a1b1f75dbc227d0f27b28c25aedb53fa181096e75200e48e3d3f3dd8431aa35d

Analysis

max time kernel
61s
max time network
72s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.899-Installer-1.1.9.exe
Size

25.1MB
MD5

7a0652059cb7bdd6b93cf62978a2dcff
SHA1

3217d35cc66101f257083bb10bba4b461ff8d109
SHA256

a1b1f75dbc227d0f27b28c25aedb53fa181096e75200e48e3d3f3dd8431aa35d
SHA512

5275b8933f4da71042c2c3e532b857da738afd68452e526f4caba815178fc8280afcbc8cbd0c2c11fdb667d05dcff8e39a339cf27c5426352b0f369f99e530bd
SSDEEP

786432:bKHC3sZCGEUbAHExiTZqqHpCrrKJBH5lFRq:bKiFUbiExiTZ0PKJBZlC

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
2952	irsetup.exe
1856	BrowserInstaller.exe
2224	irsetup.exe
2456	jre-windows.exe
2180	jre-windows.exe

Loads dropped DLL 21 IoCs

pid	Process
2112	TLauncher-2.899-Installer-1.1.9.exe
2112	TLauncher-2.899-Installer-1.1.9.exe
2112	TLauncher-2.899-Installer-1.1.9.exe
2112	TLauncher-2.899-Installer-1.1.9.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
1856	BrowserInstaller.exe
1856	BrowserInstaller.exe
1856	BrowserInstaller.exe
1856	BrowserInstaller.exe
2224	irsetup.exe
2224	irsetup.exe
2224	irsetup.exe
2952	irsetup.exe
2456	jre-windows.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000013413-3.dat	upx
behavioral1/memory/2952-19-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/memory/2952-440-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/memory/2952-466-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/files/0x000400000001cf00-488.dat	upx
behavioral1/memory/2952-507-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/memory/2224-515-0x0000000000310000-0x00000000006F9000-memory.dmp	upx
behavioral1/memory/2224-954-0x0000000000310000-0x00000000006F9000-memory.dmp	upx
behavioral1/memory/2952-996-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/memory/2952-1011-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/memory/2952-1013-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/memory/2952-1111-0x0000000000CF0000-0x00000000010D9000-memory.dmp	upx
behavioral1/files/0x000400000001dbbf-1389.dat	upx
behavioral1/memory/1696-1388-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	irsetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2224	irsetup.exe
2224	irsetup.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2952	irsetup.exe
2224	irsetup.exe
2224	irsetup.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2112 wrote to memory of 2952	2112	TLauncher-2.899-Installer-1.1.9.exe	28
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 2952 wrote to memory of 1856	2952	irsetup.exe	30
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 1856 wrote to memory of 2224	1856	BrowserInstaller.exe	31
PID 2952 wrote to memory of 2456	2952	irsetup.exe	36
PID 2952 wrote to memory of 2456	2952	irsetup.exe	36
PID 2952 wrote to memory of 2456	2952	irsetup.exe	36
PID 2952 wrote to memory of 2456	2952	irsetup.exe	36
PID 2456 wrote to memory of 2180	2456	jre-windows.exe	37
PID 2456 wrote to memory of 2180	2456	jre-windows.exe	37
PID 2456 wrote to memory of 2180	2456	jre-windows.exe	37

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.9.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.899-Installer-1.1.9.exe" "__IRCT:3" "__IRTSS:26253532" "__IRSID:S-1-5-21-3452737119-3959686427-228443150-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1708238" "__IRSID:S-1-5-21-3452737119-3959686427-228443150-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2224
- - C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
    "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe
      "C:\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe" "STATIC=1"
      4⤵
      Executes dropped EXE
      PID:2180

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:2396
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding 91C7F14386CE8C5EC027D7A5DC2929C1
  2⤵
  PID:1516
- C:\Program Files\Java\jre1.8.0_351\installer.exe
  "C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}
  2⤵
  PID:1580
- - C:\ProgramData\Oracle\Java\installcache_x64\259469411.tmp\bspatch.exe
    "bspatch.exe" baseimagefam8 newimage diff
    3⤵
    PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre1.8.0_351\installer.exe

Filesize
2.0MB

MD5
1bd6d4ec13295ba0e835fa781358cca4

SHA1
d049db2f3045a53761217c8df919c818241eef80

SHA256
f7e12966581e03fed8b04af10247a58398640752649c470730cfe2942e8c06f6

SHA512
487aefa2b0c63a3ed81de1d1f0523299b8ccde4ebedcf644f77d17bdbb4fff26286dc9064de31a2359dd78e2ab62ba87696f3172a1802899f42f4a167356dd65

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\259469411.tmp\baseimagefam8

Filesize
6.1MB

MD5
7088b428cfad5b63588d23851d12c16f

SHA1
94c88045ddc5999904cb673732b4d70e75e4d1ca

SHA256
16672d549c1517824deef243920fc745a6c3da991d0016c8adf5eb2e9d38f12f

SHA512
006a64f6d71c1aaceb633c97943c817499a370489d6ee09ff05effe730bfafb9b96dd6377e9bf5cf4a9e655fbd41c2fb917814373b543b70d30911d60804d804

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\259469411.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\259469411.tmp\diff

Filesize
6.5MB

MD5
ab1e5e9623e5fafd4d6d7713ee1b1e88

SHA1
a4659e334efceea61cc35aff3990d267813ed2d9

SHA256
3d861b4e381aabe3047b5f41f5f57fff5740c3b919b5fa4a2e9aabe18e03e698

SHA512
f39660bef9a9030788cfe7313125c3675de30ce61936597c63af2fdf8d508e7f43a56f2a59c47dd89c77700b29526bdcaeabb623c9762a2d022f98ff0c2bf626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
a9d0b8d174f36c721e8d832ace5929f3

SHA1
355d0cd120fd684705a0db1e49a74350e4c35d45

SHA256
1bd1bf26a8bdaf848857b7c746158d33277c5fd46cf27f2503f932b700ffeab8

SHA512
19c3c7edeb7a0c14b64a3a4edd6748b66087a456c72b8b0dcb47623c6f2d140b916a828b7bcb50767108ecf350ad8c9ce4c9511a1531eeae74d993310182973b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66c5cdb85adbf59180c02de07ed6c6ca

SHA1
5aa63425e16ae4872a1e3ec4a2e062d92ca2c378

SHA256
f4e010b3ac6b3c644360ee2e3107c270c001c15c7ca090f7ea2d69ead54b6b4a

SHA512
ffb8991a7447ebaa807b0f62a6751d206ad832f731ef786199a177b5980bceefe85300c7b7029a17a1a8be98622b8b5d5c8cfc8b4ec1e49cfacc4cc8523a99b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb664cd08131212cdcaa02051c1eb966

SHA1
f261a0915b3c2b25725e909b0824f276b9a8ff35

SHA256
6013cc366f6ad3b5579a58bc57f764318d3b08988f25d772d0809dbd12d41a4a

SHA512
7cd5266e7f50d14b244c5137a7b306d0755e9f3942de2ef50ce6d6b41ad783b6f28006a029c43b273ffb52ef251305fa288de6e7c4c280475afa2ee5d43e082b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69a7161741be10c1c5ef14dcb2472659

SHA1
7734336fd5410430c81ab1ceb8d3c20433f087e3

SHA256
037ff2c835f6df2802090697718c20e761fec4e9a78afa4017e1026d0c92366b

SHA512
b9e2b2965723103d63adeec80c320e15ab9960e9a3303a8c7d6b310ed74c1072ddd0315add8377b88cc780daf19d9f0def343db613dab58fe2ff0569cc3e529d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
c655f74feb3db48899cbd95726d7d15c

SHA1
4df0a750342aa4971ae04836409f67df34baf2d6

SHA256
51a1f3fb500b235db84413dc83eea29052ef315886b32ac8070d3293f67b7281

SHA512
249bc0320390b03948435eb98ce755df9f7729194fbfa884d9891590f3c15d30d272d674fa8144136f27deaa908d13f1fa1fc7167857fbe943c73dc5fc31b47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

Filesize
5.1MB

MD5
5e0f4fa7520ce7c99f85f47bf62b607e

SHA1
08cd1389917ff40eec1c21f56d251d275c5b4a39

SHA256
800ef15f04c8a72b991557ea68148ab768e81eafabc40f70c38fac942dc4d474

SHA512
447ec964ba634ff3f57a12efa7b7fca30f57564f76c35b676c705b6daaf34da8ee6551dff929165695499179881b2af99745c8070aafbe293f741c9acb81417f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E04.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
b5547dd3add962b2cf815c037fe762c2

SHA1
544078e2f51d3ee20064a36fdc0024d3b76bb36f

SHA256
d63013a052b10f1e85c27dc425db2a2a3e9703a90c9743df8f5f71fe1c48ead0

SHA512
e393668b1701195cb44075c2bc70c657cef6618d18af6a668fee02b1f01b74c7ba8561d6848acb0ce839ee49aebf3f6929f95eb5742bfa454f5901a482807efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

Filesize
339B

MD5
0a80848238c9b6e7fbd3e334a8107681

SHA1
2364994f09024ab1a34471cb79379f519a4bddae

SHA256
7161de3f9b6f7edbd7260af7872d7ad0e718d646af5f79bf4948afd9f60e8772

SHA512
41e604c5c092897bc38e7fac2505936598d6e3ace725ff941d081893bc79b78c9b2b82287843977dc59c40d65eb6adf416d1ac26b2033df7c315f02d82e89cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

Filesize
43KB

MD5
bb987e80d7b1ffe737e4d3c1190719bc

SHA1
69422b55b546072128e8f115b349a842e9e29c30

SHA256
8503655862ffb6a37645555fc7476f4c17420e3bc344727a6f72ef8af1009c25

SHA512
127c490527ca1c199a37adfac950073f094d1c28c7a08ee9947f9735457be4f89067e51e4569e9359257f19b7d6fdf6fef8e1ceadcbfbe4949a2c399957e15a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

Filesize
644B

MD5
9277f908952c2273c44843979f525a83

SHA1
b1cd20abcaa46c2de3843706c86899cd77254062

SHA256
a35c973e4c463bf7b2d8f928c461db87f7a1567a4c0e86cc589e5fe35c35d2eb

SHA512
bac0b8f7f32cc4f34e6fc10436cddd105493f8257ac464f8d726280660e9a2b8b0dc2e93f15c60f9ebcbca11bac37144b094cea6c479069fe0f107a41aa97633

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
87f1b139dc2794d8a8177df9f4b272f7

SHA1
ddf0a999f38ada1a4c3690e1228dc15518acb009

SHA256
31688765a9d1107f4602c384c48107e98306cf627bffdc824b7fcfc5a9ededb7

SHA512
ccdedceaa0eea1aa8f65756fff2eff1eec3a910ccfdad372e6f5ae28df0d8a7905a0ac1b21d789c56fd8020f3e6f00847322ad172bc5917a643a62029acdbc2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
3748bf38b6a8dd78d06aeeec1f66f89c

SHA1
de7bb4418e3fce6ece5970b6be5137abeaad58b1

SHA256
4d591d85e76f83016157f83998505128949bf6d9618188c2c74fb283fe8c8d78

SHA512
13d0631c53b3c51ff94948683b41a6f685700531da4e9ceb06332830cdefb761ab23f7db46f1029ca346b31ba841013af0af9fe02d445a5fb45cae320a6c1960

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

Filesize
438B

MD5
f5ac14f228ebbd48a1e6117087a3af20

SHA1
fefc780a1e80a96b43ef204e11c6c4b2d75aff0a

SHA256
806e5ad0ae17e7b70cd0d9fb4842a4da543e75d444fab34ba549388238331ebe

SHA512
ad6364015965ded3592ba93f45c1abd0e4f297950d5d4b8338dc806b7cf68ff52067135783a91d7b3245a29544cbef37421eee5213fff0db98415f40e011d2e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
135KB

MD5
cc789472340b501c4abf72fdc4dceb7a

SHA1
7a829ef2180dc0f641a097884f6424c44f2d1db1

SHA256
51a56d2df7c05f93910a513152ffcd23b0b60a5860d710ab02f315d12b61b2c7

SHA512
dc2260e1052d1810f455b1ef2ebab16a2c2a99fdc9b276dd904a3c3a027e7fe29c536212ade8714cb3fea20405cd65fae1ddbeb2f44b196bcdf620c5cc9766da

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe

Filesize
10.6MB

MD5
ac9e24e5122be53058ff3a86d4378173

SHA1
e32d4865266a1ffade6331150fde152a28bb98f6

SHA256
6cb2a0f589a6d1073983c4d7da488518dfdb05fb549e966eb23820b298857e5c

SHA512
f154572b88c72bce5cd4e9390b13cc1ea5f5e0fc0288548d3b2e1db55528f6a5853e0777a4e4149b9f609f10694c921e249affd39881160be2d7532aae153943

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe

Filesize
1.0MB

MD5
1e00f7e25104a1f987055a0232f87876

SHA1
0db7e29efff73d80d6034501b21c6584c9dbd9a2

SHA256
822c5ad0c2fb9562842499af841919a47701ab3e6551b9a857bf2629b06382d7

SHA512
baaea41cd050eca8315cf6b01de1c6c09a8713879e4b91914f49d909a2682bae420a5e92c4b3bf810bec9478813835b6c7d99274f161f1ed4163d746c2c5c170

Download Submit
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

Filesize
13.5MB

MD5
81372d9aca3f4f4e38d74a4331601baf

SHA1
f187fd61d97e96dcb15d60f6cb534bb0aff72e36

SHA256
0d22551acfb09ad3fd893ef235d425bd622a0a9c52099cbb49baa228146ec736

SHA512
a3af74361feea6d4a9e1b12ee5f4363c3e378275b39e77678e2a7e74be786a0ac418ef925c21e6ba4ba0ca93f5696a3dd807a42ae5d7c907b671d340551bf902

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
1KB

MD5
5a24797f6103a7fd1705e18b0de888b2

SHA1
9710130f4f7d3560e9f9d739d544316367f59a32

SHA256
1fc9ac2de2e41cce5369836c8e515b5eefb9604b85c82a6c611eb0f6f154c4b7

SHA512
d67854e6ff27c441262383600028188bded5d9e92fe148fcf8e92cdc218ecde93a38234aefe0188a8d1b8baf09fdc3818cadf5d4181be6d12af8e846f9291061

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
3KB

MD5
8354415df690157739a5fd1a0e14fd40

SHA1
ccef4a37123a8c1d8792e6960d7b0a138d59f6f2

SHA256
d63f0717e51c00be812f9a3e80029dcebc8b4e065d032800dd40768585ae076b

SHA512
2f42c835d239e758344948f3629b968ec278429c0909c7d7090884c2fba5a5b74d592d22af150cde5396986f600c92bdd6e1bdc95e5549ccfe2b77c9a2a0b222

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
5KB

MD5
fa65d8042b51d595ed046b575189ea89

SHA1
f4faa3fce3557c30a4d6fbd15b7158700a526128

SHA256
ba9912a3dbd206626597430756abfb55df41ba366de2108025c7c1af29bf2ddd

SHA512
dee8230781bf029971df2f19f51a7d4548c1de9eb4cb1cfa2f7c67e9007c5de7c8d9b794e0a8270559534788748425c7d3c77db081e2ae5280940dc8651cd130

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
27KB

MD5
f480fd04ccc967210cf89e05137d09ac

SHA1
0e2f1cbbca82ee432d19e848e8b7db255d3c0912

SHA256
fb98905ce94c784ab56af2952e5122a79566d0e7261af0bf2884460b5e7f8b67

SHA512
2dfaf8514414e1683cfc9243993cdd5a15d5fbca064c75a788b8fc91a3b8c4a7a55578f3421948ef340e90d46563285631ea280b02e2640345d17aa56482e9f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
41KB

MD5
5de5f7dc9eee89849c572d15fa0afd56

SHA1
805f8c7a9b449e857421dc32a7da22179b8e7eb7

SHA256
48c0698cb7e7d5b2a9333be40b7208fd049c3ae4c5c9fc636c135d6f02da02d1

SHA512
88ff314fd64c8745642e659e14af3ea3ea42f524e4a22320f95b249a7e9e811fb1016c3e1587a0a5b4a4e937ede57785667c4dd0f6b3190b7a828f257001f6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
692B

MD5
f5d43531c033320a293ef9f23b2a328c

SHA1
75378a863c6d14423124a96c52ac2a0e22dc8c63

SHA256
62716d1c9524c740ad9cdb176500ba57e85d7f43f41081043dad9d01ae45da7f

SHA512
706c039e628c2980742e5635ba908a3c4d3c48eba91072c9cb4840bff8027aa88ed91a80cfb8c1827e5d30092b73088f0ecf68986d2301dd28c7b035bd7d75b3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
8.9MB

MD5
505731086d2f448e68c025a7003efe00

SHA1
e8358cf87df55712a7b6998d1816e94b57f3b7c1

SHA256
978dfe8f0fbb57398366e2302055b58fa641258f53db6909fca2b5a1e87ff3c5

SHA512
856ad2f0caa72c15b20831c7e1d8917329907381e1e95ce470ff3592755804cc17cd507c105d49fdecbc418a2c3f2b01e1be2ce15dc981aeb7f39ce2889cb4d4

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

Filesize
206B

MD5
ba23e5fd143ff6a8e6c57bdfaa628c5d

SHA1
3773f181586d465a2d6664cfe9177e4b0064e973

SHA256
9d92c428a389b3043160eff85084c1e4a80c53c491ae3bb9ffe356f020f04def

SHA512
914e9caeff47224cc23bdd10df228c89a7265ea6e6a0249d0583a16bab8d9b622d8041234f83cc4bf2429c400a83340923b0d1804398018adf610d4441f24fc0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

Filesize
41KB

MD5
718efe6a713aa9831eed4dd72e1cd35f

SHA1
298023fcc7176ab4345dd9c2972b43bd99d2111b

SHA256
7f7de6462e4c597a00ee9e55518627e10ea4cbc4871eac783026c8b83f523e83

SHA512
e7aaf81b1890210fcebc8860419e7338bf7216b7e22638aed24a497f0c5fcfc3ced1dc0bcff578ddea6e3ceb2e1012c12af44eccc69bc992d18d58b28ff0ff35

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

Filesize
45KB

MD5
44fde8a25f1146b40892851fbe0ee683

SHA1
4cf860e55d12e96c596750c58b1ecb0347cd0d1c

SHA256
9490955145bce9bfcc310388befbb1f797c09e55872af78ac77ef9725f7b9378

SHA512
5e599d4f570a4d4a2f42927399f1023ae0ba407369c3d979db29439a296440bff42eabbc9d814eccc1ea0b40b6205a33e5c7d3b9a2e1d4478e48f7eb4350a8ce

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

Filesize
457B

MD5
c3301d9cc4457b4512b11acdc32e3564

SHA1
8f2ae9b341c61d9cb5c6e8e63e464e7bf78ef8b3

SHA256
8209adb0e95676b54537c2a32b3df36d1bcfff9a13308fdccf5cfe6589ed5b34

SHA512
d85b4703dc769ec1df6685c1c8ee0c263fe59da94de7730008c67bdc25ebcf941a7559937c9bd81a1b0204c4c5c273f50c9db4c182e29d925b410ab6278454f6

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG6.PNG

Filesize
352B

MD5
a211d394a3e5dd8843c1584294439a4d

SHA1
0564f309fa7d4f85ebcc0502363e3a03d8178caf

SHA256
be468ec7fa937ac3f09b5ac113168874a91325032b05a758d062235c7aba1430

SHA512
22c9fba2f27d88e095107e28476a92b011c7dad88432edc7046d6b9d2a06f3e228e161a7bbf08c6a55c265477dba337005bd808fecc9f3d41b8d3031c1ae4713

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
6KB

MD5
8b343ad1e0dff92939e623f6db588811

SHA1
bfd6ab35a67ee7b0a06097adc75971dcb844454a

SHA256
c8ed1c8b69c3728971227bb78c03065fb2ca2d2223820142590e122d2c5d3fe8

SHA512
02ad3099e0ac4d860975f0d8a8abe7347c66efe567d8603e6b0dba143d9e1350c3288df0ded9346470046bcab7e4bbd4385fc9d25dcf566a0fdf4e43f09823a7

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
19KB

MD5
5ab793fbc41b986a915301b9c28a789d

SHA1
d59bf246c52b3fed17fc7912f1d8f238590efc64

SHA256
a2f28f1222c90810d7fc9296d8f9bab13df6f91cb0de605c14b03198e3efd8f3

SHA512
59b754e68bc1d7b1dff7e53a9ea9e4b98ef448c357296c6e1fe28b0837582f319f83ab83ddd79c112e550268626b9d8e35a563bdc40253b29bbcb06f02626415

Download Submit
C:\Windows\Installer\f772655.msi

Filesize
3.7MB

MD5
fe3f40483ed99db5df1dbb2ab1c69b3a

SHA1
57ad98850ad92e035a026bed0c9c6ceb795da55d

SHA256
250c478c24a4b907f7e03df0dffe2546aac0998fbc4f4d6ca0309aa5c5d4d104

SHA512
cec9e8af49102af8e15e3ebe486e96dbaf0ddb68d8f5c956af04c0be619fa71fbcef00f71039e6fe20a8e365ec52386a83e4f93905ed04efe24991d06f975ec0

Download Submit
C:\Windows\Installer\f77265a.msi

Filesize
1.7MB

MD5
fcc5876250f0326e05ee16135c58f208

SHA1
1e933cd9c3c35d32507d84cf4cecc91a20b7c07f

SHA256
0ab9fc9591bea9b9a9fc431ff2405346b8bf829d5471902f368e581e73f55b7c

SHA512
f1dad9199dd0061edbd1eb3091da0846e87986d359a32d315057d030e1a9202d6f53fa37f11c149cb85ce7f5cb8b53b307e3281fa857f33d3cac0866a63c4e5c

Download Submit
\Program Files\Java\jre1.8.0_351\installer.exe

Filesize
1.9MB

MD5
c3d7caa2996cd0b7560bde7dcfacdbe1

SHA1
2cc4f7b3e8192c885051d0b69bc39de6faa844e0

SHA256
19ef05c923ced5c630293e34274cbc2a446b617343564bf541d41e4be0468421

SHA512
c42ffa6e063ccc95f9eee23a9db039c60d31ddca03b173e263317aeaccf62e4a66ef9cc233f2a5d1a6a5fa268698baeb5f66a115e8ec92b06706aa49ba2fa46a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
591ff2f74e57e6fc0090f84116aea60b

SHA1
e30170b71a20543a833a299370bceb4495720084

SHA256
1536c3eb287dddb9cd9dfcd5464ad9e6527e5e8ec65cf146cdd74315e4c53da9

SHA512
8ad949753911e0a2cc2dd77e0c3e3c5ba94d0f2f0dbbe000273fce803b7119cb31fce716f733f29dc42ac2577a8a9866703f6ea7d352c47bd3f05cde30b6b745

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.2MB

MD5
6d165d1640c56eaa86413ffe85d71093

SHA1
d3f4ef4ab58f5295579c91cc01c2f2c3258511d4

SHA256
6e790a0454e86a9685badae94f57fe7f20c0760aedbcfcfe1762e76884189bfe

SHA512
f11e81c0c900be807f4cd289ef6f978e8f91866e48b1975e24a57e8dd93fa2d5401aaba401245a26463ef88b2b3e06d45e3c1e6e68fc661fe547ee7256e1ffa3

Download Submit
\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe

Filesize
9.1MB

MD5
04d8d09f6301c8e4954636d20b4320ad

SHA1
2484b828cfe32b066d84a683d38b8bbc27fa5d32

SHA256
afcd70ad9e3f145fbd17c9909639f493a3069799bc95e745ca82649c158b0711

SHA512
868f8d89bfb771fa9e78306d3a73ce113345a8f1dd1cbe14ae90ec2125e5683af45776fa855849c03c38ad5a5d7c4fa89990727bc71b3b183f67ae6ccb31cf3c

Download Submit
\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe

Filesize
10.0MB

MD5
ee5800d4ebd625da8037bb60800da649

SHA1
6e3e6214b0e98535ce5eb335dafb7d8ff2194b13

SHA256
bb8e56f6e6a7e317d59eaf7f0988f715cc56cfea82c6885c4c423a87a5ad8fc8

SHA512
1de831811465db17878977d40420c4648b3dd36087bc2024d569bcce32c0487a278f44ef5de404fcdb11e3eee88073760eadaa4ac6e0bd3bc95e064cbd2cb8db

Download Submit
\Users\Admin\AppData\Local\Temp\jds259456900.tmp\jre-windows.exe

Filesize
10.8MB

MD5
902d31112bb74ebc40ced242b24e4ff0

SHA1
f28af0ed0c117882b7956bfec520edacbce32a0d

SHA256
8caeabf6fdb9b33717ad4b40c596691bd197742caf460bb3db6d29fce92ca588

SHA512
72ea74a49cfdf500c8956531663e7009f66ff5c4b24d61d4d4c5312ebe42726dc5dd28f7c6219219ce53f646b6839a7d02f2d777a2d937cea46c977ad98b1445

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe

Filesize
11.3MB

MD5
e86848a5c5eb3bb0e8da8b2a82348684

SHA1
cea8fa9ee5b02a08ba8e43dd625028300801f38d

SHA256
9b20240700ece0bc15fd4259ef4f324e5331e8d17177585f191e40d3748719d5

SHA512
41ab42e8c7d0f35740a26b04f9e193c31b14d12088ba50eab5cc62b8d988ef01ff630ed28983b0e5c81a5765aceb8143426d84a5af2d16f841c987890d67aa96

Download Submit
\Windows\Installer\MSI2A42.tmp

Filesize
757KB

MD5
62cfeb86f117ad91b8bb52f1dda6f473

SHA1
c753b488938b3e08f7f47df209359c7b78764448

SHA256
f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e

SHA512
c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

Download Submit
memory/1696-1393-0x00000000001C0000-0x00000000001D7000-memory.dmp

Filesize
92KB

Download
memory/1696-1394-0x00000000001C0000-0x00000000001D7000-memory.dmp

Filesize
92KB

Download
memory/1696-1395-0x00000000001C0000-0x00000000001D7000-memory.dmp

Filesize
92KB

Download
memory/1696-1388-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1856-511-0x00000000035A0000-0x0000000003989000-memory.dmp

Filesize
3.9MB

Download
memory/1856-512-0x00000000035A0000-0x0000000003989000-memory.dmp

Filesize
3.9MB

Download
memory/1856-513-0x00000000035A0000-0x0000000003989000-memory.dmp

Filesize
3.9MB

Download
memory/2112-18-0x0000000003310000-0x00000000036F9000-memory.dmp

Filesize
3.9MB

Download
memory/2112-465-0x0000000003310000-0x00000000036F9000-memory.dmp

Filesize
3.9MB

Download
memory/2112-17-0x0000000003310000-0x00000000036F9000-memory.dmp

Filesize
3.9MB

Download
memory/2224-954-0x0000000000310000-0x00000000006F9000-memory.dmp

Filesize
3.9MB

Download
memory/2224-515-0x0000000000310000-0x00000000006F9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-467-0x0000000002A00000-0x0000000002A10000-memory.dmp

Filesize
64KB

Download
memory/2952-19-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-996-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-997-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2952-357-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2952-1011-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-440-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-358-0x0000000000290000-0x0000000000293000-memory.dmp

Filesize
12KB

Download
memory/2952-441-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2952-1111-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-466-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-1013-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-507-0x0000000000CF0000-0x00000000010D9000-memory.dmp

Filesize
3.9MB

Download
memory/2952-508-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download