Malware Analysis Report

2025-01-18 22:07

Sample ID 240501-fyh5zsgg9z
Target https://tlauncher.org/en/
Tags
adware discovery persistence stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://tlauncher.org/en/ was found to be: Likely malicious.

Malicious Activity Summary

adware discovery persistence stealer upx

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Loads dropped DLL

Modifies file permissions

Registers COM server for autorun

Blocklisted process makes network request

Installs/modifies Browser Helper Object

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-01 05:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 05:16

Reported

2024-05-01 05:25

Platform

win7-20240221-en

Max time kernel

143s

Max time network

479s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tlauncher.org/en/

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0178-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0248-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0070-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0311-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0230-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0379-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0166-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0199-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0309-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0372-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0102-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0336-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0352-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0162-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0145-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0264-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0144-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0265-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0102-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0172-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0360-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0130-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0303-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0236-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0210-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0310-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0265-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0273-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0357-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0237-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0168-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0203-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0256-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0324-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0346-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0231-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0115-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath C:\Program Files\Java\jre-1.8\installer.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzmappings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259526726\javaw.exe C:\Program Files\Java\jre-1.8\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259526726\javaws.exe C:\Program Files\Java\jre-1.8\installer.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\splashscreen.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIF3C9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI45BD.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77ee36.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77ee36.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF477.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF555.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF8C4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF78B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77ee3b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77ee39.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF466.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF497.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF505.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF585.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77ee39.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF535.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF596.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF76B.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259500471.tmp\jre-windows.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0096-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0203-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0279-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0097-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0059-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_16" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0055-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0158-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0180-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0260-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0044-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0291-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0146-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0255-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0131-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_131" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0379-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0214-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0150-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0342-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_342" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0196-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0367-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0067-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0353-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0192-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0157-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0377-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_377" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0392-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_392" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0083-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_67" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0153-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0182-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_24" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0348-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0331-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0189-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0092-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0321-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0364-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0062-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0071-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0213-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0272-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0286-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0187-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0261-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0301-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0382-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0272-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0402-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0150-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_150" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_85" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0027-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0194-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0105-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0150-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0314-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_45" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0370-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0249-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_04" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0148-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_148" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0324-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0117-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_117" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0311-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0385-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0405-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0146-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0170-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0151-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_151" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0141-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259500471.tmp\jre-windows.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2964 wrote to memory of 2840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 1876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2964 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tlauncher.org/en/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2140 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1008 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3572 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1616 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3432 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=788 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3940 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3960 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4116 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4132 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1244,i,16817293068794759356,18031720488682227086,131072 /prefetch:8

C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

"C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe" "__IRCT:3" "__IRTSS:24068259" "__IRSID:S-1-5-21-1298544033-3225604241-2703760938-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1708464" "__IRSID:S-1-5-21-1298544033-3225604241-2703760938-1000"

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds259500471.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds259500471.tmp\jre-windows.exe" "STATIC=1"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding A5DBDF0E331296F3C0811485D7DB7D43

C:\Program Files\Java\jre-1.8\installer.exe

"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding B124C247C9864651D448B834DDCE1532 M Global\MSI0000

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A38401B76CB670DF7786E924D071A2B2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 00060549B07131401785C3180FC474F2 M Global\MSI0000

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.923.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.923

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SysWOW64\dxdiag.exe

"C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0

Network

Country Destination Domain Proto
US 8.8.8.8:53 tlauncher.org udp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
GB 142.250.180.3:80 www.gstatic.com tcp
N/A 224.0.0.251:5353 udp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 hcaptcha.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 172.217.16.228:443 www.google.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.18.125.91:443 hcaptcha.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 2.18.190.81:80 apps.identrust.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.36.13:443 tlauncher.org tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:80 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
NL 92.123.165.224:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c1.gcp.gvt2.com udp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.163:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.156:443 sjremetrics.java.com tcp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 page.tlauncher.org udp
US 104.20.37.13:443 page.tlauncher.org tcp
US 104.20.37.13:443 page.tlauncher.org tcp
US 104.20.37.13:80 page.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 page.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 img.tlauncher.org udp
US 8.8.8.8:53 img.fastrepo.org udp
US 104.20.36.13:443 img.tlauncher.org tcp
US 172.67.70.32:80 img.fastrepo.org tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 104.20.37.13:443 img.tlauncher.org tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 tlauncher.org udp
US 8.8.8.8:53 stat.fastrepo.org udp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 104.20.36.13:443 tlauncher.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 8.8.8.8:53 dl2.fastrepo.org udp
US 104.26.11.134:443 dl2.fastrepo.org tcp
US 104.20.37.13:80 tlauncher.org tcp
US 104.20.37.13:443 tlauncher.org tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 res.tlauncher.org udp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 8.8.8.8:53 cl2-res.tlauncher.org udp
US 104.20.37.13:443 cl2-res.tlauncher.org tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 launcher.mojang.com udp
US 13.107.246.64:443 launcher.mojang.com tcp
US 13.107.246.64:443 launcher.mojang.com tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 8.8.8.8:53 files.minecraftforge.net udp
US 172.67.161.211:443 files.minecraftforge.net tcp
US 8.8.8.8:53 maven.minecraftforge.net udp
US 104.21.58.163:443 maven.minecraftforge.net tcp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 8.8.8.8:53 cdn3-res.tlauncher.org udp
DE 78.46.66.120:80 cdn3-res.tlauncher.org tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
DE 78.46.66.120:443 cdn3-res.tlauncher.org tcp
US 104.20.37.13:443 cl2-res.tlauncher.org tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 cl1-res.tlauncher.org udp
US 104.20.37.13:443 cl1-res.tlauncher.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp

Files

\??\pipe\crashpad_2964_EWNLZJIPDSLEMAYT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar38E3.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0245e4cd74957a01c0d6f4fcdcbb752d
SHA1 315302c2d29eb1f9cd82f049e61cf2c46586d928
SHA256 e971f932e16504ba0823a3f7a3381855aecb98c4dbebb84bb8264b3cdafd1e99
SHA512 ec6356bb4f4c36fe60b1e8ffa25e741ac0436dc89d98f941a0f0bbf71fb7ecc2ec09dde81a1fe7091c2a5f873307622d3c1307c3a92dab8f1c5aee79cfdb648e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0145ff8d97afbf0a2640c40f9c64c2fe
SHA1 88b4d82015b3eea3d48dfe3fb539266ac3c66f2f
SHA256 3abc2624ebf1b93c38ae6c443d5f91aad380d6eb6cb56cdeebb329da6a981df5
SHA512 20accba3bd8c1229d64642f3bbd355970a18e45b7d7e8706c4ac7fa1bca01f29a94cded0b264ae92d31b05489a4bcca7766dd74ef22fef5033bbe1f7eda53aab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a02a528702eca5f655ba69632f7633a
SHA1 81a3e86942e6eda98e3aab3c296ce7816357f51d
SHA256 174241ae935b9688e2e08fa1f101e8aa62661265d1fa68a181606d4d65fe8d6c
SHA512 03814379648d8d679b267481410d7fde3a5b0b868c57fd165d21e45349fc98ff2bd27dd19d49697aa7ba9aa1f52217b282289ae071614704872a4cdbb304f08b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9950bf5ad18f2830e501bd5791537846
SHA1 240edff0afa95c2634498ffabeb6552d3c1a0174
SHA256 e41d5a58f8cea341db4cc1526c4076011b16722277eb9f1f823ef6056060264c
SHA512 778700460cb30e1b2fe9aaf5f6d49b793eafd2dd56201dde6d9d908c96da661e070fa3d8c801427273c82d6da5a52e998d8fdfde6015c2dd5f894d9b8f2a218c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99b0198ce83ca316ca3a68b65ff08363
SHA1 c307fb8b1b3a3d959f6d88e17a155c2a41f48cf0
SHA256 01fb88f1125116e985e408ba76b0055cc8476ff9498d3477cc8145147dfe08ca
SHA512 b6413ab4d5a942dd15d6606272a70f35520fc37451cdfa9e0023474b0f5d6bfbd8ecd160e0cf83d40a1efb3a29bb95696898669f00eac8774603d12b782d4f73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3054e2e5ea4a3777f23db42bb0d15608
SHA1 7c8c55a825966b837afb2ec2f470a55aadd31d42
SHA256 646d3d096746847712e2f26e9b401c0c26ecc698c3abfdc2ae663567cc65c7c2
SHA512 dd9eec530b3db1f4c36d0a1da324a265a22e9457164f5553893791f003d65e18aace5b528f5bb9afc509a68d47e6bc3602d16c8656890a26793145112cf0c3b4

C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

MD5 1a2ce8f6f111d438d4467a84d8c74351
SHA1 6f2b6d316eb820ae6875b84df9615e412ae0773a
SHA256 9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856
SHA512 8f276c77a73f4035513d463be939e056a67cfcfb28df078b7e63a3f524a5c66d02128ac6a267e84226dfc2916ae74d0f945a12f7326fa89fa97070329d828193

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 d795ef2a7b1d60d78cf3d4d083346a7c
SHA1 68a623b6b821476e543ea8dadb02ee3a78c55762
SHA256 c367e0f3b55b16ff6f167f19a3885b9dc7e9e34c0ccdf1df06af5ce7656bd61a
SHA512 bbc4161586240074989c56c9abed3bb36cc68516f03a741438a07633c21343a2a3c2ce43d741f83096e28a541ffb58e56c348cf8ebaa3dc91ae8953bb72c1666

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

memory/1932-456-0x0000000003350000-0x0000000003739000-memory.dmp

memory/1932-455-0x0000000003350000-0x0000000003739000-memory.dmp

memory/1932-454-0x0000000003350000-0x0000000003739000-memory.dmp

memory/1932-453-0x0000000003350000-0x0000000003739000-memory.dmp

memory/988-461-0x00000000010D0000-0x00000000014B9000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/988-1045-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 198272629061984ad581bb0e52cf66e0
SHA1 d08f1672f54611013124781d2ebe2bd01037c48e
SHA256 346eba793cf1a6f99d83355c5415f9c4f51e39329b4a5ddaf44e738d4f84f486
SHA512 9d6733ff232057fd0fd793a6bfb2de8dced8aa4b955cdd135e0d25ebb7612bcf1e60401e2280c1567275ec00eec11e9ece18ae75df7803c4c33e600973c34af6

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35cb41176853ad4bb91baeeaba9e43f8
SHA1 f6293be8098081219b827d6999a6776541baa63f
SHA256 727455437486ca06f5947c7b7e76b2ae1da83180952c6738c5553eea9b2dd1d5
SHA512 0e710e233369946d3019a3f6d9a06346752759e72c7cfb2130cc2cd9e8061efac80507a8145ac30dc66d741b99d99565d5db47e96bb79544e62fe4346fca9589

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 822fe10ea61dcc6b417bf53728d0ad21
SHA1 8a6eb6a9779720b36da66be02ee0c41d2a0e198c
SHA256 944dc6e759985c856443d155f9f74276068ef7378ed0db6fff9dc80745c9c628
SHA512 df5011b23e109407876585a80de51619a2446dcafd5468687d60633a39ee18715aac78d838d1ecdc397d7f7f67888ad7ee3a430dcd7e90f0337593e05612d082

memory/1932-1163-0x0000000003350000-0x0000000003739000-memory.dmp

memory/988-1162-0x0000000010000000-0x0000000010051000-memory.dmp

memory/988-1161-0x00000000010D0000-0x00000000014B9000-memory.dmp

memory/988-1167-0x0000000002970000-0x0000000002980000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 a266e0ae1001da0023f9664afbcaee99
SHA1 f943c180e5221a5943039c21b21f394dd99cbe14
SHA256 819b9a02a788445ad6c4d8f38e05abe911e289e71e4d2c2e37923c9f66f576cf
SHA512 525b8473b17732ba94942df63b0e43b26ee0157b137a1a39f52034b04ce686097e92ec8d9ea422acf02edc4385863c0179a6af73af01dfcfc1cb6d7c9dad1e7c

memory/2716-1208-0x0000000003130000-0x0000000003519000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

memory/2716-1199-0x0000000003130000-0x0000000003519000-memory.dmp

memory/2716-1209-0x0000000003130000-0x0000000003519000-memory.dmp

memory/2716-1210-0x0000000003130000-0x0000000003519000-memory.dmp

memory/1332-1214-0x0000000000380000-0x0000000000769000-memory.dmp

memory/988-1213-0x00000000010D0000-0x00000000014B9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5338e180-526e-478b-8522-1718ca32e13f.tmp

MD5 7f5a4a2c5a954dda74af7f24c386502f
SHA1 6a0b877050843ffb8f1e73bcb53607a9405bc717
SHA256 0f53de2172182e5271e0f95aca503cdb8b94b9256a49c0bcdc3cd4bff85aad02
SHA512 2bb7100d2ff0e5c0a6238e4d7faa8705be9cbd557611a9f687c46cb3b9d503252ac97c55702548615026ced3103507926b106cec417021da87784d12d35d8cf4

memory/1332-1230-0x0000000000380000-0x0000000000769000-memory.dmp

memory/1332-1229-0x00000000754C0000-0x00000000754C5000-memory.dmp

memory/1332-1228-0x0000000000A40000-0x0000000000A55000-memory.dmp

memory/1332-1226-0x0000000077560000-0x000000007765A000-memory.dmp

memory/1332-1227-0x00000000047D0000-0x000000000492C000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 fa9848f3cff6d80b5704c6d2ccb10c2b
SHA1 714c93f3fc2b915efae0cac6028d317711d59264
SHA256 63ff7897d3a90de887c1baebb2ef7b87e596f1749e07322090786c902bdd8d16
SHA512 9078f5e3583a2b2cd43f63f023908f652a4c6eb647b1bd8988d33e8f2f1d34d44192ce50b795ffd9764d94a343bdc2ecdb94483ceef79739a92ff8d6a0f9a41b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 9d399665b43d4310c637b43ae523da04
SHA1 5984f23773322e93fb762168cc1924fdab9cca0b
SHA256 c64efebdbee0cba76aa97b61953cfeab0097443bafdddc840feeb81ab0b4f2f7
SHA512 b881e136b499b8a32a68273d476daa5b258823cceaccf73740341f2af366458e66e1e91d5da8cf8bb07dd8f67665774caef58f15031c3bcc0a2ddad41d0c6145

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

MD5 b0a5a3db3901023adfc16cff5a381ead
SHA1 dfa2662d731eba223ede334a6f875b33e0da964e
SHA256 88812d618bc05aea2f43fe26cc7fb24953883418e51d6ca14d6a57fead9b97fd
SHA512 8eb6e90e6884b6ae0fdf943f4326d3ecf34eb9cc5e73d87137ffdea7caaf11cbf48bb7571096d7ed1e0de6c5627cddc9e018eeab2bfbe6639b573ac4b5209960

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 75965f3aec9d84db2e7f4b3028b1fb2a
SHA1 572b5c45881178967a0a6925c159b6abe885d636
SHA256 3571c7e390cfd913d6f98d30a7d56ab0b8cc97c5379287fefc3d272772046aec
SHA512 55d661f18e7065af6115382f52c9785a22f716985426606133a5eee3734d3422583b8b37c11250ff6b4960cc6741f7c8aff715a32c530a6bb637100c787c674c

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

MD5 d1172f72e8fec2b8ddbfe964b7197dd6
SHA1 91b86d380b4cf7f3fc6dba2be364551f0194ceab
SHA256 a8f33799d6ea706548917b5686b7bd1c6f077fcb344cbd51e9af8d7b4ffbb7d3
SHA512 afa1b94831188a4d15314a9c2a7c528e7c748a51030bbf6dfb735de5288f5a5fbcd6db3c275a0346c69dd6e999b50df81c7bf63a0cc5cc5c563c49844d363acb

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 c2d109cfea044b1a33929230e1a6d0a0
SHA1 762dfc5087474929be205bff8da69650ce0fb514
SHA256 7e98b5daa80e0bad20e129709761c90e897c5157c98e315ba48956cd6a8e93e6
SHA512 e600e75e2e85d7641d3517c2bc905bf0caf6f0b2abc39032adc9857040b7227a17c5ebb88d3a9718ca7d1999119c5af59e250c2796d8713cf922d01d570f1cb6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 982b81691cac850c2b98b252e4064660
SHA1 0c284934268046484921afa55587d863a3a241a3
SHA256 3aca81c52680324664bf3128976503ce73931444b956cb3127810661dccd1687
SHA512 5be188c92fd6dc8ff014f4f4ff3195edc69edb6142833a42ad49d45807ccb6bc5e7309a91d5a7f822f96f2951872f85d7a48328d123d2df59158af64a15e9f69

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 24af53d42866185fc162e1e04b0d0858
SHA1 10b8427f82b0eceb8a6cf98ea33d0be4acef97fd
SHA256 5629fcbe79f945871ef925c5479d445dd60460c802668568d9f57a61e858daf0
SHA512 33509ac157bb49c613f73775e7283b4bfec29c4e22db75832b071d1a7f61a1584fe1dddb2f3caecad02bdb4f89e91ebe0b2a4e67f4ef43b4e8b59cc54f617bff

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

MD5 2fe88aedf465ed13678cdbc685e44fa0
SHA1 624f5a00e7cb017e9bfdfab79f6594a7e02171db
SHA256 4351cce19e5189a474a3e5dfba8c1c33e51bd875c1d574e5069b49a752f9f665
SHA512 6fbff486e7064d083ba8d12d0bffa102fdd61a3f818bc85516ed12b287b582adfe7d358d6ace18b45978bbafd9d9a1df2e08dde8291cabb35677314e99ab299c

memory/988-1442-0x0000000010000000-0x0000000010051000-memory.dmp

memory/988-1435-0x00000000010D0000-0x00000000014B9000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 593e984da561b2dd8b0b4bbd94bb6453
SHA1 ca001ee68c92464491a106aa811120687d3df813
SHA256 b145322faee2f6e7926b1f69876f191e84901eaa3c1254dc8d693d64926c077c
SHA512 eaa7a9efeef2d37ebf3079b704ae06dcdd5979530c8da2d32ad17e034e22a19df6e3750e48b40c0be1ba932633f39ebbc4ffc2f65a302e07919bdbcc6e78b641

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

MD5 b7b32e3aeb677124b236d776ef443489
SHA1 3249a596e03148836131988b8ca9392f677a7470
SHA256 f60847a54bde74835d80bb41bc3c57ad211ca30d69c2eb48ef7bffc7c6b44d0c
SHA512 f9044d9da82099a0747b3de0382db0999a9f80cbfe894ed9c4961498c41c5db9055c32d699424b6c5835230a2d74df491151beb90f0ff959b580164b2defab2a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 7d26a524b09feacb9db695415e1a66b2
SHA1 724f925c2663b623a9755bf722b3f297c8ff605a
SHA256 867072872533f9000508dafdd49f5b83e03de7b611b454290e062034a423dc74
SHA512 6adae2bb7c7e390f5e50df048fb3417c31b025c4d32abcb97ef8206ae3f0769997650cdba178bbad8c34f07a4e613666388e4b9bc465549b47a8f01f0dec4a57

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

MD5 859d53eb6f971993774da3bccee533a4
SHA1 c51f8e6a9cbd749b77edfeb324ef18ffdfc8e4fc
SHA256 768c5aa62161f6ddcab82911e727bf7d902c8d3d24d7c62726542b32ae70f3e7
SHA512 5e2f6cd3ffd37a02b5d198046e422bd7c19acca91675a6c38f58d0a985dcc640aedbdab969df9afbc8be6367df071d8e77663c42d5529d9c798602e6c97d246c

memory/988-1798-0x00000000010D0000-0x00000000014B9000-memory.dmp

memory/988-1800-0x0000000002970000-0x0000000002980000-memory.dmp

memory/988-1799-0x0000000010000000-0x0000000010051000-memory.dmp

\Users\Admin\AppData\Local\Temp\jre-windows.exe

MD5 af1d24091758f1e02d51dc5f5297c932
SHA1 dc3f98dded6c1f1e363db6752c512e01ac9433f3
SHA256 e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6dddd
SHA512 8d4264a6b17f7bbfd533b11ec30d7754a960a9f2fbef10c9977b620051c5538d8eb6080ea78e070904c7c52a6ce998736fad2037f6389ad4c5c0ce3f1d09e756

C:\Users\Admin\AppData\Local\Temp\jds259500471.tmp\jre-windows.exe

MD5 96d622d62567def49ad8999324a66709
SHA1 5a4749631631d97e9db816f5cca2392e69d0b7d9
SHA256 953b06705f72bfffac774c41ceb359fe1d3f8a0c5d6a44f93597ce9c39399994
SHA512 c2d350895f47c5164138d2e3befbeb0acda8097a7904a28d9ad9db70ea0aabb3ec54a476dcb2746a41308fb79616d810305c53f7e23a4856a3f9eb656896de0d

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 912449a95a0adb0e3d94641e5041073a
SHA1 47b9867ff2979e54e2b24a889e0c00100a1bf673
SHA256 e92c3a046c98a92ae305c5465e284e4c82b3aa27518d44ccfe56d1c6d1574a1a
SHA512 59ac507d41ab9a8429a0d209014615e18cace50d26ede1b64c25e0a45ff8d273c4597c3e6e637fc6d4128971535495c1bca9a362c9d7f377570e989380e2953c

memory/988-1833-0x00000000010D0000-0x00000000014B9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3219ee6d0d89ee752b220d97dc841355
SHA1 297f5c12e7ba1b5e57c246f1183a52692ac2c2c1
SHA256 b95e69e2e2221b6b6c3dd101ceadf81959aeaf23a74f07e32c09e0a65e1c8ef1
SHA512 fc676df8a6a9db13baa85f22c345715b6e12a2ecc61d7a009ed21f16e2457c76ce13c2aa52158c15868228bbe439cfbcb45b9a3c85a54df8bbb06fce72dd6bba

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HJD0U1S4.txt

MD5 c2d3d4b90f585fcdfde549410e9ff2e0
SHA1 ac899fdaf9aafdb497ba4fd135df5a4fb8f9c584
SHA256 c1bf66e8826e02728a5ee08d84f2f045a7dec1e658876af794e908866b10dc5c
SHA512 e4fdd64bf10e01a6b3a899edcf1122b1fc43b465067ecc6c7635314f0736ec1ca76d06b8ba5cdc24c0589f965b71ae7f0aa6ea8af133b8d10b1129a9b0b3525f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 125c6659c0e444afda15620a8a973e23
SHA1 08a689f4aade5df1e738f4d23a4e3e2ca4ffbc9b
SHA256 c4d79405d227244ec7501c59d53754852b437ef7b51d6f175f07efedae5bff5b
SHA512 1777503fbdb825a2a1f72f8c9f936afb38f862ae9dd30b3856852fe664e9a764fe1872cfbb057f7af0f9611b3fef3fb13c423d97609457d9418a32b23f785680

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 995b16f31627a0fb2e91af4975245286
SHA1 dee3739779554168be0b0e197b8ae6da4e27dfa7
SHA256 30725b3f25dbb1a15d1846a9c0de52cb954f0b866a80587b1ededa74774ed37f
SHA512 f7969a8078c81b9d416ddec613e8f50ee3cd697d2b55dcbc16cf56ace25bcc5c2eb563c7edf4f0d9d0fa5449b87b7a333b0635d1ee8c92f38d5b65f3f6b27cde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 606102c17821ceac95bfa50466c8adac
SHA1 ed0188171d9536de16e3223a9a064417c1dd631d
SHA256 73ddacd84d53cf2cbc3c1df922f936d5f8b94f11ab57989ef570cc296fbf2428
SHA512 597f75d172ace92ca23cddd953fe7141fcdd8c00924e648e38013fdf0979902bcd6c9b2a25a1079cabe06d05e10de761d0b3592056f3d3acd431a007c57f7655

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401_x64\jre1.8.0_40164.msi

MD5 4b80c230492aedab6757f904167b4e17
SHA1 ca169fc089c12341ac8a023e98e5f7d58a1d5d90
SHA256 0d961da2bc9f0fe029c31beb616d5069b718abd7f494f28a86fc6ace8e4718ea
SHA512 fcfbaa9c987bda1143f2596aca5bb3c04eebbb8ff7cacb9f855ef66d4c1b433a0a07c9694dcaff56f481df0234e8cc833e0c4b66aa52c2541db5fc562a741aca

\Windows\Installer\MSIF3C9.tmp

MD5 64a261a6056e5d2396e3eb6651134bee
SHA1 32a34baf051b514f12b3e3733f70e608083500f9
SHA256 15c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0
SHA512 d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8

memory/996-2538-0x0000000000130000-0x0000000000131000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 625bd85c8b8661c2d42626fc892ee663
SHA1 86c29abb8b229f2d982df62119a23976a15996d9
SHA256 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a
SHA512 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 6684bd30905590fb5053b97bfce355bc
SHA1 41f6b2b3d719bc36743037ae2896c3d5674e8af7
SHA256 aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20
SHA512 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

memory/1028-2709-0x0000000000140000-0x0000000000141000-memory.dmp

memory/988-2722-0x00000000010D0000-0x00000000014B9000-memory.dmp

memory/1028-2724-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1028-2727-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1028-2754-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1028-2755-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1804-2767-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1804-2778-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1804-2781-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1804-2782-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1804-2800-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1804-2805-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1804-2811-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Config.Msi\f77ee3a.rbs

MD5 d65fa17b47f348c7df6f18b1525da96b
SHA1 a1727c97b23ae0bd4097c0e800d8eebd2b75058a
SHA256 24778bf7801cbad1089877b42f901b4e004301596673a2ef4e2f05539477d2e8
SHA512 37763e753ba97f29b326e9c828051face16e4881f324318261793f3f44011313df3281c1f54e26d1dd738342f1b1853655062fafd17da97158bcb6d2e1d7a1aa

memory/1924-2877-0x000007FFFFF70000-0x000007FFFFF80000-memory.dmp

memory/988-2890-0x0000000010000000-0x0000000010051000-memory.dmp

memory/912-2992-0x0000000000130000-0x0000000000131000-memory.dmp

memory/924-3006-0x0000000000240000-0x0000000000241000-memory.dmp

memory/924-3008-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\runtime[1]

MD5 5d4657b90d2e41960ebe061c1fd494b8
SHA1 71eca85088ccbd042cb861c98bccb4c7dec9d09d
SHA256 93a647b1f2cadcbdb0fe9c46b82b2b4baf7685167de05933811549145c584ee0
SHA512 237738c0a6cb25efe29effc9c3637245e3e2397207ed51e67bae5a1b54749f88e090de524f7868d964debbb29a920a68205ccbd2dfceed4a1f3cd72d08b16fa3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\host[1]

MD5 a752a4469ac0d91dd2cb1b766ba157de
SHA1 724ae6b6d6063306cc53b6ad07be6f88eaffbab3
SHA256 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3
SHA512 abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\l10n[1]

MD5 1fd5111b757493a27e697d57b351bb56
SHA1 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711
SHA256 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f
SHA512 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\layout[1]

MD5 cc86b13a186fa96dfc6480a8024d2275
SHA1 d892a7f06dc12a0f2996cc094e0730fe14caf51a
SHA256 fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058
SHA512 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\rtutils[1]

MD5 c0a4cebb2c15be8262bf11de37606e07
SHA1 cafc2ccb797df31eecd3ae7abd396567de8e736d
SHA256 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1
SHA512 cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\common[1]

MD5 f5bb484d82e7842a602337e34d11a8f6
SHA1 09ea1dee4b7c969771e97991c8f5826de637716f
SHA256 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a
SHA512 a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\masthead_left[1]

MD5 b663555027df2f807752987f002e52e7
SHA1 aef83d89f9c712a1cbf6f1cd98869822b73d08a6
SHA256 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879
SHA512 b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\masthead_fill[1]

MD5 91a7b390315635f033459904671c196d
SHA1 b996e96492a01e1b26eb62c17212e19f22b865f3
SHA256 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00
SHA512 b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

C:\Windows\Installer\f77ee3c.msi

MD5 d7390d55b7462787b910a8db0744c1e0
SHA1 b0c70c3ec91d92d51d52d4f205b5a261027ba80c
SHA256 4a2f7d9d33e4ad643bf72722587f2b268d92dab3bb1d9bc56af316672e34728a
SHA512 64f3837dd6099561ce9be97d6fae0b11f3f6cc08281f1a3266d5a6f3ca8baf13bbd780735ef62b449b577d62d086f942b48519671226c60f0e1480f9dbdde434

C:\Config.Msi\f77ee40.rbs

MD5 7a094967cc9bdcf83fc11be9030ab0fd
SHA1 80f11b1d0d28078a724b2ab809ca8b61fef3cbf6
SHA256 617fbeb28051be8a9459c48bf47155060cd910618807d400b2397daa87eea2bc
SHA512 d222fcbae51e0746aaf6877f02cfde613775c7b3aeb636df7bbcb7c324bb5f76c0fcf819c3d0969ddc4339c8d5b44aef6eee12ef6e5115e08c335ec58c729815

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

MD5 69862e8a82c503fbc5cea0c9e8a33876
SHA1 a69deda06d6224750bf1ab941bf934bf5250fe4b
SHA256 8fc3a97777dec1ab22f74f069354cab4880731b873452694921cac9814059858
SHA512 db86fbd4e1692de8a2dc6816d34e28b12badaed81ad07a7ce4fc225a212fee63eccd1f51c5ebdf7485ee8c0db716f9ac649cd2a4aae92218372582e7ab3d3951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e99fc459-ff44-4dfa-a1c1-d621d465c1f4.tmp

MD5 19c066706576b83c53e0be197651b323
SHA1 a96589583b2ec5e8508790772508380344c04f79
SHA256 60bb98c11215b54275021db3d11a9c54fad89bb4647f513d580ba391f2ccf3ac
SHA512 14d5aa6ff03fd83454e8f24a9d7c6fb57c5d83b022b42b598ee91415969792d3c569428f225148979b56579a9d6c3a00ac7c5df3f49a39bf3f93932b900db632

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 90615667f3a367ebb1572b03f30a2b6a
SHA1 29064912a89cfcb9241395dfe04561d30a172d9a
SHA256 6e3e0a08e04ec00074c4020884c378e0df431b6599a8d05917c8c688b2dcdbb4
SHA512 09cc53d2989eb74749c3e7b4723e3302ad44cc0e001e6c3c6de0197c8cdf5c582589beb29dfddf1e5da536d37d3be97534a490dc2c9e9d69995bee12a5ee9483

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c6ca90c378bcb100cbf3183eda9a2bfe
SHA1 b5eddbc0fd87f0e139e31a1e104624ebf16d0d40
SHA256 300a190da364c2e160cf11b49e1464657df3eae5c77a088e1546ba30d84bc8c1
SHA512 5c4ac3889abb8ab7965b72a019df5e57b94a16b8420f65455bc1e0d511a29de3a4e7a4b3a4cb37d90ed4f3786ce2905b99a740b6d27b3701b7cfd1299c10c18e

memory/988-3216-0x00000000010D0000-0x00000000014B9000-memory.dmp

memory/2660-3316-0x0000000000400000-0x0000000000417000-memory.dmp

memory/988-3796-0x00000000010D0000-0x00000000014B9000-memory.dmp

memory/2184-3803-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2184-3811-0x0000000000420000-0x000000000042A000-memory.dmp

memory/2184-3810-0x0000000000420000-0x000000000042A000-memory.dmp

memory/2184-3813-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2184-3831-0x0000000000330000-0x0000000000331000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 76f88f850ce46a6f0d0e29256b4031c2
SHA1 65c1524639b6b6a406546a759293663fa18764e5
SHA256 cd22ccdc8774ee97b88feb2e34261d9537a3cd504a24c295712fbd7c30542932
SHA512 8683d4467da7104b1b1526027fe7b0a00091e1aa57ad9c2edd4ac8a457e6c1a50ddab323274b9a085df0550bc99e3100c1f23153ff978b1febddaebd4e441c48

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\prerelease\tlauncher\2.923\dependencies.json

MD5 47a8d1472e2d917aa9eef471408c4ea0
SHA1 e68215e8b96c7f0eb1676bbdd7784b3a58c56425
SHA256 3e14d4b35df9c75af253eb5ca2969aaaeb290a8e2e1c155129ee0dc38563ca0a
SHA512 319684809ea42e77e48ab096647c55a95d70d26d461079896ad8c21a5bba01abc32516ce19d64ab15e7caa64b92c34080b0bcbb0ba334c483342b3bbcc0223eb

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\prerelease\tlauncher\2.923\resources.json

MD5 dbc6764753e3ea4164e38a8c5638a6a1
SHA1 0a74ecb2cb77b471851dcdb39c8cfd3cf3dc24e5
SHA256 0c5a8ffb6b746d925782a1b599b267fe0f51cc8c4f2044c7d5083bf595956093
SHA512 8453732b44df6dbe0bb59ece1d9e2f4858bd6088634a4491fe9375363a2006a168781d97821ecc27890831e940d3967435f17a9fee6ba86e6971f157b8f76454

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\prerelease\tlauncher\javaConfig.json

MD5 0de49ba7ad7c893d4d1ef2f4e9be4ef1
SHA1 30b83af16d1afbaea335fd807c9c738ea3271081
SHA256 c087af3178595a0fd65ab365fccf8043a0cfe86b82a91697910da22d380ac4b9
SHA512 ed650dedac990488901abea5dae618780443040d6c423a0fcb99e5c8c82f667f254549eec45608437b17924ca90b642f5f736ad764bc528879516533813777e7

memory/2184-4402-0x0000000000420000-0x000000000042A000-memory.dmp

memory/2184-4401-0x0000000000420000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

MD5 c62a00c3520dc7970a526025a5977c34
SHA1 f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256 a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA512 60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

MD5 494903d6add168a732e73d7b0ba059a0
SHA1 f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA256 0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512 b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

MD5 f815ea85f3b4676874e42320d4b8cfd7
SHA1 3a2ddf103552fefe391f67263b393509eee3e807
SHA256 01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512 ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

memory/304-5171-0x000000001BDD0000-0x000000001BDDA000-memory.dmp

memory/304-5172-0x000000001BDD0000-0x000000001BDDA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF5077455548942379004.tmp

MD5 afa7a91dadd77b23634a0fdf18c148f3
SHA1 6cbb57ba2355cf442e06899898ff5af55867103e
SHA256 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA512 84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

C:\Users\Admin\AppData\Local\Temp\+JXF10453094884409361976.tmp

MD5 ec5d243a9958b3858b5a71fb9a690da7
SHA1 d80b02c91addef2ef58136d1a7df0189f453388c
SHA256 a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512 479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

C:\Users\Admin\AppData\Local\Temp\+JXF13149019801371336025.tmp

MD5 54a91b0619ccf9373d525109268219dc
SHA1 1d1d41fcadc571decb6444211b7993b99ce926e2
SHA256 b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA512 7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

C:\Users\Admin\AppData\Local\Temp\+JXF15791619069526318078.tmp

MD5 4c41e856744eb797e9936359a6509287
SHA1 0959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA256 83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA512 07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

memory/2184-5609-0x0000000000420000-0x0000000000422000-memory.dmp

memory/556-5648-0x00000000002D0000-0x00000000002DA000-memory.dmp

memory/556-5650-0x00000000002D0000-0x00000000002DA000-memory.dmp

memory/556-5649-0x00000000002D0000-0x00000000002DA000-memory.dmp

memory/304-5651-0x000000001BDD0000-0x000000001BDDA000-memory.dmp

memory/556-5653-0x00000000002D0000-0x000000000032C000-memory.dmp

memory/556-5652-0x00000000002D0000-0x000000000032C000-memory.dmp

memory/556-5654-0x00000000002D0000-0x000000000032C000-memory.dmp

memory/304-5655-0x000000001EEE0000-0x000000001EEEA000-memory.dmp

memory/304-5656-0x000000001EEE0000-0x000000001EEEA000-memory.dmp

memory/304-5657-0x000000001EEE0000-0x000000001EEEA000-memory.dmp

memory/556-5660-0x0000000000310000-0x000000000033A000-memory.dmp

memory/556-5659-0x0000000000310000-0x000000000033A000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TlauncherProfiles.json

MD5 7a414ccf04636adc5e354458f388582e
SHA1 f3d6d91073e5324a48c4bf2b5bb22de99603a0f1
SHA256 a26bd3a7108090fba73cee09f9750762eb937287d538070146b60e042ee55bf3
SHA512 36502052fb082debd1122c289a2128d614d13ad88416bb8e1566923b3e8b8141a872e6a5e12ee1c6f6d902e56188c9f9bf6ae334ae9a688e502959018a55ce60

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\policy\limited\default_US_export.policy.tlauncherdownload

MD5 1a08ffdf0bc871296c8d698fb22f542a
SHA1 f3f974d3f6245c50804dcc47173aa29d4d7f0e2c
SHA256 758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9
SHA512 4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\policy\limited\default_local.policy

MD5 6d7b4616a5dba477b6b6d3f9a12e568f
SHA1 7fb67e217c53a685cb9314001592b5bd50b5fbb9
SHA256 2b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441
SHA512 a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\ADDITIONAL_LICENSE_INFO

MD5 71bb3ad0017bf36d14bb96a8d4b32c45
SHA1 1a5c553e71bdb7d94995b206bc9eaa49abd1e888
SHA256 a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916
SHA512 9f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\ASSEMBLY_EXCEPTION

MD5 d94f7c92ff61c5d3f8e9433f76e39f74
SHA1 7a9b074ca8d783dbe5310ecc22f5538b65cc918e
SHA256 a44eb7b5caf5534c6ef536b21edb40b4d6babf91bf97d9d45596868618b2c6fb
SHA512 d4044f6ceb094753075036920c0669631f4d3c13203caf2bea345e2cc4094905719732010bbe1cae97bc78743aa6def7c2aa33f3e8fca9971f2ca0457837d3b0

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\cldr.md

MD5 8f5780e8d582fe686ed11535dec512ed
SHA1 b63b615a826d8a40f5a45dc49da0ff1d8b6666c1
SHA256 f2bd33ded550a05d59e8f659416ef382490504548d846e6388b1dffd273aa077
SHA512 49996cdcd2bfbf0e018e0fe127a98e5435e50c0b3f4891404e897826be74ad56d253bfeb51934195ed559be3c251613ecae744c39fd6793f59dbc87de6e970e5

C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

MD5 0cfbad96ae5132710393ed312c2590cd
SHA1 53e0c27ffea87a703655b0639a0db543cfe55164
SHA256 35243e81cb8d1d660fc184bcc451ef1b90e754fd7a219a4a602323dd3b1eea55
SHA512 0a327c9f40c78b25c29e5b210ff1f862d41c02eb2682dcbc7e847a698cfbd8b5cc6861dc9a07d095971c2098c7b9df5aea8a6fb58c482245a8dae7567a99eb7e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\icu.md

MD5 2f77c0cae3fdc2b5b6e8d85898cc4c2f
SHA1 92db4d2a0cdc8680910fc434a1a637a5b87ed599
SHA256 af0057e8553906083f69c2fb9fe9ed4ae8bc2340a0b1e376a424702f00300b29
SHA512 2a105217c50f345c1fba6dec9ff8a3c70ec0c14f4821c1175c2c21d4e6b5f4f1e7a49d29aae9698c4850a2298802eb926eb6d80cd6082eeaa623394b10f28967

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\net.properties

MD5 385443b7e4a37bc277c018cd1d336d49
SHA1 b2c0dfb00bf699e817bdd49b14bc24b8d3282c65
SHA256 5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08
SHA512 260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\ADDITIONAL_LICENSE_INFO.tlauncherdownload

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\ASSEMBLY_EXCEPTION.tlauncherdownload

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\java.policy

MD5 fbf2b55342947695aa2a15e3485ed29f
SHA1 a04c23f61d2958fc1e9882509927b43cab0e799c
SHA256 f2a00a1dec3b7a097f0815f338a84717ba1017d5d7aae96d842d2188d67c3250
SHA512 35ffe47eb7d404785e5bef3f1f26629f5dc04c54f9dcb082a250da367414095b024e6486ad0332cebe0348a2f972e9d58979c8c86ab9753f72ff0727bda07c1c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\policy\limited\exempt_local.policy

MD5 4cbb03f484c86cbea1a217baae07d3c9
SHA1 ee67275bc119c98191a09ff72f043872b05ab7fd
SHA256 8c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9
SHA512 2bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\LICENSE

MD5 3e0b59f8fac05c3c03d4a26bbda13f8f
SHA1 a4fb972c240d89131ee9e16b845cd302e0ecb05f
SHA256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726
SHA512 6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\jpeg.md

MD5 de0e5a6cfc652c81ee7b582aa004dad5
SHA1 fc3bed0e9b640daac5c5336badebb3a55e89dfd5
SHA256 580be596216ee11e2554b24ce944973acaede2ebf5ffba34a6bd8cc441c05043
SHA512 1b78c0fe3aecaf1d4da9d7c5d84cb15d7acebdecbf73b224cf72b9f84bc269a84b8366150a63a28485ee61d51595cfbfc5fbe6a175a9e277d5a41038c9e0828b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\logging.properties

MD5 0f00ec3e7a7767a4efeae1875fb5f3d4
SHA1 167808418571e9209b952188ddab2f4e62920e68
SHA256 b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f
SHA512 e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\aes.md

MD5 2e33468a535a4eb09ef57fc12a2652d0
SHA1 e64516f3fa1e72f88caa50f14b8046dd74d012b6
SHA256 45c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d
SHA512 4d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\public_suffix.md

MD5 a90527d48ad0216fd1e5241015bb0f77
SHA1 a59b3bf9478184be7ae959e27ce7257bc418985a
SHA256 bca182053946267c1f3bb5d160849a6a290b2aefc57abc7155180ca98db87301
SHA512 6fe7f9980d1e29a0ab7cccf8acb1b73c867e48a975799f57e07381a432b5ead70b2f470649aa36e38b6bfbf3e819fa2d2b9c4e3281c86ecf500549b1b4800038

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\java.security

MD5 9de4139494e2c62f18b76e5df12e2dff
SHA1 9f3b4e00dc585f09b098247463f0165ee3f34740
SHA256 d3869371d15a199e17e227a45b95e6b78b69fce329dba03c4a2a42cd3efff20b
SHA512 d4d150b28a2154c5c4474cf0289b66cd0dcdeccbc0cb943b98411efefb76af61211dc528820b753ffefe3a6d5a7272dd6f27e78e93bce776d258a571c0e7a90c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\policy\README.txt

MD5 3d47d94bc4f19d18bcc8b23f51d013af
SHA1 a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb
SHA256 6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5
SHA512 68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\unicode.md

MD5 a37c772aaeb922a5ff741a1da81d52ac
SHA1 85c21732f4903895dae6e512d23accc5d26010df
SHA256 5e4e6623a21a63f9bc16ea54af4133b8038e490c0d499a74676f9e5a61b9c5b2
SHA512 17805f146fae2058ff99d051d231bfc7238c2b79dc70930af01f3c56657e06d037664cd9dbdc42fe48c3539dcf39f4b799e0a53d08a8891ba2af484745b956aa

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.management.rmi\LICENSE.tlauncherdownload

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\security\policy\unlimited\default_local.policy

MD5 2a0f330c51aff13a96af8bd5082c84a8
SHA1 ad2509631ed743c882999ac1200fd5fb8a593639
SHA256 8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a
SHA512 2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\conf\sound.properties.tlauncherdownload

MD5 4f95242740bfb7b133b879597947a41e
SHA1 9afceb218059d981d0fa9f07aad3c5097cf41b0c
SHA256 299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66
SHA512 99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\asm.md

MD5 66c0cecd7aaddf8f7d0cdb433c5c6036
SHA1 c34eb481a27b11495d8e0a5505be89826b8051e2
SHA256 1ff912740e84e024711def5fa482ffbb46eff64559760c467352dfa7c39a3307
SHA512 7ecbf4ef5b621227caa6889937e980cd3492e344b2ea06d0b8f6f247eb484420625eebed3ad5f23f84251b47390cb115f41197909593d3ca7d293415ac9188c1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\c-libutl.md

MD5 2e89a282a50f8702e52703464e6937ca
SHA1 cfc22a6f5b17cd539234d5b3160a5224abefadb9
SHA256 bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9
SHA512 ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\colorimaging.md

MD5 0889fd01a6802a5a934572d9bd47f430
SHA1 7a7e547452ee1c72e8b0d96dccbe315f62d5b564
SHA256 04d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189
SHA512 f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\wepoll.md

MD5 cef1d92ff8ace278bd32ac5e18735b86
SHA1 6c7d15e2b8f3e99527458c8ea33420ee1d34af7b
SHA256 3ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0
SHA512 12aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\lcms.md.tlauncherdownload

MD5 04a8a77cafdd6185a3506eccf7a83346
SHA1 1acbec21e9eab8bd2bee9826353c1e768d5457b5
SHA256 8acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782
SHA512 a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.base\zlib.md.tlauncherdownload

MD5 440321d71d082c9f04a9995b613bdff2
SHA1 9af688d499b3026ec8e5a2e266dc4b9b4884a87b
SHA256 81518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285
SHA512 c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\giflib.md

MD5 867001e2a577f88cfc856f45959502aa
SHA1 109c11cec13349212ba94b9f3eb7d0943229938e
SHA256 c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8
SHA512 dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.desktop\mesa3d.md.tlauncherdownload

MD5 c7e0d19c8f4eff11e97f0eb9afd3f7f4
SHA1 6a98ee2703132e181f37d162452f073fb64ced83
SHA256 63f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152
SHA512 9c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.xml\dom.md

MD5 13952c46b3867103ad7d1e9c6c9e906c
SHA1 4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb
SHA256 6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148
SHA512 8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.xml.crypto\santuario.md

MD5 df4b970846bc5c7742c8356641731613
SHA1 ee0a66a8c52c2294e0fa8b7edd2b7cfb6c6b2f3f
SHA256 6c05574d99b0d7e38c6217db5718e7ba2ee7f710f23a5f8228e502dcffe43e7a
SHA512 ee1463a0adabb1f6bfc046ebb802fd01a9341828d730199b2423021cff1134ba5faa252767ab8572ca942a3590d834eed6a895fbf0e96ffade98e2df266cd612

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.xml\jcup.md

MD5 d19594fbf6eab2242dc29257905d8ded
SHA1 fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c
SHA256 8d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf
SHA512 7ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.xml\xalan.md

MD5 b29a2d48a582be602d54da738c304350
SHA1 24d8fea1126acfc1ee4f990fd761d138637e6147
SHA256 ea67226be5cfe19c7e79725c2c24a16676323264d69f9747c528de0b44541b03
SHA512 1b63beefadaa6ab21a54a68abe901a38624453f7cc3ba6870e831dfb9c23990d19b67ada316e72a06129cfcb49ccc495c2ed6b35cd565f05e4ad1dceb87e8752

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md

MD5 fa24b7e2a61a7045cb0c6c385000681b
SHA1 869fc0b687986ea26b8ff63c137e03c92234a5c8
SHA256 262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811
SHA512 2676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\java.xml\xerces.md

MD5 5feac4b0a3606d75537b6b9d355e5d3d
SHA1 d5a230002b75ea8f003984000f743a85eadcf7c9
SHA256 472224f99de833f4f4c19f2f8a0317f22114e1c641f5d77ffa3a4280a1b80176
SHA512 d0b638c8ef8bab5630faad0d65b24735b567f7bd413e82f3ca48166c681cf00e8e543ab26ef8c6148a00956ef80c68c06c4fc31632352b403b39c799ece4dbc2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\jdk.crypto.cryptoki\pkcs11wrapper.md

MD5 b77d1951df7a8488eb84ce1d25486a14
SHA1 e35415235ec3bbcb92beeceb03a9a8e7c13a6fce
SHA256 371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d
SHA512 759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\jdk.internal.opt\jopt-simple.md

MD5 4f3f190fd212329afc39442174ca4b3a
SHA1 d7e25adf223e68d06276ae7666bbc96590dda442
SHA256 99bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05
SHA512 fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\jdk.javadoc\jquery.md.tlauncherdownload

MD5 8ef4ab67241efd69eaa3df9871fa0dbd
SHA1 a20a019c3b06d4263b00f5e89ed394a52b8c1981
SHA256 0716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e
SHA512 1f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\legal\jdk.localedata\thaidict.md

MD5 2ea6eb55ca40902554aaf2fd20a76ba8
SHA1 e5b9e88e174c797c313d6739e7e34772b723bc4b
SHA256 c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a
SHA512 5221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\fontconfig.bfc

MD5 0e25b41e6acf99681eaf2e8b572f18d1
SHA1 d6b4290da768e050fe6c310366272f87e6c2b6d2
SHA256 968ac99bbaaf8a49a474c934e73ad58f88c6c7f2a363cb44771e0378444e36ba
SHA512 7c1e98bc6582af9e9c58c13cdc4d257e441a6d48fd395a3601ad558ebd481257f138d6f0dcbfe12735eb6bebeb7c8985b3d8af633b545fa01d56738f56360c08

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\classlist

MD5 8609f02107e12b099812907091c67c88
SHA1 a17d9d9064f409d3d7b6fe0a5e9c2ab32154567f
SHA256 b9e8a47b633879a932d920e57644b560f8f2610abebbd7003e9d0af155a35ccf
SHA512 91df39496f9957fce6aa5f58308853bff77605e07e1ce2da8370356905dcc5273f8aee600811f815c5162a1b863c380b03eb2916dd8d6ec8670fec0a3141579c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\jvm.cfg.tlauncherdownload

MD5 7ce21bdcfa333c231d74a77394206302
SHA1 c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256 aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA512 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\jfr\default.jfc.tlauncherdownload

MD5 31e2d129dc3cae567d253a94fa285944
SHA1 ce34fac158a582efbe025521371ecfcc4b3169d6
SHA256 4b57387abe8b51dfae91b392274de6f8f03e41ff8501240293404c2a5b1c4995
SHA512 1fc15b4ddb26b516fe43d67cc8942de4fcb828d0d5948873cbac7937dc6730542240bb358b8be5cfce9b249081020c211147fd354fe418bde1e283c0bc3836bb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\security\blocked.certs.tlauncherdownload

MD5 8273f70416f494f7fa5b6c70a101e00e
SHA1 aeaebb14fbf146fbb0aaf347446c08766c86ca7f
SHA256 583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58
SHA512 e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\jfr\profile.jfc

MD5 dd3edd73b3dfee9ccd2f62a48a8d0978
SHA1 7909778105c2334470d41c0f21b9e4b2f9de7390
SHA256 509d1403d6bbd78afea4af8d1890aef5f391212d2ecc6c2d0d15311fb6717656
SHA512 770838fab542f72da35c9aab9f78a5f9f2438f7779354c0cbaa5dc8895ee01ec71f6dbdadefa19d5afaea0cf291681855847fc1112d88eacb38685733f299f4f

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\tzdb.dat.tlauncherdownload

MD5 2fd920c56de68f65493ba6962fd079e1
SHA1 1e79bff02711d3dab3c75e90d4bb08f8086c9626
SHA256 b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93
SHA512 958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\tzmappings.tlauncherdownload

MD5 b02ee240a8db902961fe886a19beba16
SHA1 c52c42d591f4c650b629e6b374e967e211fb5aeb
SHA256 36dc51c4bf787f640a4b45cbb84ab6954f6e595cbd3617c2f5a4e1e607b38bff
SHA512 024811961511b7182860ed03a5670f82412a45d005a1db0876f6b0c9af7e96c104566abff0ebbded11a780349444214291f439039d20fb92071c7dd24bda0e23

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\security\public_suffix_list.dat

MD5 e7a714571a1f7c4e1d2f70b8f3052ada
SHA1 2b09124caddf58ec734f4664264ed5666f7c1c64
SHA256 72e17c92d464ba1476fbcc7dac6cbc493f6fb04f158895368b57d81ddbe277d1
SHA512 981250d4da5fa5f86dad4fae8465fd8ce3cf36297a86ece0ffdfb3963ac5f8e0a56c0aeab518facb7b51ec359665f6a0685f2c5443271e70ac8c31c9b1aa01d0

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\lib\security\default.policy

MD5 a9bc877eb282751fa4832811bd5fd922
SHA1 f2b41d0c2c4f708f4c8b4561ff4e42c3875d9903
SHA256 a06db9c282547150e85e7a67590726f112bbda9305371907c7082215b7d13b5c
SHA512 35a1bdf6b24bb5ba0ecb7585454f607e0aa5746dae8921a49c9da3644cc309ee21ff85de34e0861e835e12b2ea4c0e501a1551f081f21d8493c884660c5862df

C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\7a\7a5bd3f8d091a924c4f649e8354cca8c9998a653.tlauncherdownload

MD5 d208150524c6f8f1c1b57a6a4cb1bd16
SHA1 7a5bd3f8d091a924c4f649e8354cca8c9998a653
SHA256 08f190ce89355880fce912791bb5dabf1927f32925ae79a9121e9d9036e15e89
SHA512 9e265d28f4734bc1066285f77b60eed54a04e74a60ad85f52ce8c926b71d0448a3f227b89766df688e4b046522344588f9929af3a36e1ba3195d735a3d2e5992

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar

MD5 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256 daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
SHA512 ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar

MD5 091883993ef5bfa91da01dcc8fc52236
SHA1 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256 a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
SHA512 f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar.tlauncherdownload

MD5 ff905bf0aacf501149a13880a2d6742d
SHA1 da05971b07cbb379d002cf7eaec6a2048211fefc
SHA256 16d70e7968b45caffc81576268eb000f473fb60bf257182d3447dea8ec919d5a
SHA512 5d66d948fc5e4be401ce6800f36ae896b9315abbb63cc0c0d489ac10651392522c9e52d2a42bdeba095b713917f41ff04121d34675c504da716bafa55355e171

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar

MD5 eb0d9dffe9b0eddead68fe678be76c49
SHA1 4fdac2fbe92dfad86aa6e9301736f6b4342a3f5c
SHA256 df26cc58f235f477db07f753ba5a3ab243ebe5789d9f89ecf68dd62ea9a66c28
SHA512 cbc27e0b6da6ae4b6245353d6626d2e3c171c3026a555fa21e8ef61b30714e286db85086d1a57c167016e8a7f07be2a243e34b3ab504b1877806f3bcec5df986

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\v1\objects\fd19469fed4a4b4c15b2d5133985f0e3e7816a8a\client.jar

MD5 f7477a4e542bf5ba480fdacf0e249da9
SHA1 fd19469fed4a4b4c15b2d5133985f0e3e7816a8a
SHA256 9221ab461a491bf9661cd8e773a5e662aaa43d600fa7970b8c12bbfb0431b838
SHA512 2fc775ec4a55027550590d63e927a9afa695b03c3a66694ccd9a5d27720810879879774ef6efd941caec7bbbf2a91c41a8445d7d6e0d8384a92c15f71b8204ec