845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

Resubmissions

05-04-2023 23:31

230405-3hnf4acc21 7

05-04-2023 23:30

230405-3g82eacc2y 7

05-04-2023 23:20

230405-3bpetaab26 10

Analysis

max time kernel
1800s
max time network
1282s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.879-Installer-1.1.0.exe
Size

22.6MB
MD5

601b94e3b018e39e0da90881fe89156d
SHA1

dc5340d6e1cb98c6ae2fa6882a4c7284e990705b
SHA256

845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac
SHA512

493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db
SSDEEP

393216:+Xj4yibrRbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq+:+zCrRsHExi73qqHpg+Vvc+AmX

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TLauncher-2.879-Installer-1.1.0.exeirsetup.exeBrowserInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	TLauncher-2.879-Installer-1.1.0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	BrowserInstaller.exe

Executes dropped EXE 7 IoCs

Processes:

irsetup.exeBrowserInstaller.exeirsetup.exeTLauncher.exeTLauncher.exeTLauncher.exeTLauncher.exe

pid process

1968 irsetup.exe
884 BrowserInstaller.exe
5000 irsetup.exe
1952 TLauncher.exe
4824 TLauncher.exe
3948 TLauncher.exe
4824 TLauncher.exe
Loads dropped DLL 4 IoCs

Processes:

irsetup.exeirsetup.exe

pid process

1968 irsetup.exe
1968 irsetup.exe
1968 irsetup.exe
5000 irsetup.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/1968-145-0x0000000000440000-0x0000000000828000-memory.dmp	upx
behavioral2/memory/1968-461-0x0000000000440000-0x0000000000828000-memory.dmp	upx
behavioral2/memory/1968-475-0x0000000000440000-0x0000000000828000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral2/memory/1968-527-0x0000000000440000-0x0000000000828000-memory.dmp	upx
behavioral2/memory/5000-534-0x00000000001B0000-0x0000000000598000-memory.dmp	upx
behavioral2/memory/5000-538-0x00000000001B0000-0x0000000000598000-memory.dmp	upx
behavioral2/memory/1968-1523-0x0000000000440000-0x0000000000828000-memory.dmp	upx
behavioral2/memory/1968-1828-0x0000000000440000-0x0000000000828000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Modifies registry class 1 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{E1F6E2B1-9C02-49AE-A3C1-4DF4C33EF81C}	svchost.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

Processes:

WMIC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	4184	WMIC.exe
Token: SeSecurityPrivilege	4184	WMIC.exe
Token: SeTakeOwnershipPrivilege	4184	WMIC.exe
Token: SeLoadDriverPrivilege	4184	WMIC.exe
Token: SeSystemProfilePrivilege	4184	WMIC.exe
Token: SeSystemtimePrivilege	4184	WMIC.exe
Token: SeProfSingleProcessPrivilege	4184	WMIC.exe
Token: SeIncBasePriorityPrivilege	4184	WMIC.exe
Token: SeCreatePagefilePrivilege	4184	WMIC.exe
Token: SeBackupPrivilege	4184	WMIC.exe
Token: SeRestorePrivilege	4184	WMIC.exe
Token: SeShutdownPrivilege	4184	WMIC.exe
Token: SeDebugPrivilege	4184	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4184	WMIC.exe
Token: SeRemoteShutdownPrivilege	4184	WMIC.exe
Token: SeUndockPrivilege	4184	WMIC.exe
Token: SeManageVolumePrivilege	4184	WMIC.exe
Token: 33	4184	WMIC.exe
Token: 34	4184	WMIC.exe
Token: 35	4184	WMIC.exe
Token: 36	4184	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4184	WMIC.exe
Token: SeSecurityPrivilege	4184	WMIC.exe
Token: SeTakeOwnershipPrivilege	4184	WMIC.exe
Token: SeLoadDriverPrivilege	4184	WMIC.exe
Token: SeSystemProfilePrivilege	4184	WMIC.exe
Token: SeSystemtimePrivilege	4184	WMIC.exe
Token: SeProfSingleProcessPrivilege	4184	WMIC.exe
Token: SeIncBasePriorityPrivilege	4184	WMIC.exe
Token: SeCreatePagefilePrivilege	4184	WMIC.exe
Token: SeBackupPrivilege	4184	WMIC.exe
Token: SeRestorePrivilege	4184	WMIC.exe
Token: SeShutdownPrivilege	4184	WMIC.exe
Token: SeDebugPrivilege	4184	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4184	WMIC.exe
Token: SeRemoteShutdownPrivilege	4184	WMIC.exe
Token: SeUndockPrivilege	4184	WMIC.exe
Token: SeManageVolumePrivilege	4184	WMIC.exe
Token: 33	4184	WMIC.exe
Token: 34	4184	WMIC.exe
Token: 35	4184	WMIC.exe
Token: 36	4184	WMIC.exe

Suspicious use of SetWindowsHookEx 25 IoCs

Processes:

irsetup.exeBrowserInstaller.exeirsetup.exeTLauncher.exejavaw.exejavaw.exejavaw.exejavaw.exeOpenWith.exe

pid	process
1968	irsetup.exe
1968	irsetup.exe
1968	irsetup.exe
1968	irsetup.exe
1968	irsetup.exe
1968	irsetup.exe
1968	irsetup.exe
884	BrowserInstaller.exe
5000	irsetup.exe
5000	irsetup.exe
5000	irsetup.exe
1952	TLauncher.exe
5104	javaw.exe
3892	javaw.exe
5104	javaw.exe
4272	javaw.exe
3892	javaw.exe
4272	javaw.exe
3892	javaw.exe
3892	javaw.exe
4272	javaw.exe
4272	javaw.exe
1416	javaw.exe
5104	javaw.exe
2508	OpenWith.exe

Suspicious use of WriteProcessMemory 26 IoCs

Processes:

TLauncher-2.879-Installer-1.1.0.exeirsetup.exeBrowserInstaller.exeTLauncher.exeTLauncher.exeTLauncher.exeTLauncher.exejavaw.execmd.exe

description	pid	process	target process
PID 3388 wrote to memory of 1968	3388	TLauncher-2.879-Installer-1.1.0.exe	irsetup.exe
PID 3388 wrote to memory of 1968	3388	TLauncher-2.879-Installer-1.1.0.exe	irsetup.exe
PID 3388 wrote to memory of 1968	3388	TLauncher-2.879-Installer-1.1.0.exe	irsetup.exe
PID 1968 wrote to memory of 884	1968	irsetup.exe	BrowserInstaller.exe
PID 1968 wrote to memory of 884	1968	irsetup.exe	BrowserInstaller.exe
PID 1968 wrote to memory of 884	1968	irsetup.exe	BrowserInstaller.exe
PID 884 wrote to memory of 5000	884	BrowserInstaller.exe	irsetup.exe
PID 884 wrote to memory of 5000	884	BrowserInstaller.exe	irsetup.exe
PID 884 wrote to memory of 5000	884	BrowserInstaller.exe	irsetup.exe
PID 1968 wrote to memory of 1952	1968	irsetup.exe	TLauncher.exe
PID 1968 wrote to memory of 1952	1968	irsetup.exe	TLauncher.exe
PID 1968 wrote to memory of 1952	1968	irsetup.exe	TLauncher.exe
PID 1952 wrote to memory of 5104	1952	TLauncher.exe	javaw.exe
PID 1952 wrote to memory of 5104	1952	TLauncher.exe	javaw.exe
PID 4824 wrote to memory of 3892	4824	TLauncher.exe	javaw.exe
PID 4824 wrote to memory of 3892	4824	TLauncher.exe	javaw.exe
PID 3948 wrote to memory of 4272	3948	TLauncher.exe	javaw.exe
PID 3948 wrote to memory of 4272	3948	TLauncher.exe	javaw.exe
PID 4824 wrote to memory of 1416	4824	TLauncher.exe	javaw.exe
PID 4824 wrote to memory of 1416	4824	TLauncher.exe	javaw.exe
PID 1416 wrote to memory of 2172	1416	javaw.exe	cmd.exe
PID 1416 wrote to memory of 2172	1416	javaw.exe	cmd.exe
PID 2172 wrote to memory of 2352	2172	cmd.exe	chcp.com
PID 2172 wrote to memory of 2352	2172	cmd.exe	chcp.com
PID 2172 wrote to memory of 4184	2172	cmd.exe	WMIC.exe
PID 2172 wrote to memory of 4184	2172	cmd.exe	WMIC.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe" "__IRCT:3" "__IRTSS:23652861" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1841947" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:5000
- - C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5104

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3892

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4272

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C chcp 437 & wmic qfe get HotFixID
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Windows\system32\chcp.com
      chcp 437
      4⤵
      PID:2352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic qfe get HotFixID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4184

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
594288bff922296c933dc067cd82bb64

SHA1
108175afc6affd146aa377cd4466ff331c9cb130

SHA256
6604b9f31c7a3d5d7fb86865c2a05df81489bc517c33b1e7cc9e198f0279c645

SHA512
5f50967c2af6b3b0d7735ea783f5be8a0ba12d425c48fcc246d077eb4fb8982e7cfa4a176acd32f26e2a6184acf7de0085e37e5f628101f8440ad0f3f5a6fad3

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
a352d3883b3412ffd27541be6ffdfdc5

SHA1
fc09a859a07969bbb25dc784399e73d2756f1f8d

SHA256
7883555377ba8b04593ef646dfb6e52bece75f85fade6336b88b14eb4a40eb00

SHA512
95bd799d2685cd5bc781915cb0895fef63639dc960eb9989ad38d74183404b306ba9f1c4a3d4f6f44f5bf347e8f714968c66fff83505366a599547054b88e7b5

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
0f2d648a465e6eea51713c1bf51e771f

SHA1
8bb48c282fc8fb56666c6430af1330d74282750f

SHA256
6a6f8eaae99d53540335972054403b6a7e6cc16158323f3c99d329140495f4b5

SHA512
8a269e6b8b3c5578907416faccd5b5b5f3a798b02fb279492d45a4d7fbed8c4bca67da18c84faaa65fd6a4085dc92782e1e7dd97e75391aab4a97058ff6bb9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

Filesize
339B

MD5
a45137507477ea159a4c0481fadbdde8

SHA1
772e535525cd41abb781167334f923f1127f6d24

SHA256
fcc6693f94f87dbb9f03bd664f029db87257c79ac9a974d2caadc790f20ea67a

SHA512
393a8d9387b388524fbf7bc8387d521c830e7d384aabe278251cb4fa1291d32e2875c464a01f93670259bc2009d69507b632a692d43244f3eb7551414c9d635a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

Filesize
644B

MD5
f54bbaadafacf2ed607c2b44e76bd5f2

SHA1
e6e313e86b0adb771643dc9aa465652646d83329

SHA256
2dcd3efb7e14a1439973b066c810eb3187cb851a7d01b2a03376d978b6b0d927

SHA512
1d7f940d290c3c7eca12739f7e4753901a1d070ca9f43171b4fe25530ba48b3b376c16b125a32d6e701d63d576ef829824472bcac99e568784543bfc4c50b732

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG

Filesize
40KB

MD5
4f71465fa9fcc2f321a1e934f214ac33

SHA1
38c9f15f23e4e5158b04c2eee54d0fcc8104405a

SHA256
ea29ba222b5c2c2f13a71314ae449fca748e96343a6d1520140a9534df57cda0

SHA512
6f151ae73b3ef807a3397cdb57820a839f77923320951bfef09c0efcab84e3fbfbe02dfe71e912b7d1b36ea78bf70c254a0015227fa5dbf861f40551fd0e1645

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG

Filesize
1KB

MD5
f785bd0f38d4132c404ab3233bb1766b

SHA1
7c8f01921d026646289d92d4e08529482f2dd881

SHA256
4ddf6c789a700dbbca5c405f6b9625e2dee8d6e279f8629eb1e451e5040fbd0e

SHA512
45f806a91993918177e838ac21bf59f37e2000aeefa191d0b538e156165eac82309cc0c67b5379bdaa7f7bbbc97ae25ffd741a6c35c07377a893721442811573

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG

Filesize
2KB

MD5
c70b569d43f5e00ee3dd81530899f191

SHA1
38b7f73c29d9d355625bf7dcc611d657c263dbc4

SHA256
778c8b5a8e7422ce84f4113fc1cbd90204f3b3c0b3bb8545b3fe68003525e9e8

SHA512
f0aafa93ffd1edb8764f7e435fa982b0eb596b1962472dcefac26731382c58d44306e876f04675146595a1e7ee6ae8170e2fa01ed0fca075e36a9749709f4df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG

Filesize
1KB

MD5
362d3183b2acc152c99ec123611f3297

SHA1
3db69a12917cb11a14fb9294d73c5409fe11a398

SHA256
8ae66727c5c92ca76a131aa104cc126858e8e3ed490ae08482109dfedd9a8cda

SHA512
2c7f40564479d1fe90cb59b4b413e8bf9a5bb7cd2f94193f8759e376549c0269afce030df7d306b4cd814f604ad460d744fb00d961f6d2608a4ecb6b186a4f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
01e097a324673878a3cb5e8e0f3cf152

SHA1
35ef5c438eca9672c7ee19bcde3952f83dc77928

SHA256
d8d0719a20d267a73d298d2ec1fbc050fe2ce25447c7441058ea3966acfbbb22

SHA512
e873763e96b3a52fe73f3fc9b3bcfd764c807c0206b5984d5f7dddd7debec4e6f0b6705ca6a7c6379b83c2fea792d7a16880ea109469ac1af41cc7bdb5f96e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
d88e18e2a020a756a8de999b76e7b1fd

SHA1
150f801600b9427039197847aaac784f8ba15258

SHA256
38b8f2202a5e48a8f528708922f504379896ef52b3882ce82efc3481c51804bb

SHA512
d048a569d155aa4636f25ed2963fd5e2234643735ad461df3ad3201cbe152b646c2893557a236fa9683aa3cb07351fa79b9e5788f631442e5142cab0bc98654a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG46.PNG

Filesize
206B

MD5
bc193c9f3fd0730341d2ba951f734652

SHA1
ebe3f410cf0bf5f30fe36b1c1df96fa27e73b01f

SHA256
e9137bc2fefbd9a3c4506708f283fe52c40b00b35c2677fc31e196b305b00e67

SHA512
355cb9a7ba6e2a77a51339bfa732537bc77d36da372fe926f1e4bf25de865b09c98122d9559f5ec234b41a83cb97de4fd49427a9476169653ac6058912261c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG5.PNG

Filesize
1KB

MD5
23e26969753c07af68f232cdd684c003

SHA1
f14666db750cc2f89ccdd8852b4259fcfa663271

SHA256
17f138eea95423738d2c9b75834b607c671cb2ac4d71c9aecf100a8b847003d2

SHA512
7c57a6309da9ae381073e005d374b9c8a82c7b4e92322b91433009d41f8f34655ed9d45958ab1743023faa9e7aa0c82a05d9292b078efccb64c19992b7e4d4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

Filesize
43KB

MD5
16c0e37cb0c5540fd9f93a8d82d94e52

SHA1
52d5aabf804381b47d13a358d80256c4088eec21

SHA256
2b772e66ebc70c93deb0b9a9e054373ee33d9245809e16174b1f132f786a063f

SHA512
dd54308739f9621f5fe707c69f24657431fd58b46e357a79d25c3d8e96d3b2914ce19d94beeee0bbd32311737670f06b01c364f0c7d70625a4246da64c29b0af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

Filesize
1KB

MD5
a7a8625948d61d814dbb29225e04f908

SHA1
16bc91a8bb3c22cf78447644a32010ad869eaf99

SHA256
61979f700f77d187c8647cba3bee95ca4a70e187bbb76323f4055385dd8879d5

SHA512
04b0bb58095a6e8f1d29203f21eee99fd837494b74736e91e5e304eb3dc3ccb32796b6959361ede965731b76607a53b0f9d211cb4b3d94b25ea34898e760d295

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
114KB

MD5
bd5626a0237933e0f1dccf10e7c9fbd6

SHA1
10c47d382d4f44d8d44efaa203501749e42c6d50

SHA256
7dfc1176d8a507135140b23a0c014093b7e2673f0f3e5727c3d85df4e7323762

SHA512
1fd864a5386580cf8bbafbacb12a043ef51948b729b9aedfe6dc81e6c2948a100526c7c600069f22454d550f7f736ad3045a930cc2ef97458dc1d6c782928087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
636B

MD5
7d3df56c6676437222df7a20153ac11c

SHA1
913daea4d076f56598114e56de007af3741b2f80

SHA256
ee7d13c77175004911bddaff0138e3c2a17ce9adc1d39a7492662836e5c69ac6

SHA512
f4b8af67383eb028b8b3ae6416c1d4fe32f1528fd5350449fbf14cc3660548dd947af8ba5f20b393526533d2842b3c350d445739af666dbdb97eb6e3a53fadd7

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar

Filesize
4KB

MD5
04177054e180d09e3998808efa0401c7

SHA1
0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8

SHA256
0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08

SHA512
3f44a932d8c00cfeee2eb057bcd7c301a2d029063e0a916e1e20b3aec4877d19d67a2fd8aaf58fa2d5a00133d1602128a7f50912ffb6cabc7b0fdc7fbda3f8a1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar

Filesize
151KB

MD5
75a215b9e921044cd2c88e73f6cb9745

SHA1
18cc717b85af0b12ba922abf415c2ff4716f8219

SHA256
7c764fa1af319b98ff452189ab31bb722ea74ed7a52b17b0c6282249c10a61fc

SHA512
1a44af2f3f8dbfbf38ad5f71ef11b32d5822d734f77af2cdea419fb6af845e894acb60bffbcebb4533068d86b55a22a8b0f74be20b204c2343bdb165d9c787f9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar

Filesize
2.2MB

MD5
43bfc49bdc7324f6daaa60c1ee9f3972

SHA1
6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9

SHA256
58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4

SHA512
834f2bf4a5b35edffde0263409649aeaf34ca9a742ba511a06bb9b01626f9e774d2d3c8ba91a7905929dc8cd5e6471de29f7d0ab10260ece2af709b7fdbe4bc3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extentions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar

Filesize
41KB

MD5
65912196b6e91f2ceb933001c1fb5c94

SHA1
af799dd7e23e6fe8c988da12314582072b07edcb

SHA256
663728123fb9a6b79ea39ae289e5d56b4113e1b8e9413eb792f91e53a6dd5868

SHA512
60b15182130ddfd801dd0438058d641dd5ba9122f2d1e081eb63f5e2c12fff0271d9d47c58925be0be8267ed22ae893ea9d1b251faba17dc1d2552b5d93056de

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar

Filesize
658KB

MD5
41f66d1d4d250efebde3bbf8b2d55dfa

SHA1
eeb69005da379a10071aa4948c48d89250febb07

SHA256
9b9df27a5b8c7864112b4137fd92b36c3f1395bfe57be42fedf2f520ead1a93e

SHA512
109a1595668293b32376e885ad59e0e4c0e088ea00f58119f0f7d0d2055f03eb93a9f92d974b6dbd56ef721792ac03c889d9add3a2850aa7ccd732c2682d17ef

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar

Filesize
307KB

MD5
540f330717bca9d29c8762cf6daca443

SHA1
eed8a2cbf56cc60d07a189a429ead3067564193c

SHA256
52de1ff2a7556ac2cc4284abd7123bc3d6274210fc4e3b1d9ba90efad5f6a153

SHA512
a4bcb8bbb43906f42faf1802c504ccc9c616e49afd5dd7db77676d13aaed79a300979ffc2195b680a9c6d5f03466b611b6f1338d824099816aa224b234760f4b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar

Filesize
2KB

MD5
289075e48b909e9e74e6c915b3631d2e

SHA1
6975da39a7040257bd51d21a231b76c915872d38

SHA256
91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff

SHA512
e126b7ccf3e42fd1984a0beef1004a7269a337c202e59e04e8e2af714280d2f2d8d2ba5e6f59481b8dcd34aaf35c966a688d0b48ec7e96f102c274dc0d3b381e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar

Filesize
478KB

MD5
04a41f0a068986f0f73485cf507c0f40

SHA1
5af35056b4d257e4b64b9e8069c0746e8b08629f

SHA256
1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9

SHA512
3f12937a69ba60d0f5e86265168d6a0d069ce20d95b99a3ace463987655e7c63053f4d7e36e32f2b53f86992b888ca477bf81253ad04c721896b397f94ee57fc

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar

Filesize
64KB

MD5
39c6476e4de3d4f90ad4ca0ddca48ec2

SHA1
ee9e9eaa0a35360dcfeac129ff4923215fd65904

SHA256
26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5

SHA512
fd04c19bce810a1548b2d2eaadb915cff2cbc81a81ec5258aafc1ba329100daedc49edad1fc7b254ab892996796124283d7004b5414f662c0efa3979add9ca5f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar

Filesize
424KB

MD5
8667a442ee77e509fbe8176b94726eb2

SHA1
5fe28b9518e58819180a43a850fbc0dd24b7c050

SHA256
734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b

SHA512
b1b556692341a240f8b81f8f71b8b5c0225ccf857ce1b185e7fe6d7a9bb2a4d77823496cd6e2697a20386e7f3ba02d476a0e4ff38071367beb3090104544922d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\httpcomponents\fluent-hc\4.5.13\fluent-hc-4.5.13.jar

Filesize
30KB

MD5
8f7e4f1a95a870ebee87ddacc425362c

SHA1
300bf1846737e34b9ea10faae257ca8fdcd0616f

SHA256
f883b6b027d5e05c53e48e4fe3548715c52dbd590ffa3f52d039574f1a4d0728

SHA512
98e30ed27d6ac078450efe5e236117445c93e05eb280399e056816c52643a3a33adce5e3a885ce8488186f38d05e0fb6c65dfcbaa509be8c6047ef2f0870d9b0

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar

Filesize
1.7MB

MD5
948dda787593340a7af1a18e328b7b7f

SHA1
9141212b8507ab50a45525b545b39d224614528b

SHA256
ade7402a70667a727635d5c4c29495f4ff96f061f12539763f6f123973b465b0

SHA512
6e41ff42f12deedb8da06cbed73d0a9a5389660b7ee058436f8fcb6b14a6ab3105faf8e3f2c007d38ccc85af1e704505b84be5a80d8e68a434aae82b54b85f70

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\3.7\picture-bundle-3.7.jar

Filesize
2.1MB

MD5
904094a40b7d81b12936f43b49952922

SHA1
5ccf048dd51a7d0cdd59a1ea6ce2e3b167feacf3

SHA256
0cd5746118a3a38b7e6126770bc53c0f7c4641fab786e3d6004a4caace4fc536

SHA512
36e2bc67d73319b8f10a572ee3ca6f541aa51ca16c1efea9430111f3a058c9c922a43865b064811117f1c3892e39aee3bc79d7fc5ce20ccd75a13d447ca68911

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar

Filesize
14KB

MD5
13a8e72587ac6eacfb0986f75e51eb7c

SHA1
6c3daf89705427f73e6106d2d4d9619e99c5ecb5

SHA256
1fcffa073f722737431e2699b1f3ea48b92a3b825397d8f0d1464e4d4d15a014

SHA512
134735390415f60d0c42ff33a060bda508e273b35fc9aab271c20ff23f331b51cf3fa36443009e0987049f6bfb22c4098a1473e65ea0349e719fbf4b528f344e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar

Filesize
3.2MB

MD5
acbc8aa5ba5cdddf5f1e67befe8cc597

SHA1
63b4bf89744b532e65c1afa3294743d2b3798f2b

SHA256
1f46b3a163012f9729905633b5e5e03ce385066ae43138a564729c942f9ca6b9

SHA512
d974a032d9af451c0dd51fbc0d64840f3e03eb502f40e4ab60d6722913b8a48d44a75752fcff60656e4d19089570a894222959745af11bcdf93ea1544192fee3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar

Filesize
97KB

MD5
51050e595b308c4aec8ac314f66e18bc

SHA1
9c64274b7dbb65288237216e3fae7877fd3f2bee

SHA256
86f30fa8775fa3a62cdb39d1ed78a6019164c1058864048d42cbee244e26e840

SHA512
c5c130bf22f24f61b57fc0c6243e7f961ca2a8928416e8bb288aec6650c1c1c06ace4383913cd1277fc6785beb9a74458807ea7e3d6b2e09189cfaf2fb9ab7e1

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

Filesize
1KB

MD5
58c10711ee61290c5e53d6c235d14c7f

SHA1
6cd433f1d5224b7441efecfef8e0982bbda4415b

SHA256
2d8d51d2405fd3534f5fce5ffea5b9a100ce4aacf35caa7d165c7c6672949b35

SHA512
b895b6f07fefc06695cb521fa923534c8ef99312ab6c27295c86de29fc1bdb09e3ba17cd4aea75f8dd9cf7e1a3c4494a6ef960eadcb209eecb1b623d70c367f0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

Filesize
45KB

MD5
32b9a83f00af4123b811eb6a85ee7971

SHA1
a1e6bdfe76e6103aca76bd21ce60c0b48e4de570

SHA256
a39a8cb1d54a2036257211b6364f84caf033fccf3394e9f890434563770e594d

SHA512
eb272c6dbaa3e59887cfdfd21dba5e2abc56a12beeda55ba091aa9b02da71af5ce11c0f7af4fb34f58da9836f91d787e26ab9f898b8669c861e9bacee973ca9f

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG

Filesize
457B

MD5
19678bec078614865a71ade211a305f2

SHA1
9da7f2ff66044138863ed5d1dcf2fc7e90ffedf4

SHA256
d80c15c79946fbe8b3a6a5280f2509eed654338e53096fa6f22d280ad2f6263d

SHA512
b2894b6bbdb5ab639fcc615ff0d2b414fb517d9e1ea8062c61d23182056a0de02e118b9e43824b4765a8617dc4fd330c7f4187e3b395ee92c6ac5e893f242602

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

Filesize
352B

MD5
034eab9a50571cbab86294322e639886

SHA1
cae94b8cfe3ecce8e750d6fd34d54e766ea607aa

SHA256
449d678cc9a235d42a5a2f4e685536d9af87c6b5fc022f28dba32b08b4e88ee1

SHA512
b364c0cbb38bfb35e3c2d29705df72a8ce7dc111f04ebc05eceec4294987f18200581a31b78a79b05da890b5358e5463d1640d2230a8af930804efa3d4da42b0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

Filesize
438B

MD5
87221bf8c9222a1489e949e4266a2980

SHA1
60c9d850f696e56b53dc3f940f52463d228febf2

SHA256
8d6e1d814dd38525115ee5d77e2d2ae6df8be31562a3c6805012097d6625efc4

SHA512
fa7ba5edb212a0ad70de123b1eabebd8d4cf5e2e3f59841330923c91d6ce6d8a0bbbf0176a8215a183ea860ae5286a4205b73f70df4d032cfd6c03109d1e433c

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

Filesize
1KB

MD5
9eb36caea38bf80ed9fa40a3f67597b7

SHA1
3c23e2e30119f6dd321d34a82a339d52723bfacc

SHA256
6be2e43a38969226e1cbb00605cdac634d0de3e82ce605b08dcf1cf596f64370

SHA512
22b57fc57d45ec73865e5429210d6016d2bab0cd990877c8272b4fc6ded8effe3bfa0c9b0890d7b0de8296e6bc3c262f29637b8ce7840efba2f963e70a978e53

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

Filesize
41KB

MD5
7aae2de61d5e6296c00fde67046dfaeb

SHA1
87a65e99d520045c39997b53c6a0aa08cec35e57

SHA256
07b11e82a30598438ac4221d6c8796739c42c2a596365464f257481a37fa00c6

SHA512
c5ebaf43ffc19a1a3b2f49e070ea1d5532ae433c3bcd02493e31bd3389b6c3edfb1e04373902fbd252eb7370612dd96c3d36eb3fac8240111f57020ab99fa882

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

Filesize
1KB

MD5
0bde2ca44cd4e4e31c5c0364c66eb57b

SHA1
8496e4a8dcea6e42af33b503dc200d4a1ef07101

SHA256
38031284395ba7a773a335a861536b487bbf60b81496424b8a9a8a6697a919de

SHA512
4e60f45022b0c6739db94097401f6046e5f95b26dca71e685db834338451b7ea0b3ed3afc128d564c3f79074905b7986714f75925c41f763eda6b901875af555

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
33KB

MD5
d23a0b41e2611eb84eacef5862508073

SHA1
f65d4dd03975bc4a1be7c4352359483fd71f48fe

SHA256
839a7db39e89d315c2e389281eab3b88f6562a0ca298fb7453f9eddae6aac6e0

SHA512
ad5e99e2665a8e873ba2cb5fa00c388f806fe817abb32695c27c2b6b3b915296a994ee1af3c4fb9bf32aa86a4887f8ebe646dc54af0155bae85d5702e03a7576

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
6KB

MD5
4f7be9736242579cb8afa1af86980dfe

SHA1
1c486393847996db4f6b78532dd7bd9a0a924549

SHA256
9cecc28716f392d2394829f4cc3f307d08f5aecaf3e2124bdaaa0d6d9c3400b4

SHA512
4c55bc2698d8934713e791c015480248198e22efa66dd5ca79ea834b9835c9e85ca8c2869c9b40dc394ae7e27da039f79c392f88472dedc1adfa83dd1e94f1c9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

Filesize
13B

MD5
18889b665a0b1714f6edb3b1d3d540a8

SHA1
099b9cf1b0e71b84cc77c5e8839442abeca3d7a5

SHA256
99ac6c6b752e8e2152ac2f70ac1f620815e827ce015268383b5b50d696a41f08

SHA512
6742b0a8195b17d9da24d7657db03733f400ce7c9a0dc688c83554773d3a2a0c2f8cf034b35d1a1209b6cae06e0d418692a8124bf3f165aa4e350d4ee2e988e0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

Filesize
51B

MD5
a05fed026259d64b8bfaa41ff9d9854f

SHA1
31889c2eff32429fc02cc5c3873f274535b18038

SHA256
5557cfb4f63d92a5a385b94320763712bf5edcecf11aa950cbfe7f9127cb2acd

SHA512
874d3f579623394257fcbb90c5fbfac9399ec544f42dd82540b98327902dffaca915ae5dc113f84027a79bc12f7d83bd58c98eb0ffcb780978ddcca85d265693

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-144354903-2550862337-1367551827-1000\83aa4cc77f591dfc2374580bbd95f6ba_76cff8be-8f86-4613-9a47-5d5870acb67c

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1952-1824-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1968-476-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1968-441-0x00000000067F0000-0x00000000067F3000-memory.dmp

Filesize
12KB

Download
memory/1968-528-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1968-527-0x0000000000440000-0x0000000000828000-memory.dmp

Filesize
3.9MB

Download
memory/1968-475-0x0000000000440000-0x0000000000828000-memory.dmp

Filesize
3.9MB

Download
memory/1968-1523-0x0000000000440000-0x0000000000828000-memory.dmp

Filesize
3.9MB

Download
memory/1968-1524-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1968-462-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1968-461-0x0000000000440000-0x0000000000828000-memory.dmp

Filesize
3.9MB

Download
memory/1968-1828-0x0000000000440000-0x0000000000828000-memory.dmp

Filesize
3.9MB

Download
memory/1968-145-0x0000000000440000-0x0000000000828000-memory.dmp

Filesize
3.9MB

Download
memory/1968-440-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/3892-1857-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/3892-1883-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/3892-1877-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/3892-1861-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/3892-1882-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/3948-1853-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4272-1872-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4272-1886-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4272-1906-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4272-1902-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4824-1833-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5000-534-0x00000000001B0000-0x0000000000598000-memory.dmp

Filesize
3.9MB

Download
memory/5000-538-0x00000000001B0000-0x0000000000598000-memory.dmp

Filesize
3.9MB

Download
memory/5104-1921-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download
memory/5104-1887-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download
memory/5104-1848-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download
memory/5104-1885-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download
memory/5104-1860-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download