Malware Analysis Report

2025-01-18 22:27

Sample ID 240504-g4tdksee2t
Target TLauncher-Installer-1.3.7.exe
SHA256 9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab
Tags
adware discovery persistence stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab

Threat Level: Likely malicious

The file TLauncher-Installer-1.3.7.exe was found to be: Likely malicious.

Malicious Activity Summary

adware discovery persistence stealer upx

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

UPX packed file

Registers COM server for autorun

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer Phishing Filter

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 06:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 06:21

Reported

2024-05-04 06:32

Platform

win7-20240221-en

Max time kernel

621s

Max time network

632s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0018-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0064-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0079-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0077-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0081-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0083-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_51\bin\glib-lite.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\management.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2native.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\rt.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfxmedia.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dcpr.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\java.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jdwp.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\server\Xusage.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\content-types.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\hprof.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.bfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\bci.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jsoundds.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\servertool.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\management.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_es.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\rt.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\snmp.acl.template C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\README.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\classlist C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ja.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\ffjcext.zip C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\keytool.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\plugin2\msvcr100.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\sunec.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\trusted.libraries C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfxwebkit.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\nio.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\ssvagent.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_iio.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\verify.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\calendars.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jsound.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\t2k.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\logging.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\splashscreen.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\Welcome.html C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dt_socket.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\orbd.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunec.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\profile.jfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_it.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\access-bridge-64.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\decora_sse.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\sRGB.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\f79230b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f79230e.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f792311.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f792311.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID427.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID59E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\SysWOW64\dxdiag.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2ED0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f792310.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA097.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f79230e.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File created C:\Windows\Installer\f79230b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f792314.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f792314.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f792316.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID766.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 78d8a9b3eb9dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b530c5eb9dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC1F7911-09DE-11EF-97FB-6A55B5C6A64E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420965722" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000036bd1f607369ca374a6b01e200585c81da5c94b7196646ededeb60f55652f9ba000000000e800000000200002000000014b772144774731f3d50259b8885da5e4d32cd9d20e753e252edc314763e71ad2000000055cf25d1996e0ccd964e135b150624f3813c2083c733604886c295ab16d92ca340000000dd2be72de2f8bb75c745cf0ca4b3df115742b6f34905749da6e94b5c79516b45bf1a92865e50f71b033687cc4b2a1523e1df81f0acb463ca250a1ae35d40bfa3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000cbc98ca2ff65bc467fe0e19d779d12e6fa2ed37377d9b02e725322d764de3adf000000000e80000000020000200000008bf9adb337361bdbed52e6e6cb7d179c620461751d083a3e9196ddcfb7ed5d5e900000007fcbe05a7e6de51541ca390a74975b57baca660b797131e23aa301ee537396dbac7b0a9adc318d6f9b49a678ea48062067f91cfca9de6d92dc583b6a517ece206d811f20307c4602bcbcec123daef3857e73a4e730f55da6c3e048935f3b65be2cb959dcac8075fe138d145f65f11382411de3bf900f354351fdbf1bf4ac6e758480e24a83a2c78bcb57c4bcb196cc8a4000000076d7acac86b495ae2e3597b31226e7d51db4fd0645c512a6ce5a3bf7d0682ba1267288b082c6344a826420e07bc0990a3ef08afc57122ad755e0dbf6f6cdf2c5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003d000000900300001d020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_25" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0041-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_41" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_15" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0091-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0028-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_28" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_17" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.0" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_81" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_20" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_02" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0009-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_93" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_83" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0096-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0050-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Windows\SysWOW64\dxdiag.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1808 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2340 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2340 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2348 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1924 wrote to memory of 2356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe
PID 1924 wrote to memory of 2356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe
PID 1924 wrote to memory of 2356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe
PID 2148 wrote to memory of 2948 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 2148 wrote to memory of 2948 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 2148 wrote to memory of 2948 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2596 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2948 wrote to memory of 2080 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2080 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2080 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2760 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2760 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2760 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1456 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1456 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1456 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1108 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1108 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1108 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1088 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1088 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1088 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 436 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 436 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 436 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1824 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1824 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 1824 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2844 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2844 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2844 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2948 wrote to memory of 2112 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2948 wrote to memory of 2112 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2948 wrote to memory of 2112 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2948 wrote to memory of 2564 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 2948 wrote to memory of 2564 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 2948 wrote to memory of 2564 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 2564 wrote to memory of 2424 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2564 wrote to memory of 2424 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2564 wrote to memory of 2424 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-330940541-141609230-1670313778-1000"

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Java\jre1.8.0_51\installer.exe

"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2EFC4D1B31C15927BEB1291A525CD9B2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi" ALLUSERS=1 /qn

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 154329FCB6A7D768F89138BBDF4603D8

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.8.0_51-b16

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RestartUndo.emf"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x588

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.923.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.923

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SysWOW64\dxdiag.exe

"C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef42f9758,0x7fef42f9768,0x7fef42f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1436 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3492 --field-trial-handle=1208,i,2860460521639060774,12994708901370946253,131072 /prefetch:8

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 java-for-minecraft.com udp
US 104.21.71.37:80 java-for-minecraft.com tcp
US 104.21.71.37:80 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 104.21.71.37:443 java-for-minecraft.com tcp
US 8.8.8.8:53 javadl.sun.com udp
NO 104.110.22.225:443 javadl.sun.com tcp
NO 104.110.22.225:443 javadl.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:443 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rps-svcs.sun.com udp
US 2.18.190.79:80 rps-svcs.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:80 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.221:443 sjremetrics.java.com tcp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 page.tlauncher.org udp
US 104.20.37.13:443 page.tlauncher.org tcp
US 104.20.36.13:443 page.tlauncher.org tcp
US 8.8.8.8:53 advancedrepository.com udp
DE 46.4.112.215:443 advancedrepository.com tcp
US 104.20.36.13:80 page.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.37.13:443 tlauncher.org tcp
N/A 127.0.0.1:55409 tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
DE 46.4.112.215:443 advancedrepository.com tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 img.tlauncher.org udp
US 8.8.8.8:53 img.fastrepo.org udp
US 104.20.37.13:443 img.tlauncher.org tcp
US 172.67.70.32:80 img.fastrepo.org tcp
DE 46.4.112.215:80 advancedrepository.com tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 104.20.36.13:443 img.tlauncher.org tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
DE 46.4.112.215:80 advancedrepository.com tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 stat.fastrepo.org udp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 104.20.37.13:80 img.tlauncher.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a14411ca54ffb3b223c21c63a784409b
SHA1 33050df5397e5a44169cf0cd702d776269233f36
SHA256 1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b
SHA512 0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

memory/1808-6-0x0000000002A10000-0x0000000002DF9000-memory.dmp

memory/1808-15-0x0000000002A10000-0x0000000002DF9000-memory.dmp

memory/2996-17-0x00000000011C0000-0x00000000015A9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/2996-597-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2996-598-0x00000000008F0000-0x00000000008F3000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarC569.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

memory/2996-677-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2996-676-0x00000000011C0000-0x00000000015A9000-memory.dmp

memory/1808-678-0x0000000002A10000-0x0000000002DF9000-memory.dmp

memory/2996-680-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2996-692-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2996-691-0x00000000011C0000-0x00000000015A9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 2dae3de14a845ea813402de06b365026
SHA1 b05af4568ce7b2fcc44cff52f8bbde93b98c71b7
SHA256 3fc25f066ba624cb976d0212725ed6f8c5f036d859e30944f8235a73bc2cf3e2
SHA512 7bf62dfc2ec5dcb5c5506333aafd700a4c3522982eaa1474c069c0c43fa643c2ae0d2e31c33067f1ff54ebb0ae2137cb53b794957005b3672c3da1895f91d9ed

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

MD5 959f2ffb5f3bf8e7aa4daac8fb95bf28
SHA1 518a200b0d360ae76aa7caff799a5db2344a32ba
SHA256 3e951323e17e502de5b3d342924a576d51a05024a73657fdb8a8a9f07c0b59c8
SHA512 9b67adb6aebd97ba552933b74b3acc0210822cc64ab9876fba7e648a826b53c93d9b9e30d616c33454233d2db09c3c1a202bfb15c99932399e08f09786a2b276

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

MD5 423967f5de5e38e936f1fe20f7e65e8d
SHA1 959069f5c157c5cdee86a55c9f7c4726e350a417
SHA256 8dd76cdfd0239b409208a873c5b7e533149a6154b31c04194b36920c4dcff37b
SHA512 d6590a8e7f5c6e30563b5433eebda5d5d26868562edc2c927360cd3a13e68f30b78f9041da4d20f40ad577fb7e4c1c107c206dfcb25702833c5466c7795087fc

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 e90db569b60630c31581fb0ce2df9c55
SHA1 7f1bc71940f580c79a43e94be3d379a46039f7a2
SHA256 89214216b91f315878142066f3febe8573affdc661bac3660c10377e861fdfe9
SHA512 5a0fce78f0f9d304fdfbc41bf40d9405c45436ba67aba93cbe32b840e769e809c3dbbb73f61b434c9faa69aee8dd82d4e7c2464aa2c7baab26862fd824e3968c

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 9cac8176bb6e5eec6fa1e80ed224abde
SHA1 2587208d3174c1ab4c6102aa460ff394550370ed
SHA256 460a9a038a6facedd1a159a76b6e0a44f2df4e49745365f4cacba263cb703fec
SHA512 4474499c7cba3ac0b62f5309a67b4cc8393cba1552a0f5cafce8f873476776bd4755c5d0e39e5b36c16ad1d40543cf4563ec819469b322ed2767c5a4f8ae2bd8

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 f48058f1c26ac266bf01960e271d1dc7
SHA1 d06afaeb6e73c7f0b88b45b60fda28200e62d39b
SHA256 fc9e01e0b4d11cee2696d6d51729284d775bbce53bdb0a0f3bd376f10b145a23
SHA512 82904ba2c918506b94d4ca66a99ffabee3120005afc6be5e37a651444a66710bc5b922ccf1dd214c958f7a59da50084d14ad9d011de39c5257c0463c7540b3e0

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 e5653926c252a36309c14683151ebc28
SHA1 dda12ff3656289e2aac07dfe909bb4104414ecbe
SHA256 1eaeae1efbe1086fb7a4958b1c640f3689f0d7c294ac954902c6d7372ee36f11
SHA512 d86d734707a4218c8d992287bdd19ee6d1d0155661333d835afbb47d10700d4a73ef4a87c5dcedb7d3322db0c9c3da420ce8ffbe77ec07d259e46208bea5ef03

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

MD5 852f2a89033362ca1418da6298630760
SHA1 24c45b20e2284842928b54c04e7826b1d8a1dafe
SHA256 0cfe4a342e9abf08cb0577239fa859194082ca4ce17f0d15b6087cc875f987bd
SHA512 ede225ebcd7fafcb25c34abf4a4e7a90be1df1730b987d0dc4ae571c4e7f08bfe81e3880e484c248670a2d5f0c547f6c4df80f59d8e8d9a250d9831d9e74556d

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 1b0fa47664a878e43dae704f1ff11722
SHA1 918a02c5c6cc0d270e5e5abf60f6b087a738cae3
SHA256 b9b21d8b8341c039dc446f06397e9fe0c9dd590c2a70798fe3dbb2be84009e7c
SHA512 8b9261a8a58a2f2818ce41d3bd477a7cee0adc3d5a963f2643ae13b9682761e98abab67ef9b16d88abf5de0bf23dcf5269138a9fadf46d1ba5913373a51720ee

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

MD5 c1fddde8d0f33b9aae08f34d2a3f5202
SHA1 3ce3d305b1ec3ee2f2d8346a67be410c59aa38c6
SHA256 9d588ed0ca63dc9475e602ce8a5a51ea527b1f4dd8c5f4376cd0fc7038cf3174
SHA512 2d33e9133ac1c857aca5dc43af45af14fdd6b46b2103fdb45865e72ccc07a198a33a87a72ef97db9ff40563b446cc22a8828403c852b3709a1a9cfbafd2edb7e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 ad0f62646ec79e11f88d672609f4f796
SHA1 53bbd348d7aea9a1fbf736167dbd1df3e1f92946
SHA256 72add1e28bf7b31746d84fbb7d36119e4a7af7d0da7c682fe767d6fdc51e6a44
SHA512 39e7f06053c6e7c44042c7fded82e10212d77b0a15e8d5488be94412acf2c56825775f5d634e29b229af4171ec9e2ad2c6160d7b6ca39d0ffa4784a343470dfd

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

MD5 d403eb7fbc203d21fc399f4cef18508a
SHA1 5db578f74e412038a446ef23e067514919d25f54
SHA256 46eb5c27cca4d0fb3fcb59c71cdc8dfc8e90a5932f79118fa9bbf585f5ff0fa3
SHA512 0e0e228313d81f855781de544d867801ca2a8adc1d6c8a6819b6717db672ee181c665da01b88003b130cb36412f321b13a1fd8e50384d939a0f1439a95a92874

memory/2996-1263-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2996-1262-0x00000000011C0000-0x00000000015A9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

MD5 daf480f723b23d6cfdc9141c80c788ff
SHA1 437e589c8eb2b32e33a2b80f5d3db9607dec48d0
SHA256 03a60271f823e4cb91e8a61d72b317e0ed0c569102bf928bdb8ced75a9b4d89a
SHA512 b41642ea30721a37b5ce78f8ad920be7ea374d220f2308918b88f8555272cb37bd0696b07103bbf79e8736d5dbd24fbe0b8ba2c13f19328c3b610022ac7aa24d

memory/2996-1841-0x00000000011C0000-0x00000000015A9000-memory.dmp

memory/2340-1844-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c949166b585e364ab823a8b0d5aaac1
SHA1 d72ed97376506f18788721bda9b0a8f29920af4a
SHA256 01695a69a483e636566c27828e6566823c6677608b75e2cc4d9fb7f59a23d23e
SHA512 c29bae052e0e1025f995548ffa70b61920de3b5e907415b4d9327f73c138ab87ce405150b8f2b9fa59453d7909d6543ef54158e2c4fe88af8a2822349ef52b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2319140b9b423f1a7f3cd89e0c25a525
SHA1 c99fe0beb449fa4cc9eb3286680d5b6d35edd258
SHA256 80634cff22bafdd854c274a2901fd42d789392f777b7a9156f2bb491c414224e
SHA512 9cc730c88627be204c2f641c60875160bf07fbddbae8759a68733d652d802a013d7a7e1bc5906c403ae9dd186ccdacdef91116a22c6be70239b756496778e2e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b07310fee139f81e2e6c37713cf7c4d
SHA1 b94bfc61c761b502dad8d7085dbc602a999f188a
SHA256 9717a8d1667bb38193a6f67832db2e1ceac82331184acdccb0d57fd681d126af
SHA512 44af1f22dd065b2ccf7274ad4e789c5c202786baddcda47a97e12c18a75dc97872c05e4a63bb8cb3f9d1d8c4937600cffeda71a9bdb256aed49b6275cfcf7c82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa8cc7c9f0833e6b0522c5699552ec5e
SHA1 dfa1e7eade7df39d55610bc01250ddd6cb431abc
SHA256 30c5223fe3b9069846bbe5b6ead40dca644ba88bf6061fe1997b9d01163f140c
SHA512 182972177b771c1ef1375a55204ea1b1973dbc3c62bd46785b540cbafaa6da05154169be13e58c85df41eb64250d4cee4d37a806b2748fcaf4529cefb6d50c9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70649a3178d5aa9c88d32834a29816ea
SHA1 0255d2cb12ecbc27bc599103a4ab78c9cc8116d1
SHA256 7d69913d655c9bb083e77a5d630452b3b11c1c060b1507fcb65ebcee192919f5
SHA512 32dd8171d616d13523d3f7d7a71dfb84bbc79a98ccf7c6a7b349018a309cbfb22e2e105d937c6f6c0dae8d0294ff3a46e0a5f40fe5741c369f02cb13c6385747

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1694b0a91777b5ddfab5bf50539772c6
SHA1 e0f13f7cd0ef9203355d284935eb54190fd7b2fd
SHA256 8ee79ff8f96c869bcd467da0919cf2e9e1170f94f003c87db4b9a8cb8fd8185d
SHA512 102854e45a4f3d4992e58cdb271123ee07502c6025a3c86532a0a333bccccbf5adee4fe00929f2fd379255d1009b96280c9a1db265a80328baa3dd6897797638

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31868f809182b46ad6f54e42ef4e20d5
SHA1 363515a31f49ec9d8dae624b69dab450a29d283e
SHA256 fb44db6c0819cc7fc7d8610b2d9724ac957d44b78fc7013886a19749f7976a59
SHA512 a495ff7a356f8ab04082428f2db6549a1da5ab55dcec01cac32239657c57522556c0d2f6723231066fc5dd0ca879997d6e47f6c49eb279d794de6d5b321adbd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6931ea2856493d98ce0d29d50a01d5f0
SHA1 ecdaae0e178d06b065ff65f210233cd1f5ba53f5
SHA256 73296e03953920cc8407f87fba2561dc5627992e76d2ad344e97e5ee502fe64c
SHA512 b73a68f8634dba3fdc1dbe33fda9116c3904cd08f6754468ccc061d32208b4715f180cbb90240176c67bb5057f4c9676aa900a847b4bfe1981d701e4e6b02af3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32928ee1bd0f0e44db8c7b7eb039d56a
SHA1 36c136c00bf2d5b92d3b6332b7ede42484ef63e9
SHA256 f6a5bb910ff7b30a208b999c61b94222f2b2d9bff804fcea3011f05e3cf802ff
SHA512 1001faf6a2400c43851437f8d0849337b4aa3cda05345c4dc924e83e2110bdfea3f5ec28140deb320e94ed4b1b970159db1c4a9f2da80214574e3cc5d71aee0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 329d2964d5f89a4e5dfba5d46e88a456
SHA1 369de9db0ac83da0fc1139163f6775db894003e0
SHA256 13e5ade1d0d7a0f2b76a1dc3f89fc05be46502eae85012f3946bd868f1f1bf6c
SHA512 1227aae79ee616ad7ba63b89556e6a7c317946618196f7f441b8e3cd462f751825ba46dd6ba63c6f92c6cf4d11efdbd90aea86cdab925c5763e639bfe5fdc899

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\jre-8u51-windows-x64.exe.zkoux1n.partial

MD5 b9919195f61824f980f4a088d7447a11
SHA1 447fd1f59219282ec5d2f7a179ac12cc072171c3
SHA256 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
SHA512 d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 6ac7099b512fd1305137b4fefd9719e7
SHA1 edfbd3c9473a0946f34e33876379ff8109981cf4
SHA256 6c8c8fc67ecbdd2c32ed4ebe8f78302ea7261f724337c7e40f91cfaed4d066c1
SHA512 4069e31e10e0ed6e1363d5d260aaa368ab72fdea6f1504d3ed52f1a75f4e56ca9e53f641f9ca967e2a2c0f4736545a60213e59233bdde0258e97a4809362f883

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XARTVCV5.txt

MD5 de838e7e7ca929a398dcb8dd71778c6b
SHA1 bd3775d0133d79927fdc5c1508b15f0c9b041888
SHA256 9aede5f4a1cc5f76e08d9b34e84b3313660d290665f500259dcce2fe766d6434
SHA512 0b760ac3256f24d69241680f6b2f7942e3e72cf3d8421de8fff0f7a05ee692cd7dc60467cbcd8ee34b3f186024b06a098c99820f73d063171718d1f8357e5beb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 5a1b7dc69422517f419c1d346f0e8ca7
SHA1 176b927a09c0a65a73eef2250773ea6fe87ca092
SHA256 54a22bcde4bb6d75f00df67ae39634046a30e9787a1c28b2c0d6363b85b27028
SHA512 7e28633267fa355bb62660f354ca2cd9f5ab9bd56f952cf4d230121182f62dd5c3939dd92902b06609f1058f7ed7b050bff07355840df9433b3efff14814719c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 5fb26ad4fa03da9cd6c4a6d316615221
SHA1 40d9b46e7530247c027b6bcb1ececadfe584613a
SHA256 602b0e12dd27a7c181c47784edd2e6f6565b5f4a35b2297059a6d596bd4fd711
SHA512 665c0a2c0e526e774a05a159e6e9a8d4b756c0c7480590120b6ce8f640f834c5e37bac9c1a5cd1a6f06f5b11a00ad32272642e4ee8057e0ad93b15ad6e7d1891

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd4d0ca17717bb8341a432e4654d1ee8
SHA1 d1a40ec69474100f5350de481bccdcc4b641fdd1
SHA256 6272af4707d9e37cc85818043b3248eb8ebc6b77afb4ebdf95548473e9957a56
SHA512 7f455f83cc00ac05a61388e4d1e83ce0fd107d00ef86ee35fa0795c64e87626e524607c0a8f7682abf7474852f1eaa64406289fa3c1a82b8fc2a26cd05e5f09c

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi

MD5 1ef598379ff589e452e9fc7f93563740
SHA1 82ad65425fa627176592ed5e55c0093e685bfeef
SHA256 d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fa13c475a5b2fa5779044a086ac44fb7
SHA1 9202f337c5fc0212dac61f35ac24df7e399771cf
SHA256 466009998395068eb56128d0d985ebddbb65282dd0549ac96393018d53ac5f1f
SHA512 ea2d29f0f6f87487eab594fb8b20477a28e51f0e831d32c1b7b784741cd6ecaa4455c400bd2e5953a29b0f162333d4fc8fd4ec3f674c23c4ea5541a9d74d12a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_3FED230E564211CD7379B9DAD986EAFB

MD5 ccde5242b05410fc389ef55055aef628
SHA1 1cf2823683e06612009f39bf6579c1d9f781cd22
SHA256 bf5c6c21f7360904039a89d7d0f45f19229df0409ec8d73f5f510016bbab53ca
SHA512 fa17b282526a19fd27da18ed479fcea82149e85b5eb220e75d80612b75cc3bd4543e61451443f46c77c306d7ab4f05acb15ec6700c4875fde9addcc142a72998

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_3FED230E564211CD7379B9DAD986EAFB

MD5 bd744df4ebcbe45f5173bd08ea4afb3b
SHA1 1c11d19571aad0d577c7e9b17a1ea5841a39fdea
SHA256 8c68b1a040f5e3584570389484ec129d5dfeab771e0b3beaa90c957ed0e33284
SHA512 df8f86877878bc73dcfa8f447d12745d9a6080d6f6c922a06f9b0f4e1370bec15cc850cf0bfe39a4c37aa4887fc5391f8630df4adc7ec23bc2837ef2bfc977ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 4842e206e4cfff2954901467ad54169e
SHA1 80c9820ff2efe8aa3d361df7011ae6eee35ec4f0
SHA256 2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e
SHA512 ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 d21c8469e6701dcf9c33c20b59241eba
SHA1 6f61a5238956f6966aa756f64e6b9df747629c0a
SHA256 121b3f1f593a375eae18f8cbe30852597b5e777552745ea3a7832da236bd2188
SHA512 0c00dcf8d3d779c6dd1408930e9360cf931e60738cb2a86ede12028104445f30824e3e44dcbfb39133d5b83f3b9ca50751d25069f3debc61f0959b7a377ff8d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

MD5 cbed24fd2b55aea95367efca5ee889de
SHA1 946f48b5c344fd57113845cd483fed5fb9fa3e54
SHA256 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4
SHA512 c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

MD5 8e7bab23bcfe6ee3ecc376c71f844cda
SHA1 8b683a3a8fb8b3ec2e6c1867e80f4ce52a0dfcb5
SHA256 ad17c5af742c0c286a199da1c4c5683ad76479253e3dc4c1b51509bfadf9c685
SHA512 c797001ca08e2c1110c8ef1d27f731f0f07d97aae67f89d5213e2521eee3cc7fca6cb118b5cc443685f8364f52e67620e82021728382adea60c857a2ff60fe71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 66403810339af61edf174aef808230b7
SHA1 157e192c234ee515113fedfa78f08ba2d4d6ed16
SHA256 9fe26e224e61b046edcd76d84e1d98c2dda183fb78d8c82c30fafcaaab369b15
SHA512 8f2f7cf8d1d0a1769f8065c4b7e619cdaaab89ef0fe4c5a850de58b3ef5f43ba5504fe8883aadace9777f2bf4833fbc4f3142cba775d4a6c4314cbcf2810c5d6

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4331feb2284beb3b44b4aee8df3692af
SHA1 6bec1fe6f01c637905f8d13764043549d7414641
SHA256 ade16011885ee005bf9e098f61c17719dc7a47f3bf84d952ef495e8186a65e7b
SHA512 13fb80f80f49c5e1f4dd93caa5e018563fe90188c74856a846bfbefa799c0bc866b95f175f244e2bb4775bcbc4db81cb4d2edf15401db7debf07cfbae523da71

memory/2596-2564-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/2596-2568-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2596-2569-0x0000000000230000-0x0000000000247000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\diff

MD5 d417682702b140d7131851bae877f046
SHA1 aa78da727e8a62c839a9bb6f7a93b48d3a04be70
SHA256 3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8
SHA512 9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3bd2ca9c15d2672660a8250caf680316
SHA1 459355aa945ad99d1a06c911903c9cc29fa7ff6b
SHA256 461d95c85ffb41c01748f5e69e919e913ba07bf4f260f6475105f48db75cc13b
SHA512 b377ec92f09983d19013e89a4f563824d086cbff19c2030ca2b72b13efc7dc004be0019336e46bb9bfb76d9627ab4bdd12166ff912e2d6686bad722a152b3a17

memory/2596-2577-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 d09ab0a248ccf2be9c21f946a3f71c14
SHA1 04ee3a815cfdad0325a0a05184ebc16b810c8d2b
SHA256 5db1eac5f7a211ab3d21d33e7ddedfa79216ca8cdc015c1694c81263c14fa5fb
SHA512 80bc5a26ead6368c5e5db673afdaff09160469c389a5d720a841dd827593445520985c12624973cd0c6410e7c7d51ad921c7ead337c3b4d1289943fcedad2c27

\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

MD5 5b071854133d3eb6848a301a2a75c9b2
SHA1 ffa1045c55b039760aa2632a227012bb359d764f
SHA256 cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf
SHA512 f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack

MD5 5cfc3a1b269312f7a2d2f1d7c0497819
SHA1 d048284db9ce7103156f8bbce988b4d9978786b7
SHA256 80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26
SHA512 8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 9e94ca834c96164c2bf684519aacc413
SHA1 e647d43ca35dd4d7b7c3d79850395db55bbff07a
SHA256 fea1e6c1dc8a2f7e094f4f77e616c540febd24ea6d17b449e10a4df4ffb52a09
SHA512 0c219116d4ad83d77b2d0bddedbf423ba9c67237b90bfc65d373ca287f294c0087760da3adf2db4a0ced2a2bc558c1d9737cd3c53f3f5af17042664178dd9e0f

C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack

MD5 5a83bc9b3e4a7e960fd757f3ad7cd263
SHA1 f5f308aec7e93accb5d6714c178b8bf0840fb38d
SHA256 0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5
SHA512 b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack

MD5 538777ddaa33641aa2c17b8f71eed307
SHA1 ac7b5fdba952ce65b5a85578f2a81b37daed0948
SHA256 9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135
SHA512 7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

C:\Program Files\Java\jre1.8.0_51\lib\rt.pack

MD5 f0177701b36068c9a2bb4924dd409fa5
SHA1 71e4b32c95e20dd565a6603d3de3819eb4f19d33
SHA256 93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec
SHA512 8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641

memory/2112-2854-0x0000000000310000-0x0000000000311000-memory.dmp

C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe

MD5 f49218872d803801934638f44274000d
SHA1 871d70960ff7db8c6d11fad68d0a325d7fc540f1
SHA256 bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528
SHA512 94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

MD5 5ed6faed0b5fe8a02bb78c93c422f948
SHA1 823ed6c635bd7851ccef43cbe23518267327ae9a
SHA256 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA512 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6884c50d48a0b8250bca99c366c5c81
SHA1 452ab360a6721bf52fd68ea0868c3289660f543c
SHA256 4c6a576371841313e44f0df1f2ae3e4a4422149fab1ea223fc1e2f9ff923c886
SHA512 8e66e014247db5c6ab411d44e4efe35dc1c9423164b31ace94136737606eb7f3bb71ea4d0fc05056a1afbe12a53d838879135fe4e1ca85d328f6ce212815d4b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71c7ed75e73076c6c6eeebf9736f73f9
SHA1 94556e081eed728b5ee6ac9beb1a3a9829daef1b
SHA256 7760d13e4885e99677524f532ad9d887794e93e10aa04071da8740f5ca86fc33
SHA512 5117abadb60e0fa8a1f53adcf723766453dc0d58348a75aec137819f5d4ac5202066a2b552b6c00498834c6d10dc28af9a58eea33e38fed8935cef872f9f1ca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41da09820bcaec887dc8ce98d25ff200
SHA1 819b9157247d2e29e4171dddd1f5a856edab0a7b
SHA256 05004b29a48c17cbe847c7c2119c3177ea5e83d29ef9b1050cf50b03edbf4e98
SHA512 e32f38e962270717f18c1c89b93ea34dc00387a6e78966c3847c9899807241cf41b90223ebbfa5ed00eb4db34548cf467713210a7a26be7fa55bf974030c6321

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c20c5ccb9eef21f5620767b6ed9b6c9
SHA1 bedd5e16d99de3e1875d560c46086f66427d918b
SHA256 0ae807631c0aaaf714a9558c085bb1df90309708143450deb732ce2c1edee141
SHA512 155b85fd65b686c9d95dfd281a7185c21e916c460a612ac520f8c3dff716c493818575f6488c22177032ce1921b572e29f43ac3b79d4934680221093b319d2aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb906578efac0b646a6bfec185d4de3c
SHA1 27e99ae7a8cbca90435a78b0b49c80e7a5b67df4
SHA256 2c40050496be1148b075b373fcbde100f8c66d291b3c5fb2e8eb750ad4af6236
SHA512 54564ebc35840eeddf7c1172b6af4e0b4728c4cbdc32624023dc83fca699153bab6e258bdcb81ff854e8de6338f50343c65f26823b41fd1c8ee6f5ac472688f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1a9fb2ac922ca24cc9dd1e13edb0709
SHA1 499126a69e8dfce2676c7c9f052eb04524aa9503
SHA256 008edd5197de763c9ad46da30e25257ebcec692690a06432504fd10c96427bd3
SHA512 ce0e70976ee485e99233fb5c8e145f1f995c8018a4e601dd74443a0cefc0e13179eeb21128eea0845442f9d552f2050a9c65fd63240d69a396d93f312ae4689d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d62b2fca6023abce232e80efd362ee2a
SHA1 e29a7850d12f87f667b6b64389d929d8adcf2c21
SHA256 73bc18d96ee6fc7dcbd38564d1093bf2eccf9e8811df831b6c8cfd6eb701921b
SHA512 ff93fd38a8685e44dc0c92e087b13acf28838fe1d7ecb8242e74119c95b68d3aecfba712e6ac3c3d8810a2831755c66534ac711ba9e222a3b827d940acf7ea1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e48b6e74df5ffb44a799d418dbcfd083
SHA1 ed36c129ab39c7f5a937775f1163561f7820724d
SHA256 1cf995ee8283b83c72ff941f0bd304ccd73601da7576c3944e804cf4dd1a8917
SHA512 8f0824af2e1a41fea9186294c63c301115835ef754a9467100de281fa006d325a93da0de63ee0328598b95356bf07813ce40eae3550f1fe9e7f7a048ac29b8a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e1a40515ae45d26fa4f51f23309e4d4
SHA1 bb36af6789dc70549c93b218aa5e3086ea523336
SHA256 18afb2f253ac68a1c18f0f38c130c1f849854f52f7154a1ca4971efe5865d9d3
SHA512 c970264a99eb60d5c1d9b6d687ae6c88840f7b735ab55e791ceed29174f444979d3884fcc4efa2a145304187d94efa06771b95338cde9ff406736f2576a24b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78e75190476f6b40bfb8b2d222e93add
SHA1 e0ba22f2f9de1e32fa48a31369381a4116269cba
SHA256 ea6fae8d694e447ac6e3f92e7f6dabcb9c97eaa69a16701acd2d6a2bb9ad6095
SHA512 60c05c23bd17a205dabc20efa74a5081ba26ee32dd58455f9dc7098bb6d0ac5480074d7bb0a09dd3aa93cfd2b243d1bc261fd087a28fe847fe2d4642163ac59f

C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll

MD5 cb63e262f0850bd8c3e282d6cd5493db
SHA1 aca74def7a2cd033f18fc938ceb2feef2de8cb8c
SHA256 b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012
SHA512 8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

memory/2424-3326-0x0000000000210000-0x0000000000211000-memory.dmp

memory/2084-3355-0x0000000000340000-0x000000000034A000-memory.dmp

memory/2084-3354-0x0000000000340000-0x000000000034A000-memory.dmp

memory/2084-3393-0x0000000000310000-0x0000000000311000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 e776ce80cb599a6d6062e2e4c12d5994
SHA1 4edcee23c1f19fca9fc8766f6169a39e16305f0d
SHA256 653c6c6ff041c897f87589c46fbff3605417ed8cae974759fdbbf07ebe845509
SHA512 272469c06ba7ef1458dbf388f30ba021745a63a6338df42c48c0274e6fc949a933f0bc6c36a4a88d230188e3c73c1cd689cc5f4ddfcb531b43815ebb9c811a4b

memory/2084-3421-0x0000000000310000-0x0000000000311000-memory.dmp

memory/2084-3424-0x0000000000310000-0x0000000000311000-memory.dmp

memory/2084-3428-0x0000000000310000-0x0000000000311000-memory.dmp

memory/2764-3433-0x0000000000340000-0x000000000034A000-memory.dmp

memory/2764-3432-0x0000000000340000-0x000000000034A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 17fdf548dad4d1659156f7ffad1e8d35
SHA1 de22f70c150ae87e11a57f5d100c712bd37b440c
SHA256 45ab039f529d406f684d4fdeebea347a1b45c44aeb3e56f10d0ed403a5e92d1f
SHA512 ec00c3f085a9d7a146924af689dbad75ce646dcbd0c9413f076d9cc4b2abb1228de82c8568bdf07bfd87e3accdae524b87ce4f28395a7e00d43dfa30f120f386

C:\Users\Admin\AppData\Local\Temp\~DF8D83DEA9922795AF.TMP

MD5 8ed4817816f6cdf97884341483f576a7
SHA1 badf66f13f1d46f78e6839be682253ec5b4abca3
SHA256 cbf16870fc9c54aa47d157e95925167dbd5a1af057e19a6f8347cecf0ad5f0bb
SHA512 958414626c684bace94d94819eba7a9d9744d57ec289b907aa63518d879d10003d791f5c0d8e10816a19b1935d3d76a412cd8e1cd4170f040ebf64eb45b17de0

memory/2764-3464-0x00000000000A0000-0x00000000000A1000-memory.dmp

memory/2764-3476-0x00000000000A0000-0x00000000000A1000-memory.dmp

memory/2764-3482-0x00000000000A0000-0x00000000000A1000-memory.dmp

memory/2764-3483-0x00000000000A0000-0x00000000000A1000-memory.dmp

C:\Config.Msi\f79230f.rbs

MD5 243c97c9cb5e160a6155fa1a1bf66fb8
SHA1 53901b3aa659f22fb71eae2368ea7aca24a79c17
SHA256 126b9f024a1f9d5d5e53f8c0e0b61cea09f285ab3cdce8397d5ce2faeb48e577
SHA512 c050da7c22e55bf55200b872871add5a5b9aafaa24d0719380a5e30831f1ac40a0964b0a87b0d7401caf88c95aa10bbff9caf7709feb96fec4b4d920dbc181e1

memory/288-3528-0x0000000000320000-0x0000000000321000-memory.dmp

memory/288-3531-0x0000000000320000-0x0000000000321000-memory.dmp

memory/1216-3549-0x0000000000220000-0x0000000000221000-memory.dmp

C:\Windows\Installer\f792316.msi

MD5 4afca17a0a4d54c04b8c3af40fb2a775
SHA1 96934a0657f09b25640b6ad18f26af6bd928d62f
SHA256 b15d3a450b7b3e5ce3194ab9e518796cc5f164c3e28762ffe36966990dcd2fe8
SHA512 ee76f5fcfdd9c1202fd5abdc2bbde8fb2543cee83265f6d2fb5458d1a086152ff6bdd4bf62a88150d325ea282bd2ecd66dd5f127bdd847cfa69cdb88985a8305

C:\Config.Msi\f792315.rbs

MD5 568a896957c41d8e7c02215f8b2c3125
SHA1 942dcefbf04dfdb931e032ced113ddd876fa9fbb
SHA256 63ba6073c80262aa41a2adc891d649d3f949742fc75f413c4e3717ab1e89e7c6
SHA512 ec2aef6712753d99afec81703f0223b01f2c77679557186b95b1be3c0b97eec35c0be32dfe4d05956f6c00c27030b470f0bdfda3dca3b6ca60d121da077e4aec

memory/524-3616-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2936-3626-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2936-3637-0x0000000000150000-0x000000000015A000-memory.dmp

memory/2936-3638-0x0000000000150000-0x000000000015A000-memory.dmp

memory/2936-3640-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2936-3658-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2936-3681-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2936-3701-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2936-3716-0x0000000000110000-0x0000000000111000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 a9bd1871a6a69e12bb017e1375b0a659
SHA1 0cc4c515fea150c982d02fa73acf73cfa68810e7
SHA256 f725e50dc4377a28b06589b028cd3cff58845d5ed882b22b17129c4413f8b9b3
SHA512 0595d54b19805f57a1b09a492c90c4c9f655d6a501179966b1a282b0aec90b27eeba634ee4a54fb9982f80ae046e6feb2b3e2097f14a0a3e051e80c162a83bd6

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\dependencies.json

MD5 24817047786540dd5d8cbfb94132c84d
SHA1 ff45f1ae7748fab985e0580c5746b0327a4b59ac
SHA256 a5584b00241e6aa455dce9c0d584d61f8350a7bc07a4137e9289e23f46878721
SHA512 6e048803859517d052d88d8c96c382d481620c1d930e219051264cb2c4d096b5b68d8e8e66ba2244ef7343df99f120600f8763f67bcf060c3132743eca7934ef

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\resources.json

MD5 8ab0113596cd48af76657e53d5d93e70
SHA1 3ab4244668932e0396022372d8f311c62ce1b89b
SHA256 b0a6157bb0f4da765f93d13ca167017144c5eb15955015b0b42f7d7c0b70599d
SHA512 55fb4d7ed644ae5e47ee376b00323199788baf596b493b4959ec4c88bdb37295ee59e34d3a7d4310fc9e35d776e1ae19fcead53c09d3a440dcfec8dc6736b170

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

MD5 e2cbea0a8a22b79e63558273dded5e6c
SHA1 bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA256 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512 a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

memory/2936-4004-0x0000000000150000-0x000000000015A000-memory.dmp

memory/2936-4005-0x0000000000150000-0x000000000015A000-memory.dmp

memory/1208-4139-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1208-4140-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1208-4384-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1208-4385-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1148-4417-0x000007FEF5360000-0x000007FEF53AC000-memory.dmp

memory/1148-4421-0x000007FEF5360000-0x000007FEF53AC000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

MD5 494903d6add168a732e73d7b0ba059a0
SHA1 f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA256 0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512 b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

MD5 c62a00c3520dc7970a526025a5977c34
SHA1 f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256 a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA512 60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

MD5 f815ea85f3b4676874e42320d4b8cfd7
SHA1 3a2ddf103552fefe391f67263b393509eee3e807
SHA256 01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512 ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

memory/2936-5234-0x0000000000150000-0x0000000000152000-memory.dmp

memory/2164-5257-0x0000000000150000-0x000000000015A000-memory.dmp

memory/2164-5256-0x0000000000150000-0x000000000015A000-memory.dmp

memory/1208-5399-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1208-5401-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1520-5461-0x000000001E470000-0x000000001E47A000-memory.dmp

memory/1520-5460-0x000000001E470000-0x000000001E47A000-memory.dmp

memory/2164-5521-0x0000000000150000-0x000000000015A000-memory.dmp

memory/2164-5520-0x0000000000150000-0x000000000015A000-memory.dmp

memory/1520-5553-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/1520-5556-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/1520-5555-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/1520-5554-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/1520-5810-0x000000001E470000-0x000000001E47A000-memory.dmp

memory/1520-5811-0x000000001E470000-0x000000001E47A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF8144353670738578295.tmp

MD5 afa7a91dadd77b23634a0fdf18c148f3
SHA1 6cbb57ba2355cf442e06899898ff5af55867103e
SHA256 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA512 84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

C:\Users\Admin\AppData\Local\Temp\+JXF13897886553867247073.tmp

MD5 3f142e45b739c9129c9290e21290ab2b
SHA1 33e540e1a4acf20afc968fe3df3367135ba34992
SHA256 8fb821bc49ab6aaa58e915763e92e9e4cc445af3d47309dd738e8e4b7a8271b9
SHA512 bd0bb654b238b6b870b9633ff2a31471d8e492aa3e3c6436bd4dc36c1f8332a739d9022bb56aff37fa5c756bbde5bf3c582daabc2db0135f6f6460c7f6f755a6

C:\Users\Admin\AppData\Local\Temp\+JXF7165276033388359169.tmp

MD5 ec5d243a9958b3858b5a71fb9a690da7
SHA1 d80b02c91addef2ef58136d1a7df0189f453388c
SHA256 a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512 479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

C:\Users\Admin\AppData\Local\Temp\+JXF10994415369229209904.tmp

MD5 54a91b0619ccf9373d525109268219dc
SHA1 1d1d41fcadc571decb6444211b7993b99ce926e2
SHA256 b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA512 7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

C:\Users\Admin\AppData\Local\Temp\+JXF521290723051539888.tmp

MD5 4c41e856744eb797e9936359a6509287
SHA1 0959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA256 83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA512 07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

memory/1520-5981-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/1520-5982-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/1520-5983-0x000000001EA60000-0x000000001EA6A000-memory.dmp

memory/2424-5985-0x00000000002C0000-0x00000000002CA000-memory.dmp

memory/2424-5984-0x00000000002C0000-0x00000000002CA000-memory.dmp

memory/2424-5986-0x00000000002C0000-0x00000000002CA000-memory.dmp

memory/2424-5987-0x0000000002120000-0x000000000217C000-memory.dmp

memory/2424-5988-0x0000000002120000-0x000000000217C000-memory.dmp

memory/2424-5990-0x0000000002120000-0x000000000217C000-memory.dmp

memory/2424-5989-0x0000000002120000-0x000000000217C000-memory.dmp

memory/2424-5992-0x00000000020B0000-0x00000000020DA000-memory.dmp

memory/2424-5991-0x00000000020B0000-0x00000000020DA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4ac360b4-bae6-4f33-952e-dccdf1bf1552.tmp

MD5 6360f29dbba4d449b453e6ae816e06e7
SHA1 60c42eb6da8fe9b59f92192fdcc935e90d60545b
SHA256 a6f70e930e471ee99f7f6b6f608aae1632b09b099b36f394c25e452731b1be1b
SHA512 4e0ed97fe9705f1f5faf5398b55d2409816fdd2b39b210a40e135792e059527f92adbcca1a94f7a96e4d1307e1a9b8e564605ac958f48eda1b4b56795b594e5c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 06:21

Reported

2024-05-04 06:52

Platform

win10v2004-20240419-en

Max time kernel

1790s

Max time network

1173s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-3726321484-1950364574-433157660-1000"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 13.36.20.104.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a14411ca54ffb3b223c21c63a784409b
SHA1 33050df5397e5a44169cf0cd702d776269233f36
SHA256 1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b
SHA512 0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

memory/2252-13-0x0000000000300000-0x00000000006E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

memory/2252-598-0x0000000006D00000-0x0000000006D03000-memory.dmp

memory/2252-597-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

memory/2252-614-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2252-613-0x0000000000300000-0x00000000006E9000-memory.dmp

memory/2252-638-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2252-640-0x0000000010000000-0x0000000010051000-memory.dmp