-1.5.1.exe
Size

24.1MB
MD5

f245d48c03c913315a2ddef555484f0f
SHA1

8b15789d7ea71a80e57d745531376fb9b778d750
SHA256

2aab5f27a6947ef86868c5118a09743e54123444f8e846064b05277f51060723
SHA512

0f6baf1e5180e82b59a91cb3079d07bfaf1520fa974ca94bed9bec2cc0bf681d5081b880fa3aacfa59add88d5bae7980cfc4d5aa95aa1ab9d8f46e66c7892a96
SSDEEP

786432:NKgLCOrD1bJkM9irrKJBH5lFRqkd4zUcjc+orlG:NKHjMQPKJBZlCkOQcrorl

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2848	irsetup.exe
552	BrowserInstaller.exe
448	irsetup.exe

Loads dropped DLL 20 IoCs

pid	Process
2268	TLauncher-Installer-1.5.1.exe
2268	TLauncher-Installer-1.5.1.exe
2268	TLauncher-Installer-1.5.1.exe
2268	TLauncher-Installer-1.5.1.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
552	BrowserInstaller.exe
552	BrowserInstaller.exe
552	BrowserInstaller.exe
552	BrowserInstaller.exe
448	irsetup.exe
448	irsetup.exe
448	irsetup.exe
448	irsetup.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000018710-3.dat	upx
behavioral1/memory/2268-6-0x00000000036C0000-0x0000000003AA9000-memory.dmp	upx
behavioral1/memory/2848-17-0x0000000000F00000-0x00000000012E9000-memory.dmp	upx
behavioral1/memory/2848-765-0x0000000000F00000-0x00000000012E9000-memory.dmp	upx
behavioral1/memory/2848-766-0x0000000000F00000-0x00000000012E9000-memory.dmp	upx
behavioral1/files/0x000400000001e2fc-829.dat	upx
behavioral1/memory/448-848-0x0000000000290000-0x0000000000679000-memory.dmp	upx
behavioral1/memory/2848-2151-0x0000000000F00000-0x00000000012E9000-memory.dmp	upx
behavioral1/memory/448-2157-0x0000000000290000-0x0000000000679000-memory.dmp	upx
behavioral1/memory/2848-2160-0x0000000000F00000-0x00000000012E9000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 3 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	irsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	irsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	irsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher-Installer-1.5.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BrowserInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	irsetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
448	irsetup.exe
448	irsetup.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
2848	irsetup.exe
448	irsetup.exe
448	irsetup.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2268 wrote to memory of 2848	2268	TLauncher-Installer-1.5.1.exe	30
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 2848 wrote to memory of 552	2848	irsetup.exe	32
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33
PID 552 wrote to memory of 448	552	BrowserInstaller.exe	33

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.1.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.1.exe" "__IRCT:3" "__IRTSS:25259921" "__IRSID:S-1-5-21-2703099537-420551529-3771253338-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1709878" "__IRSID:S-1-5-21-2703099537-420551529-3771253338-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
b57945eb67266bbc855875741da891f0

SHA1
9f87f9a45aa3599bf08b12c56dbcc6d7279abb00

SHA256
e1e0b0a0c7f899ed0425beaf774e62d33bd45a9e69b1120392ddea4bfffebfb6

SHA512
d901ab0002ef1ea971e46d5feb852a4d60f1554e8d213742e84fc8f8d1682cb476c9ac1d961afd4c67659452557b03c2aa9247a7724cc690d547d731266be40d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8e001d27f328147c9667c62131f5099

SHA1
50363c105c49a3fd7a8392f2b7a578146a2f7f56

SHA256
b8abbe6128f6210e2d38d637603e3e90215af4ee4f2dfa845fb280b1f68a6525

SHA512
504330f0dc4952e74548953eefc7df43ae3d5ecb3c70bb6864ac3aa16ea842051e4991dfbbc8fc9a83b429d99207f43734af51e43d751356435454b491e777f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7845ce1a9db5dbb5aad0973bc704874

SHA1
d4a33cdb6d91cab52d40a53b7596f4cbec338af6

SHA256
88636ebb2024538fb5d463c095a9cbd33c35603f965331cf0e2d80b564ab178e

SHA512
2b0e9d8b9705ab0694a5e001a9b6b3ed0c6382317f7b46010a5ba5d7148052f99e96ef91af38ea6bb5f565b19c40286ba395f9efa5d33523d604fb63467710c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab40F9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar412B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
199e6e6533c509fb9c02a6971bd8abda

SHA1
b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

SHA256
4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

SHA512
34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

Filesize
12KB

MD5
3adf5e8387c828f62f12d2dd59349d63

SHA1
bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a

SHA256
1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0

SHA512
e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

Filesize
43KB

MD5
8a85341b0188798599ce0927cf9fe146

SHA1
464460dfea299841de85e5e16efb8e941c3d4ee5

SHA256
42626231c6d33fc1fee765b86f912a9e689751f608a1983767ff3408293935da

SHA512
6e515bd4ff706d9cf3d2bbc83e3fcd1a2efcaaf6ddb9a750946f17bd80656f6fbe8b91faf95eb334fc35a838f75a3062d1f78e3f87fd4afca0ddf639e1d46716

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG16.PNG

Filesize
644B

MD5
fb752bccf189b74f7f2c3e62bd619458

SHA1
58540838022baeb105cd3ee8f86178e8590871c4

SHA256
eb81a1aef2e49e389d2964afb0323fe5f86bdb9db122c158623484dd2f8b1348

SHA512
df459f70d69d905b09c64ffe02f2a932989dbd7ef71c85f38d97ee73d0c2f3fe6c8521b9ac1dcd043cfb600b25a8a42ea3f3e1eff8db2cf68fd1b50a7eee7004

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

Filesize
12KB

MD5
f35117734829b05cfceaa7e39b2b61fb

SHA1
342ae5f530dce669fedaca053bd15b47e755adc2

SHA256
9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3

SHA512
1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

Filesize
12KB

MD5
f5d6a81635291e408332cc01c565068f

SHA1
72fa5c8111e95cc7c5e97a09d1376f0619be111b

SHA256
4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26

SHA512
33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

Filesize
1.8MB

MD5
5c9fb63e5ba2c15c3755ebbef52cabd2

SHA1
79ce7b10a602140b89eafdec4f944accd92e3660

SHA256
54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

SHA512
262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
151KB

MD5
c2be5f72a6cb93af45f70fcd786149a6

SHA1
91a3250d829e7019c7b96dc2886f1d961169a87f

SHA256
f616ad0cc12e4c8c01b1af5dd208aae46a5fdb1b02e8a192dfe84283e1161ca6

SHA512
522b82e48fc4d6c94236f6598352ef198500ef83f2b8d890dd14901173b35d179c567e9540908a9bf145f2492043fa6848182634ee4c58956418884449f223bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
750B

MD5
9f231996af9450750f93c84d5c138ae3

SHA1
cf2199198bf9f5f54d4725eb36e91348798a7d3e

SHA256
380ecf8d517e7276417591a0758fbb6032dd554d5828151229ca6fb95b2fec03

SHA512
cc8845e892a170d564584c96098281e770216e2bba82b88a6970466f10b96482ba9fdf4f37c948540f7302783720b000f5a7f51069f09491a81b1cd7bbfead2f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
9.1MB

MD5
3fd8ea8955585f1867dfe40bcebe4f6a

SHA1
e79885c300af3111f15e56544d4dab7f5187dab0

SHA256
4a57d4e4de95e922353d327b318ef70de5431d57254f23487af9a87a2bd5d346

SHA512
42d8f094eb5b534303e90534d0bad4e4de9f72d002fffb75b7d905d7f921fc12a15451671b71017de9ffb00c5d21e34909b34e4b3e13ca6897d6971ba969c029

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

Filesize
45KB

MD5
bb4e23b158ae7c30af4f853b3c9549e4

SHA1
0b89279b32eb997bbf40c6b16ea41838fbd60455

SHA256
3c1b91e8138e076eae0b3f59fb986d0315fd0afa4e91f19fcd3415c725714ccb

SHA512
29692c12ae7fabc031ed1c04f6c35ae119f3eab7ff007352f01ebfc9b0d98f8f5e5b948b7629dd0882cebd72723c950379ab8e21fc5edbf170cfa711c3a63723

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

Filesize
206B

MD5
be71b13401dc222cf12705a494d6d869

SHA1
88a1c0ba9183ff7c5737554f1fdfcec7f0a3cd9b

SHA256
18613a50bf66f04846476b7af071dcaab66fe0f5674b912155e1d5d8863d7e45

SHA512
686a8a0c2c54f5fc09817ac7d657b8f18b1b273142689a9ba9415cecd31e0ded4839e64ce51d0b4da29a2f541594c458b7b2187275f31cc9731875d2301ec213

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG12.PNG

Filesize
22KB

MD5
c4a4a535e40b5c286a1481c8b6be82f1

SHA1
577e9101f22f0a07b5c67be1d92c482f8d5a359c

SHA256
fb7b42f197d11f34892cb4544205ece7ba4569f2be24020a6e432ff2541b4348

SHA512
2ce6b36f8c4b71054dc13d2258fe0495d581b14021a3421befe9c55da423f011a59d80f05800a96ac5cf86cb71ee412ee29571145c2875085122bbddfa19a94b

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG14.PNG

Filesize
41KB

MD5
5ff06602ea819682acea3bec4f2a0afd

SHA1
171982fb2bbcc7e502ae1b9dc38cf2dcb5483051

SHA256
038f13817112ff61c714b6a27c708e7f3a4aa62144f36f35296f6b15fc8299fe

SHA512
11c24cfdfaf279f3265ebe824a8daad5469ac6b59196b13ca90d4691b75876f50d4b0bdc51245689354e405e992f82cab73ddad7bc4f6909776e97d97a5b1393

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

Filesize
475B

MD5
e7c8639ffabb5798b481e18e50cdc55f

SHA1
b42e7329f507f1aed5de150046240c2675dbdb92

SHA256
661546ce97196675b8557b12489d26ff65d03ebfc105d09492233efe6c66c3b6

SHA512
a290228c56b5dcbc80dcc3ec84a7dfc9e3ad5070c7e65f972f0703c938af0f5084ab43f118331f30978012613495f3e7177cdd31800f8a57f508aa1009e171f1

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

Filesize
368B

MD5
3ec4c9062ab90ac0e840a236fb9b498e

SHA1
df0055f019f4820b25104f8de6a2f42b871cb194

SHA256
48732b00521bb3b0c94dcb818dfc8d45dd5f73b0319d99b39781bc7930756d40

SHA512
5e291fc1193a7bc3170e99f807c9f3af84c44bec55e513c204fbedfc41db74bec25352985cb30e9e6b2431219e89b6a06bcb85fff64b6e9417886ffc870d0097

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG9.PNG

Filesize
438B

MD5
cd54f1ea241ffe76657978a9e5fccfa3

SHA1
4607eb93ece1c8bd3fae4ddbdf882b2f41cf53fc

SHA256
9dea4ae080d9fb4803e86537d4302a2bc3912602fa4fd3b7154196345d3984b8

SHA512
58f642c2c72ddcb39b0b6b49fac368ff7f5ae946ba5296c52e09d0192c7345cf0e0a588fdfeb23d0429aff9941d7695d19b6d60ccd0c9170b02e21a8c4b25a0d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
1KB

MD5
f8192050d23a8dd3ea03dca65786aedf

SHA1
533e3e633851803f25a40e36edba5cef658f2f2e

SHA256
ab482b2f5c4bed5ee770c8ee1307fd68af9e6b7328aa978aa40e06c9aa12ba50

SHA512
812905115f581ee4173665ba990fa026ff83ae132a1fd3570113d18b800e5ba12147c23da179915c143a3878b02c9f42d8715e92b11310be60b4a2750ee6a57d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
2KB

MD5
d7a70e07debd2d7fa89f0b064cc34530

SHA1
187001b3189907aaa272f323c85a0486e73e2713

SHA256
3d6b3d89d12ded3e755eb70068873bdd867af63e566655a427e6084c1dfaf5e5

SHA512
000cfe4913f154ab781f55a1493264027a5119b99607a98f21316400969d201b0f2b5aab41e65c975e1b2920e2dab1404e6e821db87e8299b581c34f1f275543

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
3KB

MD5
49d9a99ae1603f6eb5a2ef8c9005d55c

SHA1
8b90c0999ed2e6be5dbfd32580487a256955c556

SHA256
ae4b92bf16bebfe6e08d762ad22f480946704d1b9d6a82afba61864a889c0141

SHA512
4ddbc36f8d78d5fb94005aded753a160eb888162e9b4c6871e40e07eb425d3ac54927d3eab500d9184e8a7cfc9af69c165c89fc08339f861a80fb545b11ec046

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
3KB

MD5
41fa0e51fbfb263a09b99f99fd075627

SHA1
f644fba4f6f177b2fb1876dac57eadf635fb22bc

SHA256
1e9118250421d6186d6ff34c860ab11aa4d74dc8d9075d5dce1bdeef45b279a8

SHA512
24c0559d9ab25ba7b15169681a8dff3101cd938229f67a76edc7eec93d14b2599c9d980a75c04c4dd98443c7bc51248cf9b8ceb89492c03e03702ecfef1e9e56

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
3KB

MD5
3a22afca76aa6c73e4809c192f36040d

SHA1
fa520c0852fc3b6c74affc76d18bec1e1e21f0f4

SHA256
5d52cdb1e50c78a0de86eadb9d1b163d744d6e7d34d75442e4271e56cedb69b8

SHA512
7c88cc3c9312d212eb3866b87fc0d4c08646bead68a2a326841460793cee886a8a71989d9da1c9ccbf75f5cc314bac11afbec29d0fd459b97855afdc66af36c1

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
4KB

MD5
8a9e256b76914b4b5bf3f3ce1ba6a57c

SHA1
e46ebea66c094072811af26ada1159b92099ee11

SHA256
953c4d799255b5ca3d9b0d9bfa2d520f2952d73b77df9919f196f9b2d01e673f

SHA512
3335bdd21801be2d996f96acfce82aef397f67d0d8e033a2c30351f83d5d3200455a717b9dbd0cad7f4525f2ad3ff3c15cde5af5d54b3a8855c69436f7f5027d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
23KB

MD5
fbe99bea946a040efca0e3d920cc7f2d

SHA1
43fe70a08703f04e6b710691f1a7ceab5344fc00

SHA256
635024e745ed51abc1eb86fab2cfc0a6dbe089a062ca054915931cd11fc6afd6

SHA512
1c34cc3777a9ecf9650b7516fe8853f7c71a7bb8e509119662f87b8dbe8a70b01ee2642d00b3ea42520c0cd7f1a045c5f20135a69fd073537a74c1d19f613040

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
981c6bd23ad276e43a0716eb2c2d86c2

SHA1
9fcf7d51c0bc47a6bbd07c98a98bcdab041cd961

SHA256
6fb77e0ab35e79e357ab4172f65e58a8c8904653b088be2d867619ad66cbb309

SHA512
44cc99cbea974ee1fcab4ca9a58ddaec073555c9ba202452cb579a199e63dccaf83a4b0413b54a788ae44f9cdde1c78d887661483f66eaf05ad2e42cdde1469d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.2MB

MD5
07552732fa64db456300880d52e81b2f

SHA1
9a653ea405f5f26ec0c2d9a0bc9bcb11ba010efc

SHA256
94bc1aa272183daf13f24594493eea40e02cb9861c76f9de3711c139f5315226

SHA512
47e97e300330ec1523f4af6e87b9866fae2e90cd9b59fc4d02e53e29b223691f980daf1f221f5286dbc1a9a9ddf6e01e7a597c5cf763710c51d84c8d5bac60b0

Download Submit
memory/448-848-0x0000000000290000-0x0000000000679000-memory.dmp

Filesize
3.9MB

Download
memory/448-2150-0x0000000000970000-0x0000000000980000-memory.dmp

Filesize
64KB

Download
memory/448-2157-0x0000000000290000-0x0000000000679000-memory.dmp

Filesize
3.9MB

Download
memory/448-2159-0x0000000000970000-0x0000000000980000-memory.dmp

Filesize
64KB

Download
memory/552-833-0x0000000003240000-0x0000000003629000-memory.dmp

Filesize
3.9MB

Download
memory/552-2155-0x0000000003240000-0x0000000003629000-memory.dmp

Filesize
3.9MB

Download
memory/552-2156-0x0000000003240000-0x0000000003629000-memory.dmp

Filesize
3.9MB

Download
memory/552-2154-0x0000000003240000-0x0000000003629000-memory.dmp

Filesize
3.9MB

Download
memory/552-831-0x0000000003240000-0x0000000003629000-memory.dmp

Filesize
3.9MB

Download
memory/2268-15-0x00000000036C0000-0x0000000003AA9000-memory.dmp

Filesize
3.9MB

Download
memory/2268-6-0x00000000036C0000-0x0000000003AA9000-memory.dmp

Filesize
3.9MB

Download
memory/2268-692-0x00000000036C0000-0x0000000003AA9000-memory.dmp

Filesize
3.9MB

Download
memory/2848-2153-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/2848-788-0x00000000004E0000-0x00000000004E3000-memory.dmp

Filesize
12KB

Download
memory/2848-2151-0x0000000000F00000-0x00000000012E9000-memory.dmp

Filesize
3.9MB

Download
memory/2848-686-0x00000000004E0000-0x00000000004E3000-memory.dmp

Filesize
12KB

Download
memory/2848-765-0x0000000000F00000-0x00000000012E9000-memory.dmp

Filesize
3.9MB

Download
memory/2848-17-0x0000000000F00000-0x00000000012E9000-memory.dmp

Filesize
3.9MB

Download
memory/2848-685-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2848-766-0x0000000000F00000-0x00000000012E9000-memory.dmp

Filesize
3.9MB

Download
memory/2848-767-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2848-2160-0x0000000000F00000-0x00000000012E9000-memory.dmp

Filesize
3.9MB

Download
memory/2848-803-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download