4c1993ff60a9013a1e7226bf737f84beefeb6b69677d6bc1f544959640479e79

Resubmissions

12-03-2023 06:21

230312-g4gd1sfa4y 7

12-03-2023 06:12

22-02-2023 07:56

22-02-2023 07:52

22-02-2023 07:50

18-02-2023 19:33

Analysis

max time kernel
637s
max time network
625s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12-03-2023 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.69-Installer-0.5.2.exe
Size

14.3MB
MD5

5d9aaf4088910768120e081fbbffce80
SHA1

fa8643e5bbf4cdebddd0bd1af6568540c630fe46
SHA256

4c1993ff60a9013a1e7226bf737f84beefeb6b69677d6bc1f544959640479e79
SHA512

398c4c2bb0968ee258fb0adb3ebb5516a24c8f5297605ff58aa6de59cb451d480ea289376e7755b66f847abf87ad43c0da310a5a5220c0908c3bde8c878eb886
SSDEEP

393216:MXgumBb5fsD441ffz4e4oQL1CbfvIzAtdB7l7RPupq:Mwu05+1Hz4e4tCEzuB7l7RR

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

irsetup.exeTLauncher.exeTLauncher.exe

pid process

4500 irsetup.exe
3368 TLauncher.exe
2084 TLauncher.exe
Loads dropped DLL 2 IoCs

Processes:

irsetup.exe

pid process

4500 irsetup.exe
4500 irsetup.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/4500-124-0x0000000001080000-0x0000000001468000-memory.dmp	upx
behavioral1/memory/4500-200-0x0000000001080000-0x0000000001468000-memory.dmp	upx
behavioral1/memory/4500-305-0x0000000001080000-0x0000000001468000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

Processes:

bcastdvr.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini bcastdvr.exe
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

javaw.exe

description ioc process

File opened (read-only) \??\D: javaw.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

description	ioc	process
File opened (read-only)	\??\D:	javaw.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

GamePanel.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe

Modifies registry class 4 IoCs

Processes:

javaw.exejavaw.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	javaw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	javaw.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

irsetup.exejavaw.exejavaw.exejavaw.exejavaw.exe

pid	process
4500	irsetup.exe
4500	irsetup.exe
4500	irsetup.exe
4500	irsetup.exe
4500	irsetup.exe
4500	irsetup.exe
4904	javaw.exe
816	javaw.exe
604	javaw.exe
816	javaw.exe
1320	javaw.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

TLauncher-2.69-Installer-0.5.2.exeirsetup.exeTLauncher.exejavaw.exeTLauncher.exejavaw.exe

description	pid	process	target process
PID 2568 wrote to memory of 4500	2568	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 2568 wrote to memory of 4500	2568	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 2568 wrote to memory of 4500	2568	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 4500 wrote to memory of 3368	4500	irsetup.exe	TLauncher.exe
PID 4500 wrote to memory of 3368	4500	irsetup.exe	TLauncher.exe
PID 4500 wrote to memory of 3368	4500	irsetup.exe	TLauncher.exe
PID 3368 wrote to memory of 4904	3368	TLauncher.exe	javaw.exe
PID 3368 wrote to memory of 4904	3368	TLauncher.exe	javaw.exe
PID 4904 wrote to memory of 816	4904	javaw.exe	javaw.exe
PID 4904 wrote to memory of 816	4904	javaw.exe	javaw.exe
PID 2084 wrote to memory of 604	2084	TLauncher.exe	javaw.exe
PID 2084 wrote to memory of 604	2084	TLauncher.exe	javaw.exe
PID 604 wrote to memory of 1320	604	javaw.exe	javaw.exe
PID 604 wrote to memory of 1320	604	javaw.exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.69-Installer-0.5.2.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.69-Installer-0.5.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1905626 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.69-Installer-0.5.2.exe" "__IRCT:1" "__IRTSS:14984508" "__IRSID:S-1-5-21-3853465373-1718857667-1861325682-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4500

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3368

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
4⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4904

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xmx512m -Dfile.encoding=UTF8 -cp C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extensions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\2.8\picture-bundle-2.8.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar; org.tlauncher.tlauncher.rmo.TLauncher
5⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2084

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:604

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xmx512m -Dfile.encoding=UTF8 -cp C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extensions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\2.8\picture-bundle-2.8.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar; org.tlauncher.tlauncher.rmo.TLauncher
3⤵
- Enumerates connected drives
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3180

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000060056 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:4440

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
PID:3184

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
Filesize
50B

MD5
5d1cccbe82286dbebb5684aa69322db3

SHA1
945c01f07aca110aab7bb6f0d06aa906a977aef6

SHA256
dbc637fb84b1f2cfd4f4faf9781a8c514eebbf5551b8e3cdb90688e17493db20

SHA512
230d55b066973646189fde03863bb3fe76bca24a8a69392ef018160b534d52187c38a052d53d65ea6b7c81daec31954710d9fd0d21be1d20136389ca147694a5

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
Filesize
50B

MD5
b4b2544152427262e5fd36d3be265140

SHA1
37cdcd3c33fc3ef5edb1f42c8503e3a3e97fd25d

SHA256
7f0133d21f250d4a69ee8cd71661c70c1ea6d47a2d3f1cde802b8825d9c76c07

SHA512
00dda61dbf12e1e3ad7d0434c7a4eab99a999cc1d0a6cdb0b01714367a7cbf1c8f88366fee642802a37c2178a0db477f8cf73569eba601bd0dfeebcd5611f929

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
Filesize
50B

MD5
0e23fe9e428c88adb5238a7afe92e225

SHA1
da8947e98ebb0707fdad941c38852bcd97254cd5

SHA256
e3824b509900b24e88884392f49c9d01704613bb7e1c62851a5dc50857a972e8

SHA512
5c724e2fd6685e9537dd670fbd008516c14982da97df2405cfe0c6648b1919e63f5f5e236c13c6799d24a19b674813514c93ff35cd6de6a3b53c7ea1be10db1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
761fa6784a1e3dc4400b8376669364b6

SHA1
45c37056e0d7672b53c08ea46c009697e4170568

SHA256
0d02f96c5fdee64459d515aa4bc1149f6a297348efb58709e6238a49b61e4b4e

SHA512
69428043d456823c5b2e10be2d0ad9755924d1203f6a69430d592e7e6e20c8775a73349df9c4b079a4f1b4dfce52bebdd91c26b4f1830a637c56ccde637fdce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
67510c285d37f5baeea565363bd3be76

SHA1
dbd5e91a769a07833e086078067789bf34ecdbd4

SHA256
59deb2dd2435e4b0fbb3aca2b391c124f4c32769dcad7aadb015488f323965f9

SHA512
bf7b109c978a182c5c74d9fe8db0167750e5597403cd5e98666222229b561f069a6eaf1877420abe74f1b2cffde825e56f178834ca59f949319df240a6aefa62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG
Filesize
438B

MD5
d4c60c0b841271306df0b670800480ce

SHA1
d4b9acfad9a8dc06f71c59ead9367a00e49300db

SHA256
238558af2083ce123f00649509ffda957b18e36bf378414ce7919c938f9bed39

SHA512
d1b54c1a8b56947770939a4a6ceb9889e4dab6172b03c9030b3708d546f34191df997b3ed5ffe4a089a9e2ba7089eef7dbb49e32e97779e83319e7c5f036848c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
8e1c30a8b847f121aea0d1de0fd2bab3

SHA1
9c41ea0a30d8d149322c2f36aa158bf966cc8d57

SHA256
8deff78bc2e2d6471b64d4d94feadee385eedfa3e78f704c9effd880abd10b95

SHA512
5e2e470fab64f73782d303da1bd155fb4d1cc4bc80fb967f23414a4f9ae1d0cdb41619b584da70747377a84717835c9b6efb42dd6d279d11a3b272a928b3c614

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
d30c4f18d275ba0d682c1aeb8742d52d

SHA1
f67a75000edb681e359d7dfb0d887010ea100ffc

SHA256
24f59e16e5795f33426a676419c6397cf48062b59e6b1535453d9a438d3ad658

SHA512
f3dd23e4b3d69462321c5350edc678c1ee5244a3a19b5dae3fdbc88bcd055887a43c5007da02d31af76c437d2a5199e233c9b62f1d40cbc9f920a4f1bf517351

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
Filesize
4KB

MD5
04177054e180d09e3998808efa0401c7

SHA1
0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8

SHA256
0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08

SHA512
3f44a932d8c00cfeee2eb057bcd7c301a2d029063e0a916e1e20b3aec4877d19d67a2fd8aaf58fa2d5a00133d1602128a7f50912ffb6cabc7b0fdc7fbda3f8a1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar
Filesize
151KB

MD5
75a215b9e921044cd2c88e73f6cb9745

SHA1
18cc717b85af0b12ba922abf415c2ff4716f8219

SHA256
7c764fa1af319b98ff452189ab31bb722ea74ed7a52b17b0c6282249c10a61fc

SHA512
1a44af2f3f8dbfbf38ad5f71ef11b32d5822d734f77af2cdea419fb6af845e894acb60bffbcebb4533068d86b55a22a8b0f74be20b204c2343bdb165d9c787f9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar
Filesize
2.2MB

MD5
43bfc49bdc7324f6daaa60c1ee9f3972

SHA1
6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9

SHA256
58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4

SHA512
834f2bf4a5b35edffde0263409649aeaf34ca9a742ba511a06bb9b01626f9e774d2d3c8ba91a7905929dc8cd5e6471de29f7d0ab10260ece2af709b7fdbe4bc3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extensions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar
Filesize
41KB

MD5
65912196b6e91f2ceb933001c1fb5c94

SHA1
af799dd7e23e6fe8c988da12314582072b07edcb

SHA256
663728123fb9a6b79ea39ae289e5d56b4113e1b8e9413eb792f91e53a6dd5868

SHA512
60b15182130ddfd801dd0438058d641dd5ba9122f2d1e081eb63f5e2c12fff0271d9d47c58925be0be8267ed22ae893ea9d1b251faba17dc1d2552b5d93056de

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar
Filesize
658KB

MD5
41f66d1d4d250efebde3bbf8b2d55dfa

SHA1
eeb69005da379a10071aa4948c48d89250febb07

SHA256
9b9df27a5b8c7864112b4137fd92b36c3f1395bfe57be42fedf2f520ead1a93e

SHA512
109a1595668293b32376e885ad59e0e4c0e088ea00f58119f0f7d0d2055f03eb93a9f92d974b6dbd56ef721792ac03c889d9add3a2850aa7ccd732c2682d17ef

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar
Filesize
307KB

MD5
540f330717bca9d29c8762cf6daca443

SHA1
eed8a2cbf56cc60d07a189a429ead3067564193c

SHA256
52de1ff2a7556ac2cc4284abd7123bc3d6274210fc4e3b1d9ba90efad5f6a153

SHA512
a4bcb8bbb43906f42faf1802c504ccc9c616e49afd5dd7db77676d13aaed79a300979ffc2195b680a9c6d5f03466b611b6f1338d824099816aa224b234760f4b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar
Filesize
2KB

MD5
289075e48b909e9e74e6c915b3631d2e

SHA1
6975da39a7040257bd51d21a231b76c915872d38

SHA256
91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff

SHA512
e126b7ccf3e42fd1984a0beef1004a7269a337c202e59e04e8e2af714280d2f2d8d2ba5e6f59481b8dcd34aaf35c966a688d0b48ec7e96f102c274dc0d3b381e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar
Filesize
478KB

MD5
04a41f0a068986f0f73485cf507c0f40

SHA1
5af35056b4d257e4b64b9e8069c0746e8b08629f

SHA256
1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9

SHA512
3f12937a69ba60d0f5e86265168d6a0d069ce20d95b99a3ace463987655e7c63053f4d7e36e32f2b53f86992b888ca477bf81253ad04c721896b397f94ee57fc

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar
Filesize
64KB

MD5
39c6476e4de3d4f90ad4ca0ddca48ec2

SHA1
ee9e9eaa0a35360dcfeac129ff4923215fd65904

SHA256
26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5

SHA512
fd04c19bce810a1548b2d2eaadb915cff2cbc81a81ec5258aafc1ba329100daedc49edad1fc7b254ab892996796124283d7004b5414f662c0efa3979add9ca5f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar
Filesize
424KB

MD5
8667a442ee77e509fbe8176b94726eb2

SHA1
5fe28b9518e58819180a43a850fbc0dd24b7c050

SHA256
734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b

SHA512
b1b556692341a240f8b81f8f71b8b5c0225ccf857ce1b185e7fe6d7a9bb2a4d77823496cd6e2697a20386e7f3ba02d476a0e4ff38071367beb3090104544922d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\2.8\picture-bundle-2.8.jar
Filesize
2.1MB

MD5
a6937ef06f051e13a42aca97852c0657

SHA1
6da1d378eb54ea1e50cba4918756660c2b159f37

SHA256
cb16805cbfca43139628791930cb0d0e3cbbfffd60f56772873090a27c920a5c

SHA512
f524fd9ef7f9b955bd7c0d113191a85250cc6a3f99ed9d0e638075663c80de519650273a3dd3bfae1a6b018c4b9c2dc5449eb45743ae7af394b3914ea3adac19

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar
Filesize
14KB

MD5
13a8e72587ac6eacfb0986f75e51eb7c

SHA1
6c3daf89705427f73e6106d2d4d9619e99c5ecb5

SHA256
1fcffa073f722737431e2699b1f3ea48b92a3b825397d8f0d1464e4d4d15a014

SHA512
134735390415f60d0c42ff33a060bda508e273b35fc9aab271c20ff23f331b51cf3fa36443009e0987049f6bfb22c4098a1473e65ea0349e719fbf4b528f344e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar
Filesize
3.2MB

MD5
acbc8aa5ba5cdddf5f1e67befe8cc597

SHA1
63b4bf89744b532e65c1afa3294743d2b3798f2b

SHA256
1f46b3a163012f9729905633b5e5e03ce385066ae43138a564729c942f9ca6b9

SHA512
d974a032d9af451c0dd51fbc0d64840f3e03eb502f40e4ab60d6722913b8a48d44a75752fcff60656e4d19089570a894222959745af11bcdf93ea1544192fee3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar
Filesize
97KB

MD5
51050e595b308c4aec8ac314f66e18bc

SHA1
9c64274b7dbb65288237216e3fae7877fd3f2bee

SHA256
86f30fa8775fa3a62cdb39d1ed78a6019164c1058864048d42cbee244e26e840

SHA512
c5c130bf22f24f61b57fc0c6243e7f961ca2a8928416e8bb288aec6650c1c1c06ace4383913cd1277fc6785beb9a74458807ea7e3d6b2e09189cfaf2fb9ab7e1

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt
Filesize
13B

MD5
807408923d94d967bd41d0d91bdf5e01

SHA1
4b9a3c572b8749f07cef6166bb1ed58225e5a8a2

SHA256
165f5d85ef203db1aeb3337aa87c8c1133acc2fc93530ca96a7e3129720c1c9e

SHA512
26e30ba14a378ec47d6f5133125a666a1cfc44e12e2d592ed6b1a36f6a12126cffef0f6f57d5d2920e8c3ac42c9ff2abbea972f3217cfecc36242e8f94a3753d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt
Filesize
13B

MD5
3856ed362223dc9797e76da18457e902

SHA1
5ba2caf6d7670d6b3c6ffacea1639c4b882a0f54

SHA256
4b82ff08322430bc0d80e12bd0f8a5de4e24114d32c93ed836942c5ee64cc334

SHA512
82fb7f92646afbfcacff8820d4fce2a49bb9a30bed81a67b6cf5d810317b69ee5deb8ba06eab8612ef6d0c7efd43dd6afdbf55bb3b6bd81a9771e834f98b1b52

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties
Filesize
51B

MD5
b25bc0b5c3a9d1734d438eb25b6583ef

SHA1
d9d1b2be3c2564997864237ab327a632c3d941e5

SHA256
ab550dc8ecb2892f052361032eaf9ee67dfa2c78cee429f671fde0c1585f6f1f

SHA512
4b26545a5c0343be87cb0d98b7636c054b2457d9f718b993c07da152757e2c7a1717e90e697f1e4aa594f32535826be00b611ac8a31ca191e611bdd204d138d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853465373-1718857667-1861325682-1000\83aa4cc77f591dfc2374580bbd95f6ba_10797f1d-9613-4832-b1a3-c22fe365b89d
Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\Desktop\TLauncher.lnk
Filesize
1KB

MD5
bb41f292684485f7370d6bfa98c8060b

SHA1
01a563e66daaf565f3bf00335d76a9481c1fc42b

SHA256
96a12dd3b99359e021dc718448f6f537995a0d2267bc6d82afbad1c029191312

SHA512
6ef3e7d9463e519923540a21f01a8f39175d550b07b4778eb54ffd591352413a33df99672cf13ba63f2a74e71005f07dae080bb5545398840f012c88eea4ee20

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Public\Desktop\TLauncher.lnk
Filesize
1KB

MD5
b728bd05d20eae9561ed2a6794c66351

SHA1
8fe024072c32214fe9f2175df00020959be4066a

SHA256
36bc5a25c949330e91babe20ee1459e0261426a8e38a951b5926d4300b658131

SHA512
3e497cb19304e532809d69db4985bf25d8b04b95d420f1f28e3bccc8f8e66443d1b9383476bc2ea3bba37eb2b5f86c077cf6605e0e57a50d75a7de6be808845a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
memory/604-472-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/604-424-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/604-437-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/604-419-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/604-440-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/816-386-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-372-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-383-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-359-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-366-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-397-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-402-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-408-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-414-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-378-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-375-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-385-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/816-427-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/2084-396-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3368-303-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4500-166-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4500-167-0x00000000066F0000-0x00000000066F3000-memory.dmp

Filesize
12KB

Download
memory/4500-200-0x0000000001080000-0x0000000001468000-memory.dmp

Filesize
3.9MB

Download
memory/4500-124-0x0000000001080000-0x0000000001468000-memory.dmp

Filesize
3.9MB

Download
memory/4500-201-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4500-305-0x0000000001080000-0x0000000001468000-memory.dmp

Filesize
3.9MB

Download
memory/4904-344-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/4904-316-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/4904-327-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download