5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

Resubmissions

06-01-2023 02:20

230106-csrcmaea56 8

06-01-2023 02:16

230106-cqdzhshf2z 8

Analysis

max time kernel
143s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
06-01-2023 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.86-Installer-1.0.1.exe
Size

21.7MB
MD5

f643be370cc9763a17f7746b1b6a0243
SHA1

c65391f59a6e1421d783eaf43eb9661cfd476f82
SHA256

5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38
SHA512

5ce377dc1a4a59723cf2b969c0cadb3197e5bf61d0064e2e8c94a0be9d4fd1cd9b33e05078a17e89f54b763e180be32ce14b46949a58ff47e5df18183291142f
SSDEEP

393216:WXYwVCtYto0fs/dQETVlOBbpFEj9GZdqV56HpkbGCST7yuk9sLx:WowVCWTHExiTTqqHpMsV

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
4600	irsetup.exe
1080	AdditionalExecuteTL.exe
2788	irsetup.exe
2300	TLauncher.exe
3820	TLauncher.exe
2400	TLauncher.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000900000001abfa-172.dat	upx
behavioral1/memory/4600-177-0x0000000000AA0000-0x0000000000E88000-memory.dmp	upx
behavioral1/files/0x000900000001abfa-181.dat	upx
behavioral1/memory/4600-288-0x0000000000AA0000-0x0000000000E88000-memory.dmp	upx
behavioral1/files/0x000200000001557c-363.dat	upx
behavioral1/files/0x000200000001557c-373.dat	upx
behavioral1/memory/2788-387-0x0000000000DD0000-0x00000000011B8000-memory.dmp	upx
behavioral1/memory/2788-456-0x0000000000DD0000-0x00000000011B8000-memory.dmp	upx
behavioral1/memory/4600-508-0x0000000000AA0000-0x0000000000E88000-memory.dmp	upx

Loads dropped DLL 4 IoCs

pid	Process
4600	irsetup.exe
4600	irsetup.exe
4600	irsetup.exe
2788	irsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

Drops file in Program Files directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4600	irsetup.exe
4600	irsetup.exe
4600	irsetup.exe
4600	irsetup.exe
4600	irsetup.exe
4600	irsetup.exe
4600	irsetup.exe
1080	AdditionalExecuteTL.exe
2788	irsetup.exe
2788	irsetup.exe
2788	irsetup.exe
2300	TLauncher.exe
3216	javaw.exe
3216	javaw.exe
4456	javaw.exe
4456	javaw.exe
388	javaw.exe
388	javaw.exe
388	javaw.exe
388	javaw.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 4600	1484	TLauncher-2.86-Installer-1.0.1.exe	66
PID 1484 wrote to memory of 4600	1484	TLauncher-2.86-Installer-1.0.1.exe	66
PID 1484 wrote to memory of 4600	1484	TLauncher-2.86-Installer-1.0.1.exe	66
PID 4600 wrote to memory of 1080	4600	irsetup.exe	69
PID 4600 wrote to memory of 1080	4600	irsetup.exe	69
PID 4600 wrote to memory of 1080	4600	irsetup.exe	69
PID 1080 wrote to memory of 2788	1080	AdditionalExecuteTL.exe	70
PID 1080 wrote to memory of 2788	1080	AdditionalExecuteTL.exe	70
PID 1080 wrote to memory of 2788	1080	AdditionalExecuteTL.exe	70
PID 4600 wrote to memory of 2300	4600	irsetup.exe	73
PID 4600 wrote to memory of 2300	4600	irsetup.exe	73
PID 4600 wrote to memory of 2300	4600	irsetup.exe	73
PID 2300 wrote to memory of 3216	2300	TLauncher.exe	74
PID 2300 wrote to memory of 3216	2300	TLauncher.exe	74
PID 3820 wrote to memory of 4456	3820	TLauncher.exe	79
PID 3820 wrote to memory of 4456	3820	TLauncher.exe	79
PID 2400 wrote to memory of 388	2400	TLauncher.exe	82
PID 2400 wrote to memory of 388	2400	TLauncher.exe	82

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-2368682536-4045190062-1465778271-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1814730 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1839152" "__IRSID:S-1-5-21-2368682536-4045190062-1465778271-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2788
- - C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      4⤵
      Drops file in Program Files directory
      Suspicious use of SetWindowsHookEx
      PID:3216

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:4456

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:388

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2936

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000001B01E0 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:980

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
PID:2160

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
93cac83edb5176a81e2a809f92006845

SHA1
8f4778e44d288db5b26e8de251d66cdc1c909fbe

SHA256
257d50732d9b82475bbd4a8a0f64fb3a823857580f0f508a92f7d9ee91590da2

SHA512
512fc74715983901303698a2a322311914998555f594ea6cc52d0f6a1ec9c18b7f44e3ba55635ec3d822db16a545e3d0929a5778d0d4d1d2783d545744cad65c

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
d0e8b6341d226586b7cd750b67832da8

SHA1
8c4dd2502ac9726df927dc14897186717f568100

SHA256
931f135608238450af05716573778b10adf03e29d1c0b6fe1aa8a7d8afc5bc59

SHA512
88673cdf151f6d260ea1aadaceb61c19197eadc9eb9f55eddaef3c6661bfaddab504f60429e156efa9413fb90c7c1455fdbc8c47ad9874eaa240ca30e3205952

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
f8996d2158a69a12b4bc99edd28100bc

SHA1
892887691df881fe432e09b618e90f50447340e6

SHA256
866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

SHA512
d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
f8996d2158a69a12b4bc99edd28100bc

SHA1
892887691df881fe432e09b618e90f50447340e6

SHA256
866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

SHA512
d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
1313bb5df6c6e0d5c358735044fbebef

SHA1
cac3e2e3ed63dc147318e18f202a9da849830a91

SHA256
7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

SHA512
596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
1313bb5df6c6e0d5c358735044fbebef

SHA1
cac3e2e3ed63dc147318e18f202a9da849830a91

SHA256
7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

SHA512
596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e7bbc7b426cee4b8027a00b11f06ef34

SHA1
926fad387ede328d3cfd9da80d0b303a865cca98

SHA256
e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

SHA512
f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e7bbc7b426cee4b8027a00b11f06ef34

SHA1
926fad387ede328d3cfd9da80d0b303a865cca98

SHA256
e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

SHA512
f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
648B

MD5
a90ae007087d935db8ae13d36e695d3c

SHA1
0ae00fa6da53b54c9303bb0b2e798fef4c0adaa1

SHA256
67b263b01907bf837818aa12a13da4947ba75f1b82e4d97aa5774e124f815025

SHA512
a79db69b5def1aaf25a98bccf26e2397be0888ca2327b0b7cc3733a184434d8bd94fb2c4d7234686f68cac4f066cd1ae71252b360f14c3eb5f8170e0a2ea43c4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extentions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar

Filesize
41KB

MD5
65912196b6e91f2ceb933001c1fb5c94

SHA1
af799dd7e23e6fe8c988da12314582072b07edcb

SHA256
663728123fb9a6b79ea39ae289e5d56b4113e1b8e9413eb792f91e53a6dd5868

SHA512
60b15182130ddfd801dd0438058d641dd5ba9122f2d1e081eb63f5e2c12fff0271d9d47c58925be0be8267ed22ae893ea9d1b251faba17dc1d2552b5d93056de

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar

Filesize
658KB

MD5
41f66d1d4d250efebde3bbf8b2d55dfa

SHA1
eeb69005da379a10071aa4948c48d89250febb07

SHA256
9b9df27a5b8c7864112b4137fd92b36c3f1395bfe57be42fedf2f520ead1a93e

SHA512
109a1595668293b32376e885ad59e0e4c0e088ea00f58119f0f7d0d2055f03eb93a9f92d974b6dbd56ef721792ac03c889d9add3a2850aa7ccd732c2682d17ef

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

Filesize
13B

MD5
cfeaf7bfe734c9d877a5e00363541226

SHA1
99f71a9799639fbe3a65b2c1862025bef8b00d34

SHA256
9ae7cbd6d26b26be6f7fe8320bbd6b7d01e3c2b158a1ac7c060247bc817f3314

SHA512
0235469ff1a0fa518087137ce5dd36f65abf7eb94c331eeb9e506060574b5b3c7e83e8f31b0817e5ffd1301a619cb63a0d7ab372dae69ff011552bd2c4f77cff

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

Filesize
51B

MD5
c284023b8ae259decd74d02561b00053

SHA1
ef80a9a3654b8dfb36aacbbf5f3929d508b85d66

SHA256
98966042f54468141830b95857504895840186612f1f6e6d343e13da8309b544

SHA512
9751ae780b3f4a87320c96360edd527532ccc9b979e34880873fe3bc35ae1a104059fd6da8e597034bf01344197a51003a218ccfbf76414cd432fd15c256cc80

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
memory/388-676-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-687-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-654-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-658-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-661-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-671-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-673-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-648-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-684-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-685-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/388-686-0x0000000002F70000-0x0000000003F70000-memory.dmp

Filesize
16.0MB

Download
memory/1484-143-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-145-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-151-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-144-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-161-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-162-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-163-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-164-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-165-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-166-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-167-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-168-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-169-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-170-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-155-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-159-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-160-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-158-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-157-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-156-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-154-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-152-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-150-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-149-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-148-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-147-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-146-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-153-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-142-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-141-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-140-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-139-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-138-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-137-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-136-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-135-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-134-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-133-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-132-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-131-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-130-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-129-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-128-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-121-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-127-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-120-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-126-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-125-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-124-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-122-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/1484-123-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/2788-456-0x0000000000DD0000-0x00000000011B8000-memory.dmp

Filesize
3.9MB

Download
memory/2788-387-0x0000000000DD0000-0x00000000011B8000-memory.dmp

Filesize
3.9MB

Download
memory/3216-533-0x0000000003430000-0x0000000004430000-memory.dmp

Filesize
16.0MB

Download
memory/3216-535-0x0000000003430000-0x0000000004430000-memory.dmp

Filesize
16.0MB

Download
memory/3216-515-0x0000000003430000-0x0000000004430000-memory.dmp

Filesize
16.0MB

Download
memory/3216-532-0x0000000003430000-0x0000000004430000-memory.dmp

Filesize
16.0MB

Download
memory/3216-539-0x0000000003430000-0x0000000004430000-memory.dmp

Filesize
16.0MB

Download
memory/3216-540-0x0000000003430000-0x0000000004430000-memory.dmp

Filesize
16.0MB

Download
memory/4456-592-0x0000000002D30000-0x0000000003D30000-memory.dmp

Filesize
16.0MB

Download
memory/4600-186-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-183-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-289-0x0000000005EE0000-0x0000000006EE5000-memory.dmp

Filesize
16.0MB

Download
memory/4600-261-0x0000000005EE0000-0x0000000006EE5000-memory.dmp

Filesize
16.0MB

Download
memory/4600-259-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4600-187-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-508-0x0000000000AA0000-0x0000000000E88000-memory.dmp

Filesize
3.9MB

Download
memory/4600-185-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-184-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-288-0x0000000000AA0000-0x0000000000E88000-memory.dmp

Filesize
3.9MB

Download
memory/4600-182-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-180-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-179-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-175-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-178-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-176-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-177-0x0000000000AA0000-0x0000000000E88000-memory.dmp

Filesize
3.9MB

Download
memory/4600-174-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4600-173-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download