Malware Analysis Report

2025-01-18 22:05

Sample ID 240504-pfevaage27
Target TLauncher-Installer-1.3.7.exe
SHA256 9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab
Tags
adware discovery persistence stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab

Threat Level: Likely malicious

The file TLauncher-Installer-1.3.7.exe was found to be: Likely malicious.

Malicious Activity Summary

adware discovery persistence stealer upx

Downloads MZ/PE file

UPX packed file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Enumerates system info in registry

Uses Volume Shadow Copy WMI provider

Uses Task Scheduler COM API

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer Phishing Filter

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 12:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 12:16

Reported

2024-05-04 12:32

Platform

win7-20240220-en

Max time kernel

732s

Max time network

924s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0057-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0079-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\net.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\w2k_lsa_auth.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\pack200.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\amd64\jvm.cfg C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ko.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfr.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jpeg.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunmscapi.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\javaws.policy C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jawt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\kcms.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\snmp.acl.template C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\LICENSE C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_de.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfxswt.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\nio.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\blacklisted.certs C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\rmiregistry.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\sunec.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunpkcs11.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\hijrah-config-umalqura.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\zip.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_sv.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\[email protected] C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jce.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\sunmscapi.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\tnameserv.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jaccess.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\eula.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\j2pcsc.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\access-bridge-64.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\rmid.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\PYCC.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2iexp.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\sound.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dt_shmem.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\glass.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\glib-lite.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jsdt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\US_export_policy.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\java.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jsound.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\f77f27a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2234.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f283.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\SysWOW64\dxdiag.exe N/A
File opened for modification C:\Windows\Installer\MSI3135.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI31A5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f27a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF411.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f280.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI30B7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77f283.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f27d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f27f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77f27d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77f280.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f285.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = a81dda271d9eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0018b8381d9eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000ce7a184ab90c1174d6949b18b3c04d7ef22ff573988dcfae235a90856f127cbd000000000e8000000002000020000000d7776a8aa0fa8a4af1d4f1f0b2456867f37166e7965646865db2c925451437ce90000000db718a0b83d4d215253f47435ab5dc55ee1f0ff1bea9d8664784571c8823e19ff5f8f2a1532d5ab22717cfba596fe4e996658d7febc7a94dd419ea41d361dcba159e7994479b09ef0ddc823f692baa0cc74edc92d0d9543ac796807bcc9cba12568a30417f4d64920daea569975bca7535098e6ad4d10041c49deb00f0fc0b1d247b08988a606bad65941a9131836ca64000000010594f49510332dad916a6ccba3746b755235d31bca99af349154b2ea3d8c4334edcd0d9730d0573839a0be24a01bd1185eedad034ee4c6a2fce60f96b0efb31 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_01" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_37" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_64" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_98" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_25" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_41" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0045-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_31" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_38" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_29" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0028-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_12" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0057-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0079-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_38" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_53" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_37" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_09" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Windows\SysWOW64\dxdiag.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2356 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 3692 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3692 wrote to memory of 3936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-2721934792-624042501-2768869379-1000"

C:\Program Files\Windows Sidebar\sidebar.exe

"C:\Program Files\Windows Sidebar\sidebar.exe" /showGadgets

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60d9758,0x7fef60d9768,0x7fef60d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3216 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1220,i,10867505653345641035,14053385026565277846,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Java\jre1.8.0_51\installer.exe

"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5C0FDC27A0F5528E815F5EB6D0A8B671

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi" ALLUSERS=1 /qn

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A5DB8CDF8674CF0354155EB70EC4292B

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.8.0_51-b16

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.923.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.923

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SysWOW64\dxdiag.exe

"C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x578

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60d9758,0x7fef60d9768,0x7fef60d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1192 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:8

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://fb.com/tlauncher

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4020 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4020 CREDAT:275469 /prefetch:2

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.923.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.923

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SysWOW64\dxdiag.exe

"C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Windows\system32\cmd.exe

cmd.exe /C start "Open path" "C:\Users\Admin\AppData\Roaming\.minecraft\"

C:\Windows\system32\cmd.exe

cmd.exe /C start "Open path" "C:\Users\Admin\AppData\Roaming\.minecraft\"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1312,i,3552685845592570979,10125245764488845976,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 java-for-minecraft.com udp
US 172.67.143.19:80 java-for-minecraft.com tcp
US 172.67.143.19:80 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 8.8.8.8:53 javadl.sun.com udp
NL 92.123.165.224:443 javadl.sun.com tcp
NL 92.123.165.224:443 javadl.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 92.123.165.224:443 javadl.oracle.com tcp
NL 92.123.165.224:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
US 2.18.190.79:80 rps-svcs.sun.com tcp
NL 92.123.165.224:80 javadl-esd-secure.oracle.com tcp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.163:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.225:443 sjremetrics.java.com tcp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 page.tlauncher.org udp
US 104.20.36.13:443 page.tlauncher.org tcp
US 104.20.36.13:443 page.tlauncher.org tcp
US 8.8.8.8:53 advancedrepository.com udp
DE 46.4.112.215:443 advancedrepository.com tcp
US 104.20.36.13:80 page.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.37.13:443 tlauncher.org tcp
DE 46.4.112.215:80 advancedrepository.com tcp
DE 46.4.112.215:80 advancedrepository.com tcp
N/A 127.0.0.1:55444 tcp
DE 46.4.112.215:443 advancedrepository.com tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 img.tlauncher.org udp
US 8.8.8.8:53 img.fastrepo.org udp
US 104.20.37.13:443 img.tlauncher.org tcp
US 104.26.11.134:80 img.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 stat.fastrepo.org udp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 104.20.36.13:80 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 fb.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 163.70.151.35:443 fb.com tcp
GB 163.70.151.35:443 fb.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 z-m-static.xx.fbcdn.net udp
GB 163.70.151.33:443 z-m-static.xx.fbcdn.net tcp
GB 163.70.151.33:443 z-m-static.xx.fbcdn.net tcp
GB 163.70.151.33:443 z-m-static.xx.fbcdn.net tcp
US 8.8.8.8:53 2ip.eu udp
US 8.8.8.8:53 2ip.eu udp
DK 77.111.240.65:443 2ip.eu tcp
DK 77.111.240.65:443 2ip.eu tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.35:443 beacons.gcp.gvt2.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
DE 46.4.112.215:443 advancedrepository.com tcp
US 104.20.36.13:80 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
DE 46.4.112.215:80 advancedrepository.com tcp
DE 46.4.112.215:80 advancedrepository.com tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
DE 46.4.112.215:443 advancedrepository.com tcp
US 104.20.37.13:443 img.tlauncher.org tcp
US 104.26.11.134:80 img.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 104.20.36.13:80 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
DE 46.4.112.215:80 advancedrepository.com tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
DE 46.4.112.215:80 advancedrepository.com tcp
US 104.20.36.13:80 img.tlauncher.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
GB 142.250.200.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.34.117:443 beacons2.gvt2.com tcp
US 216.239.34.117:443 beacons2.gvt2.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a14411ca54ffb3b223c21c63a784409b
SHA1 33050df5397e5a44169cf0cd702d776269233f36
SHA256 1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b
SHA512 0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

memory/2356-6-0x0000000003510000-0x00000000038F9000-memory.dmp

memory/2356-15-0x0000000003510000-0x00000000038F9000-memory.dmp

memory/2356-16-0x0000000003510000-0x00000000038F9000-memory.dmp

memory/1412-18-0x00000000000F0000-0x00000000004D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

memory/1412-599-0x0000000000920000-0x0000000000923000-memory.dmp

memory/1412-598-0x0000000010000000-0x0000000010051000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar23DE.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 2dae3de14a845ea813402de06b365026
SHA1 b05af4568ce7b2fcc44cff52f8bbde93b98c71b7
SHA256 3fc25f066ba624cb976d0212725ed6f8c5f036d859e30944f8235a73bc2cf3e2
SHA512 7bf62dfc2ec5dcb5c5506333aafd700a4c3522982eaa1474c069c0c43fa643c2ae0d2e31c33067f1ff54ebb0ae2137cb53b794957005b3672c3da1895f91d9ed

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 e90db569b60630c31581fb0ce2df9c55
SHA1 7f1bc71940f580c79a43e94be3d379a46039f7a2
SHA256 89214216b91f315878142066f3febe8573affdc661bac3660c10377e861fdfe9
SHA512 5a0fce78f0f9d304fdfbc41bf40d9405c45436ba67aba93cbe32b840e769e809c3dbbb73f61b434c9faa69aee8dd82d4e7c2464aa2c7baab26862fd824e3968c

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

MD5 423967f5de5e38e936f1fe20f7e65e8d
SHA1 959069f5c157c5cdee86a55c9f7c4726e350a417
SHA256 8dd76cdfd0239b409208a873c5b7e533149a6154b31c04194b36920c4dcff37b
SHA512 d6590a8e7f5c6e30563b5433eebda5d5d26868562edc2c927360cd3a13e68f30b78f9041da4d20f40ad577fb7e4c1c107c206dfcb25702833c5466c7795087fc

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

MD5 959f2ffb5f3bf8e7aa4daac8fb95bf28
SHA1 518a200b0d360ae76aa7caff799a5db2344a32ba
SHA256 3e951323e17e502de5b3d342924a576d51a05024a73657fdb8a8a9f07c0b59c8
SHA512 9b67adb6aebd97ba552933b74b3acc0210822cc64ab9876fba7e648a826b53c93d9b9e30d616c33454233d2db09c3c1a202bfb15c99932399e08f09786a2b276

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 f48058f1c26ac266bf01960e271d1dc7
SHA1 d06afaeb6e73c7f0b88b45b60fda28200e62d39b
SHA256 fc9e01e0b4d11cee2696d6d51729284d775bbce53bdb0a0f3bd376f10b145a23
SHA512 82904ba2c918506b94d4ca66a99ffabee3120005afc6be5e37a651444a66710bc5b922ccf1dd214c958f7a59da50084d14ad9d011de39c5257c0463c7540b3e0

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

MD5 852f2a89033362ca1418da6298630760
SHA1 24c45b20e2284842928b54c04e7826b1d8a1dafe
SHA256 0cfe4a342e9abf08cb0577239fa859194082ca4ce17f0d15b6087cc875f987bd
SHA512 ede225ebcd7fafcb25c34abf4a4e7a90be1df1730b987d0dc4ae571c4e7f08bfe81e3880e484c248670a2d5f0c547f6c4df80f59d8e8d9a250d9831d9e74556d

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 054aecf886611935c82cb961eb3ac31c
SHA1 7c79d08bd6cbaa60db2a645ebe542f670dd18fd9
SHA256 d92b458492dc534ee4d0ba3c24166164b14955c45329401885f64a2fb8e6ecb3
SHA512 0b82aceaec2a2a6528b22639d924cf1b21b5cb43f3a78026c020bed4e170398a5382951c1d043a2b976915aeca6f6f9ddfdc2a1d2ba143c7203b8eaa9f29b656

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 1fc45990c71b60e843c44ca7403bde85
SHA1 e3739b136360a4caa92fe0698dffc4d654b6fcb0
SHA256 85c436b43e53d2e47730925ce502bd158e36909526f1fa2dcb657113345deea3
SHA512 8ede4f5b64808f15f71a36ed43f357608163759c777d73dbe91c903c8461be8b620b9ea8d4bf1c947b05203ff46a19b7455624adb8b6da8a0f34a7c6107462ba

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

MD5 c1fddde8d0f33b9aae08f34d2a3f5202
SHA1 3ce3d305b1ec3ee2f2d8346a67be410c59aa38c6
SHA256 9d588ed0ca63dc9475e602ce8a5a51ea527b1f4dd8c5f4376cd0fc7038cf3174
SHA512 2d33e9133ac1c857aca5dc43af45af14fdd6b46b2103fdb45865e72ccc07a198a33a87a72ef97db9ff40563b446cc22a8828403c852b3709a1a9cfbafd2edb7e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 ad0f62646ec79e11f88d672609f4f796
SHA1 53bbd348d7aea9a1fbf736167dbd1df3e1f92946
SHA256 72add1e28bf7b31746d84fbb7d36119e4a7af7d0da7c682fe767d6fdc51e6a44
SHA512 39e7f06053c6e7c44042c7fded82e10212d77b0a15e8d5488be94412acf2c56825775f5d634e29b229af4171ec9e2ad2c6160d7b6ca39d0ffa4784a343470dfd

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

MD5 d403eb7fbc203d21fc399f4cef18508a
SHA1 5db578f74e412038a446ef23e067514919d25f54
SHA256 46eb5c27cca4d0fb3fcb59c71cdc8dfc8e90a5932f79118fa9bbf585f5ff0fa3
SHA512 0e0e228313d81f855781de544d867801ca2a8adc1d6c8a6819b6717db672ee181c665da01b88003b130cb36412f321b13a1fd8e50384d939a0f1439a95a92874

memory/1412-1250-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1412-1249-0x00000000000F0000-0x00000000004D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

MD5 daf480f723b23d6cfdc9141c80c788ff
SHA1 437e589c8eb2b32e33a2b80f5d3db9607dec48d0
SHA256 03a60271f823e4cb91e8a61d72b317e0ed0c569102bf928bdb8ced75a9b4d89a
SHA512 b41642ea30721a37b5ce78f8ad920be7ea374d220f2308918b88f8555272cb37bd0696b07103bbf79e8736d5dbd24fbe0b8ba2c13f19328c3b610022ac7aa24d

memory/1412-1828-0x00000000000F0000-0x00000000004D9000-memory.dmp

\??\pipe\crashpad_3692_UDOPBZAANDXDXMLH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4d4f652e-553a-476f-9c07-549fa2bac310.tmp

MD5 fc9dc93bc1bd257ac6569813cd869379
SHA1 9b7566cfa4e184b00f1c17dc855985119768e985
SHA256 ea41e9966e8c0aab34449e711e56c22a16a006693a2217dcd8e3d163e0fc1e90
SHA512 69c5f5a975a584465f412e9c9e7730d3825f45597e2e297f442f66c103336800ba62c4d20d23d12c912d5e3199d7c4133be3ab082449049554344a59d716772c

memory/2964-1974-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fea6a00e0ce0a4b38d3f85f3271320c1
SHA1 f4b044e30d182015b33b35b49de4b625e46edfa7
SHA256 54f2ce7c3d38b8f92dfb55b9ca79307808fe6a6c7f2e727a8e88a2d027e9d866
SHA512 04514bffca9fd2f17d17c96037da2b101d84c64e786ec7d00fc03fc35b2b6d6200aacef73a84c3f35714cc6ec1c031b12188b0af60d5c94b895f027d7564867e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jre-8u51-windows-x64.exe.l5gqhyo.partial

MD5 b9919195f61824f980f4a088d7447a11
SHA1 447fd1f59219282ec5d2f7a179ac12cc072171c3
SHA256 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
SHA512 d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 782dcc9259610b5b6180252e3ed98a8c
SHA1 0a3f6149bb521679e3c4687f4efec89d367cfef6
SHA256 181f6ae486826ed831c1a49c6407cf2f7dd26f2a1911f857d564bd75d6f67b9e
SHA512 8f68eff416abadc0235386d0303f875725edb0010f63f7475de024f3b1d8d195066cb2a840eeecfffac7f1d350cc212e218f4a8643cea30f8cceef48edc76032

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 6e6048e2bf2207262457774cc3490169
SHA1 6cac45394b1ab427b795615185e962e8ac929ca4
SHA256 7faf987a33a0e659ed4b41ceea9b49291329aa59509f1046da0b0af35026af15
SHA512 5d3d2f2d278ff78fc41d894d733a98f49f0ced5fb30956375f3bf7e98512fdc2ba94b9e5d8fc26dc20ca2194d2331783a41a165c7f5f55627b52c48919e52bd2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HO65QB61.txt

MD5 ef70c488f2107068fd4e2fa24627e3c6
SHA1 3a92b98d3385c2fba23a73e9fcd1fe0df517d2b1
SHA256 5de035f5d0f2e0dcd9611a522037479eec3fd980b40ab475448c91df9442c18c
SHA512 308f34ef1419c3b96df6ecb59e9e8f8a1d755f77aaf72d44f9d05cbcdd990b111df2876abd9067a32feb53fcabd2fea7e0f948548a61546e4be16679e6493113

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 5a1b7dc69422517f419c1d346f0e8ca7
SHA1 176b927a09c0a65a73eef2250773ea6fe87ca092
SHA256 54a22bcde4bb6d75f00df67ae39634046a30e9787a1c28b2c0d6363b85b27028
SHA512 7e28633267fa355bb62660f354ca2cd9f5ab9bd56f952cf4d230121182f62dd5c3939dd92902b06609f1058f7ed7b050bff07355840df9433b3efff14814719c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 f5a5b44b5847ec076ad924d86e92414b
SHA1 e0b4f04e0f903101dbe7bc8bb77f053011054c09
SHA256 179810fb366f9cba1487abecea08be3773010820447b49a74b518bd8433315cc
SHA512 f9f2732bd1eb03c001ecdacb419cfdc1d5db98eb83c948e9c5fb08cceb51bae3fa08ff2cd94e7ce1a79dbb42a2c53c21f1523f68c6f0b772567a37ce02ab3c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67017a196fb1bc3e905c6cf6af070865
SHA1 558d44fc71b9ed5a5b30d5531f02ff61519f3d45
SHA256 752e24d00dba5b7f661290e840efa8c508ab0e03e24fcb922356d1def5f34863
SHA512 0eecf013503a0241ceece6e695c9c2a566038db06c7c94ed74b7c318588cc29ba4ea332aa9d0d86f825c14c21ccc657ed13702d8cb6a5d73b8af5139f7fd0598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 844007ffe75b017d8d706d96caab446b
SHA1 eda43c35e5e76f8b6694a685f09c49eb8283b5f3
SHA256 9d87ac01b1997cbdbc9d39598f71f30d1658dbb72892b2c73037d4e1de03de20
SHA512 276746b8d106ee4a1513824ce148c264983c5e9ed0eb22723fa14c4dfea9775c17a4c5ece6be9376d5c9fa65ec67f7c0897b8e939b75287629ccd195921d1286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff7cdfd8a4d521081794fb7637b61729
SHA1 8f3f22047bcf4d812a78fcbc0b565990d985ada8
SHA256 29b4cec6f8606bf72258d948c4a25ce3bad9f0944fe9010b908d20fe7c47055e
SHA512 6590d35d2a0759c7c116f1c5c19655738d2743dfac75f10ad52405b49d552e0d515f8411034949728403c0b51f757e2139421a3088ffdef7a6e6cf167d476fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77c8cabf09c5400ef181b88348a77358
SHA1 1ed7fb8b0d7e6d20147b0fdff2427f395161f978
SHA256 b9b04bafdebd72a3ed1db82d35df7c9d46666308376071d0dd5f0cb02a6c5432
SHA512 850f434770935005247d0294efaced1682f389a56fc2de1eb8d7afa4fd6338902e6f0858a8cfbbb62ba2ba3cd5572103bde925bee42ef628cbebebf34ea4c8d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b10aac0765a56612889e6a719eed4f6
SHA1 27939b913138ad83c0db113c765913b94ea466ba
SHA256 a05594d188de3743b917176af6548cec2e846ae351d5520d6c8973d475ca11f4
SHA512 c0a2a43ea7c7783b7ebc49de7671abac66ca152e7920e14177d41509251eb381d657fa6c8fd7506490eda05572cab685ec1045eb4a9257096153270dc5c27582

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d08dd6c77d7d3329967c3402203880ab
SHA1 3d24beda9b7306bab4e3184167d99fbd5a54a234
SHA256 1d1cec13a7ac2ffe0238bf09008c2dfd409c511c70a2a0c257dbeda09ee5d8c2
SHA512 4c84d778fc3c67b804b55a35566d1dff871478e77057429d2dc75569f432e3ab581c31daf7a1873f0ee12e3cbb36c0c6228944de5b5e81999e5c61e9eb6939e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f098fc959227a7bd8813dd6bf1777858
SHA1 d4db9fde5638506a14efb835896b09843cca6f49
SHA256 ec293be0970952831f96fea66e1fc0abfd0e3bc40cf45d5a6039186690acd22e
SHA512 bcbbbd56595fd9747b4f69f8fb2193925f8e72a4045cb532b2a6334a005a409b5872f53f742f775557d1d9700533f09dffc7c28ac63a3b934f6270d04504dff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcbe0403d8c2a5fa265bf8298201f234
SHA1 a1386b15d214fc81a3d9d18bdb42ea33ea85c009
SHA256 77aa6ffedc8bf0f1b0727c9c1d6610dbace729fa9ea97ec50b444c6bcbbcbce8
SHA512 2fc78b6389b0c821445622b560b14d15d19c10384c32a0a462bc49d2d634709da1ed8c15caef70505d28de5a3fb589415a176eeffc751ace95b0ab6ed1afed20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cbbeeef93d8daf06edf3d0679016e4e
SHA1 5215dbc98bd34881aae17fec1f096904147568b3
SHA256 467d23221ae0f6bb0aae56a580b9f1caa1fbc296ce4e9d881a24bc35563cff2a
SHA512 53fa070f5eca6dddc09daf12d47adcb35aa15bcf64e1f3b0d8428c10d6fc49c5f5c10d0fe4e4840501d5d13b7bf0b68d6adfb0a61aa81253d53c751c550a1dac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0db5d4757b1086bfbaf9705754d4cc0b
SHA1 5d55a45939f085d7054a6d76c854ebad32e0a267
SHA256 1ee4078e750c443c29345057d63fd5b4c9df24f521d51d1fed0a8a150f16b9a5
SHA512 77cac30cda2d137bd8d2b258f3ea6069db9c2571e5a844c131400a03056b3111d2e0277b8f20c1fb22d07d8e121d70a5c405e9cee8bd55504b157ce077069ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 659600df081c0191139b0cf1dd1bcc7c
SHA1 3152882e566203a90fd092a1cacb5722c8b4362e
SHA256 1b5a72737267e179f1f7b81a96edf2cb303a915e06645b691c7dc0a0589d7d01
SHA512 52777b8da52ffb6e5749f60709f730310cd9ab917489d2b83da75bbb23693947cd517d86e5c4b6665bec6d95a89a43dc2fc8d033558ca544c848b23678aba217

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi

MD5 1ef598379ff589e452e9fc7f93563740
SHA1 82ad65425fa627176592ed5e55c0093e685bfeef
SHA256 d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 3fd837816b618bae6d643e944b273abf
SHA1 10736f1b25b41c9b253ad73c97caa5bb016f81fc
SHA256 70c5e3ec7571f27c0f19203be006e0965259629d11744b6787bebe530bc7bf6b
SHA512 feb2971071d9433e7d7bc0e8a983427e9253440268c12428861e82467731262bf9bf51b41b0fb920e35421c59a33ba29a4cc8185c01df4260ce6754f6ae2104a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

MD5 1d4cf94e4a56567e377bb752277b6bbe
SHA1 ab8ea195c7c45adcb2e4be1f7590eb7836ea445f
SHA256 ff8e7ca5e4ac0d75c76a956b91959c37f2b217580b3a2a9eaba589bea84e4f04
SHA512 609c76d19d9b41ddc68d5850dd2b4152af24b6f11ee973b1f0339336a5cfecd695180cccd121f1ee99068b24cd50f5f1ddbd6d86f9320304cadf2266d9751c9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 ccde5242b05410fc389ef55055aef628
SHA1 1cf2823683e06612009f39bf6579c1d9f781cd22
SHA256 bf5c6c21f7360904039a89d7d0f45f19229df0409ec8d73f5f510016bbab53ca
SHA512 fa17b282526a19fd27da18ed479fcea82149e85b5eb220e75d80612b75cc3bd4543e61451443f46c77c306d7ab4f05acb15ec6700c4875fde9addcc142a72998

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 0c88ba76b6242141106911a19e9e5d87
SHA1 d217fd96c68d007802f52d7e7d3dc994bb0d5155
SHA256 b64adf0ec421adb9e45d7b13c550b104f33a7662a9c66e435bb73f799b5b261c
SHA512 739d3376ca0773694a7c18589c88388a3f02bb6921b9cc508ee3fec25a356ffdd4cc37b8e9701a470337afb489cc28cb275a6a37c2d6df0cbad00d267f842a35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24aac891f6895e7355e53d68b77396ea
SHA1 eaaf4ab2a85c10042cd8b8647778b575c6390402
SHA256 a98886983d16bf90274efe23f9fc00bc75d3fe77e943a39c8bb3f515c6ca93c6
SHA512 c374ca5b06dab72da9c37e28213755b9340668d0301bf2c31a68e7f4a015c45788694ffee1c36b84d3cbc08726b3bdd4a5d4685d8dabdf1d2e3b31633b10586c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

MD5 cbed24fd2b55aea95367efca5ee889de
SHA1 946f48b5c344fd57113845cd483fed5fb9fa3e54
SHA256 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4
SHA512 c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e3a0c52e661d56fc2e10bb74ac8431b0
SHA1 431a13824c678e04fa446a68660faf5b4e5be7b7
SHA256 13c16ce06e06bef17f0aed8260fa95e95159cef7f0888fe0e788690406214d8b
SHA512 f1d87aa34749d122f83f7a13c72d35ed220dca2e241ef5ac84caa8d1cd1bd287435fd2332a620f5574bd7c3bfa57ec9b3f14be2e6d2ec51cd5a230c66b2ff466

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/2080-2698-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2080-2702-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2080-2703-0x0000000000230000-0x0000000000247000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\diff

MD5 d417682702b140d7131851bae877f046
SHA1 aa78da727e8a62c839a9bb6f7a93b48d3a04be70
SHA256 3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8
SHA512 9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

memory/2080-2707-0x0000000000400000-0x0000000000417000-memory.dmp

\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

MD5 5b071854133d3eb6848a301a2a75c9b2
SHA1 ffa1045c55b039760aa2632a227012bb359d764f
SHA256 cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf
SHA512 f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack

MD5 5cfc3a1b269312f7a2d2f1d7c0497819
SHA1 d048284db9ce7103156f8bbce988b4d9978786b7
SHA256 80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26
SHA512 8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack

MD5 5a83bc9b3e4a7e960fd757f3ad7cd263
SHA1 f5f308aec7e93accb5d6714c178b8bf0840fb38d
SHA256 0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5
SHA512 b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack

MD5 538777ddaa33641aa2c17b8f71eed307
SHA1 ac7b5fdba952ce65b5a85578f2a81b37daed0948
SHA256 9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135
SHA512 7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

memory/2504-2961-0x0000000000440000-0x0000000000441000-memory.dmp

C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe

MD5 f49218872d803801934638f44274000d
SHA1 871d70960ff7db8c6d11fad68d0a325d7fc540f1
SHA256 bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528
SHA512 94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

MD5 5ed6faed0b5fe8a02bb78c93c422f948
SHA1 823ed6c635bd7851ccef43cbe23518267327ae9a
SHA256 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA512 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll

MD5 cb63e262f0850bd8c3e282d6cd5493db
SHA1 aca74def7a2cd033f18fc938ceb2feef2de8cb8c
SHA256 b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012
SHA512 8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

memory/3360-3040-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3472-3052-0x0000000000340000-0x000000000034A000-memory.dmp

memory/3472-3053-0x0000000000340000-0x000000000034A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 b79fde6ec124b327c60be68e682ed8ac
SHA1 837b0ab96346c89d8b1bfcbeb3acfc6fdfef6864
SHA256 78d3f79d99e421d4f23adcf605ae073fd9b684870a1f3bf95095ef4e258f9212
SHA512 1152c2250684571e6dacd0acafc1f2776572613fd328de65e740c7be2d3d50bd753d6e1972c8340563eb9bef001d06f650554988e56c4df76f653dff19b721e5

memory/3472-3083-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3472-3089-0x0000000000230000-0x0000000000231000-memory.dmp

memory/884-3098-0x0000000000480000-0x000000000048A000-memory.dmp

memory/884-3099-0x0000000000480000-0x000000000048A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 5434bcb04b60feb8a3e1134338be3377
SHA1 f057b42ef9ba2deaf3f6b9e21331666e561366c8
SHA256 547789f83696d7adebd44cf322e79cfd1924030674d05324722fad1eb7211c63
SHA512 27fac9143ca6052bb19b726d66b0b0d000864b188b1f90a0757f052fd8acdc55959ac1a05a41fead12c183e4dc560dd20ae45fd39d740c0f3c883dfeb5856077

memory/884-3131-0x0000000000430000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DF50417E8A9C6ACFB7.TMP

MD5 d48a50e008ac617c04e7e4390a88472b
SHA1 84fc23d1d3aa50934614ad3d69348b896c509b43
SHA256 08d4ac7fcf24731e9286a3f2bf73e41c2514580e237368376ca8cb84b6647e77
SHA512 d6343af06390bee735526b051d0073be0e44ff77c9c80cff4ef0ba32b9533f3e9fda1363281a4fe507b0d8651a3f7a4d4f049ad1377891af1768d479e58d5e09

memory/884-3142-0x0000000000430000-0x0000000000431000-memory.dmp

memory/884-3143-0x0000000000430000-0x0000000000431000-memory.dmp

C:\Config.Msi\f77f27e.rbs

MD5 3ed139e4950a3bb2a15a94eff6b31905
SHA1 eff482af49fde7d59229dd04b6503cd90d82a5c0
SHA256 1d2b4d1e30ee976e586ed2b85c5c0f22abbae134e9f316ba7c6485104bd59f45
SHA512 5f9689e4343c43de63fffc99879585b8d4b1a54a3408bd0e3315577670ad6490faeecf004dab1d12705741485acb7b3f7780035b9354c490a0b8d2d0dfd7901b

memory/1540-3188-0x0000000000130000-0x0000000000131000-memory.dmp

memory/1540-3191-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2720-3208-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2720-3210-0x0000000000430000-0x0000000000431000-memory.dmp

C:\Windows\Installer\f77f285.msi

MD5 4afca17a0a4d54c04b8c3af40fb2a775
SHA1 96934a0657f09b25640b6ad18f26af6bd928d62f
SHA256 b15d3a450b7b3e5ce3194ab9e518796cc5f164c3e28762ffe36966990dcd2fe8
SHA512 ee76f5fcfdd9c1202fd5abdc2bbde8fb2543cee83265f6d2fb5458d1a086152ff6bdd4bf62a88150d325ea282bd2ecd66dd5f127bdd847cfa69cdb88985a8305

C:\Config.Msi\f77f284.rbs

MD5 d99aebb4507c770fac0ce31ec5273438
SHA1 07871d4f474d676873feacdfc6fdc463fc97772d
SHA256 5f5e6e72e42083bdd7093b4672a023276f11028fd5f0732b85a1f6846749e963
SHA512 26782deb69cc4be1ef0c77e0e28eb2c26b1592f9333ded18f75c43d06cbf150f0e6fb6d7cfccd169b32786855360ed97cc037390e152d79395b0636087254d4a

memory/3928-3277-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3980-3287-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3300-0x0000000000270000-0x000000000027A000-memory.dmp

memory/3980-3299-0x0000000000270000-0x000000000027A000-memory.dmp

memory/3980-3302-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3321-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3345-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3364-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3372-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3380-0x0000000000230000-0x0000000000231000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 a9bd1871a6a69e12bb017e1375b0a659
SHA1 0cc4c515fea150c982d02fa73acf73cfa68810e7
SHA256 f725e50dc4377a28b06589b028cd3cff58845d5ed882b22b17129c4413f8b9b3
SHA512 0595d54b19805f57a1b09a492c90c4c9f655d6a501179966b1a282b0aec90b27eeba634ee4a54fb9982f80ae046e6feb2b3e2097f14a0a3e051e80c162a83bd6

memory/3980-3393-0x0000000000230000-0x0000000000231000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\dependencies.json

MD5 24817047786540dd5d8cbfb94132c84d
SHA1 ff45f1ae7748fab985e0580c5746b0327a4b59ac
SHA256 a5584b00241e6aa455dce9c0d584d61f8350a7bc07a4137e9289e23f46878721
SHA512 6e048803859517d052d88d8c96c382d481620c1d930e219051264cb2c4d096b5b68d8e8e66ba2244ef7343df99f120600f8763f67bcf060c3132743eca7934ef

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\resources.json

MD5 8ab0113596cd48af76657e53d5d93e70
SHA1 3ab4244668932e0396022372d8f311c62ce1b89b
SHA256 b0a6157bb0f4da765f93d13ca167017144c5eb15955015b0b42f7d7c0b70599d
SHA512 55fb4d7ed644ae5e47ee376b00323199788baf596b493b4959ec4c88bdb37295ee59e34d3a7d4310fc9e35d776e1ae19fcead53c09d3a440dcfec8dc6736b170

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

MD5 e2cbea0a8a22b79e63558273dded5e6c
SHA1 bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA256 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512 a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

memory/3980-3439-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3461-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3463-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3462-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3980-3651-0x0000000000270000-0x000000000027A000-memory.dmp

memory/3980-3650-0x0000000000270000-0x000000000027A000-memory.dmp

memory/3980-4001-0x0000000000270000-0x0000000000272000-memory.dmp

memory/3592-4026-0x0000000000500000-0x000000000050A000-memory.dmp

memory/3592-4025-0x0000000000500000-0x000000000050A000-memory.dmp

memory/3592-4167-0x0000000000500000-0x000000000050A000-memory.dmp

memory/3592-4168-0x0000000000500000-0x000000000050A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\imageio6532991709945709585.tmp

MD5 a439014382612e34b571515b64a71058
SHA1 6b5e3070b27d66e5be4fa719c2adf662ddcf9323
SHA256 ab54464948dec30d9d13e624bd5e5d0d59ef641b9efdab4eb869fb255a54e357
SHA512 e33c7b8b7aaa6fd551057f8dca9bf84686ef97b6a6b3653a4bc64129faeb3385e70d7f5e366e4f6536d61bf9ba69d64ba6a155962cb8763680e7e00f30632654

C:\Users\Admin\AppData\Local\Temp\imageio6044076113569141162.tmp

MD5 12010d9c529ad2ad3979c3a7e7ebb6d1
SHA1 185800c92cbfc1ca6978a663f15aa8bf47b664e5
SHA256 7e20b79a691e10fcd0d78f70723384a4a8d574310adc507d6babbe87ee4f9af5
SHA512 4fe1890ed691f81c5716da565150a408beb1c7a91f1dda3e9f65f665dd6744c624de45fc4c22e09ef8c9e99c84d6c6d60a6c199bb1cbe93c70a7b2da3abda7d7

C:\Users\Admin\AppData\Local\Temp\imageio791085530646740427.tmp

MD5 794eb92e3b9d16b375d8e07b08ba29a6
SHA1 1e45467f771e3dc86de7c026d5239513db961367
SHA256 3aa536e4a0eaf52249c31ad4c033cf59af476d71682d0a14656059220f6fd217
SHA512 6a22fcc67788528fbe6cbe89eb166bde8d91dcf808f65cce948fdf040f22aba8b81d68e8e8beb987b8e5de554576678f5e7df9eeac0cd83454c20072fb396819

memory/1716-4361-0x0000000000280000-0x000000000028A000-memory.dmp

memory/1716-4362-0x0000000000280000-0x000000000028A000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

MD5 c62a00c3520dc7970a526025a5977c34
SHA1 f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256 a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA512 60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

MD5 494903d6add168a732e73d7b0ba059a0
SHA1 f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA256 0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512 b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

MD5 f815ea85f3b4676874e42320d4b8cfd7
SHA1 3a2ddf103552fefe391f67263b393509eee3e807
SHA256 01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512 ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

memory/2548-5378-0x0000000001CB0000-0x0000000001CBA000-memory.dmp

memory/2548-5377-0x0000000001CB0000-0x0000000001CBA000-memory.dmp

memory/2468-5533-0x0000000002270000-0x000000000227A000-memory.dmp

memory/2468-5532-0x0000000002270000-0x000000000227A000-memory.dmp

memory/2468-5613-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

memory/2468-5612-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

memory/2468-5611-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

memory/2468-5609-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF14620177154701361972.tmp

MD5 54a91b0619ccf9373d525109268219dc
SHA1 1d1d41fcadc571decb6444211b7993b99ce926e2
SHA256 b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA512 7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

C:\Users\Admin\AppData\Local\Temp\+JXF18101109512842254982.tmp

MD5 afa7a91dadd77b23634a0fdf18c148f3
SHA1 6cbb57ba2355cf442e06899898ff5af55867103e
SHA256 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA512 84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

C:\Users\Admin\AppData\Local\Temp\+JXF10047163830868602816.tmp

MD5 3f142e45b739c9129c9290e21290ab2b
SHA1 33e540e1a4acf20afc968fe3df3367135ba34992
SHA256 8fb821bc49ab6aaa58e915763e92e9e4cc445af3d47309dd738e8e4b7a8271b9
SHA512 bd0bb654b238b6b870b9633ff2a31471d8e492aa3e3c6436bd4dc36c1f8332a739d9022bb56aff37fa5c756bbde5bf3c582daabc2db0135f6f6460c7f6f755a6

C:\Users\Admin\AppData\Local\Temp\+JXF1410142456383733954.tmp

MD5 ec5d243a9958b3858b5a71fb9a690da7
SHA1 d80b02c91addef2ef58136d1a7df0189f453388c
SHA256 a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512 479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

C:\Users\Admin\AppData\Local\Temp\+JXF9934656631034570785.tmp

MD5 4c41e856744eb797e9936359a6509287
SHA1 0959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA256 83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA512 07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

memory/1624-6037-0x0000000000300000-0x000000000030A000-memory.dmp

memory/1624-6036-0x0000000000300000-0x000000000030A000-memory.dmp

memory/1624-6035-0x0000000000300000-0x000000000030A000-memory.dmp

memory/1624-6038-0x00000000006F0000-0x000000000074C000-memory.dmp

memory/1624-6041-0x00000000006F0000-0x000000000074C000-memory.dmp

memory/1624-6040-0x00000000006F0000-0x000000000074C000-memory.dmp

memory/1624-6039-0x00000000006F0000-0x000000000074C000-memory.dmp

memory/2468-6042-0x0000000002270000-0x000000000227A000-memory.dmp

memory/2468-6043-0x0000000002270000-0x000000000227A000-memory.dmp

memory/1624-6044-0x0000000000730000-0x000000000075A000-memory.dmp

memory/1624-6045-0x0000000000730000-0x000000000075A000-memory.dmp

memory/2468-6046-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

memory/2468-6047-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

memory/2468-6049-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

memory/2468-6048-0x000000001ECE0000-0x000000001ECEA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39e40b362bdc1e121c6c6a234cf5a7d0
SHA1 e7d46c8386bad51ab8b775c828ece711ef320302
SHA256 e593936454d92cdc9ca94e2ab9a6ad6fcce1b336d57adeb62c2ab0a23a938192
SHA512 b4250429c50a73e4d72e6f54008bb29cdd7bdd016096d9de8e4a6ee79a9cc2b9b39125b004e5d588633510615724ca4a11a96d32b540433927acdbb58e26b8d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 992ffb474d1eb50bb88dc0a9c7bb4b68
SHA1 c568df8b2fee1465ab6a242cf5fe4f10718a6c9f
SHA256 c869d56ac385d3afa00264215d13af084ff857a915d7bf4d8133b4bea5ea700e
SHA512 2504775dff3cc7b6817a2818ce1c7b17e1d1824ca8c37c275503a3828e38060444352b7a1c0dc2fbabe9717a53ba69bda98b3bce0f01c5a8ffc43a0f1ee611c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bda28b9a89e3b04453668a57668c8818
SHA1 2fa3c4ce4b9a6311df80e144a5649cb0aa5f143b
SHA256 89effbbf828bdb493dccf969a269f9dfcc012159eb597e3c5565d51a7d2a3046
SHA512 b69c6b2dbf103fc45425480b18729f32ad82acc2c4f7ab97278c5312d3ae533625baa1927892b81975c305147fbfc1cbe0c0ccb8ff15fe71dbb2ca8f861d1b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b7b6b1dc3b0ad983419eeb923e07853
SHA1 6b24e0ee0af69dc8cd050de63637cbd1fb439504
SHA256 03bded02829f495d54766d678532e987331719b87fbbb7d082bb7fbc016b891c
SHA512 fd8a6ee2dcf594c311f482eb58fa01194b814dd4745c6fb37d8101a031a87e3637d2109272052e46db2eb23fbbc2029901b9f9b1b5c5872c2aa8e025407b77db

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5369f42bf2dd1a8a31169c8ea41cb63
SHA1 ec4c7c9535fd649de30350bff9025f6b31c997d6
SHA256 314c4528751f448e40aff88d23dc16dbaadf6b5b9eadc19bad6ea8638fbbfe1b
SHA512 69dfe7441b5485e639453ba7750a3398d706a108481abf771237c62ed5699cc3832ec76d8c562ed378b2630da67831244b924e9786fbf370a2a2030bf7dff2f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 515aa4b231a7cdb0b62e0c02403b2bdf
SHA1 0ff4d3c775661dd69fab7a330a51cba387fb7386
SHA256 be6d6395989ef865c5787687433f65f7e3832dc9adb118df10eec1f3f4be649b
SHA512 bb259c5859038666b8a68cc6bd274987fc73aef2cf247a34ee637f94c8ca300b9cdce855a5e76a39ac40ede81985cfab9f29a993ee71ddb49aa758c6f926f3c2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\favicon[1].png

MD5 dff90d5c8faded63d31a2190773ecf7d
SHA1 83712e07e4db9e0957b436a6058b38467634f595
SHA256 b86b3b539eced4d4eb4b38a24cc23f8d27169bfad70e6f71910c8b6d3484d44f
SHA512 570beda1b741a45ee508b16361d9f102622b64d20ddfb62cf5ddb062187593438118b7d3e356ea3d9660b686994458b64ad1b930548dc6aed99ebacd1648778e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eb5bd21f0dc5cafaa42cfd194c035d5
SHA1 9725bc6c506773c6e05aa51cd2cb2bcfbab1aa58
SHA256 07f24bacc32ce3f8af34baa655662edb724aefebd724ef2d5bd0571b9e96db7e
SHA512 19a2198a3863c2c2f53c4b52e0b79ca7d2f8f70de75456aa4979edbdc8f38c70558244fa37975736c3baf9e6b4e46da353acb87d92baad05b6703eb1de7c5616

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caa18f27fa62f3222769ad5d6dd73636
SHA1 a33442b3f8f48658c52654982122dcc5ffbf6c60
SHA256 96b91a18883d9a57681f1c7b7e4a7bc626e63ce16823f826341aab7173da4b3f
SHA512 02ab60f79a5e27a717b58bc2645bda924406f0bdd715fd8b4aa9632bbbb7e8f545fb3433a100290218b67d7709aad243e9bc6b9e9f68f5cdd6e97d25aa199325

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 899e4a2093079722ca9fdef159a22d6f
SHA1 35c46c9cc1e973b5b4dac5d5f32a2caf336683b2
SHA256 4faa204c88e7e99a10ccbf9b22e0ddb9bf5421fd78abf45b3e483b9c8bcbb1f2
SHA512 484942b4bcaf0fd841cc23faf5e4f89d29a1e13b12d50949ca9117217e044453179e3f09db27dbcc41c57b172f779a4c0b6fe6a69d5238e248caa5d930988bae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3d37712d0510751b6c67ac03bb116ec
SHA1 1a76268f623e9e9b0cf6f38c3a74a26acbfce17c
SHA256 1d4b2e39a9fd3182a307fd57915ce28316b617a105a0237933e57a5cc330633f
SHA512 1bdea7ac4a58ddd9b586d4b19720a1c8526c9d769da8be596dcdde12668c54b9632257744acc68830c5000dfa4afb1136f92b1ae1b98dc528ad266cfb26f4780

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 926d79a1ac6db9181a8a177bc733b596
SHA1 73b7b5708edb45128464a9e4898ff6301b724df3
SHA256 2543c7b4852dc1c98bc962855b10007651d0a56a56c6ff02d6b09ef3e94ae81a
SHA512 6c75ac15c5a4e6686b6cd51827a96cca63ab256d56dec69392e4acacb2b2259a40c73370322685f79544e46e804a532201f8ef2005822f6a1f1e408d7d75e846

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 864f59bbb2c0cf11fcd0b837e3cb01d4
SHA1 2fee1a24e49ea1699ec7186809edb4e15a731106
SHA256 f0c81a1069da4367817596d5ff1e083a5874e8630e4a092cb3c6b365ae2f0037
SHA512 0a9f0eab3232ef73672f28a2fe976ebb08bf2eaa88d9b2e90d809655d5ec06de83eb04341bac57e850d2a8d8c911c36d4d613bcfea85c9295f85de567b3f5a45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19648729828636c86670dfea7afc1a1b
SHA1 da3ac03796d198ad7492b4d97555bd1a3b3a8caa
SHA256 483af388dcc50ee7d3e805e2f3f436f4a5a30ee89733cab1ebc95102ddf9509f
SHA512 fa48f222710ba6a474374edecb31c567623aabceeacd14ae27cbdf16c22bc0673e9c078df144221f412e5af5b6f24f14847b96245bdab13dbe3d0c7540ad172f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd9a076c99442c50e2796f0d2c63ce0d
SHA1 56e3f95326ff7e8575a2654520335a074d131e89
SHA256 c7b350f863f5092df75d32c1f3d8f027f90a4d4a5f9914f7b56ed8ed1e8e73e7
SHA512 02a433af89caa9715b29041915d5b871344f675b7d60c822af6dcc4c922d4ccd9596e84ca52fab246d1eb3c50176ee7fa422d62932e6ee156ebccc4c0d4ad6a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f05b97ac0019de7ebed148cd3016b11
SHA1 f4bd9c854898ab98eca74e724d2909665b6c7ce9
SHA256 03e9b9958d7d41172ddbe26e3a0c003406a96ceb7a8e0d0607f72cf084eef52c
SHA512 7046fc1ea6e6431e5c6d975929f24ee8200ad40498be978d275d33bac7e8abb6bd99f5330c1b86152e1aad4b620bee1fd0484defa31ae3943194e8606ef7a1be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a769d66d5bc466d29721de8e14f1d3b6
SHA1 e22d765bb341fe2d78ed7d429ffae29fb46bca05
SHA256 d5dfae65c7437c301aae97195521547c8115c7d1b0b3ecfcd5ea66b504a0764f
SHA512 e6644ae6cd638d1bd84a33738f56828245dfce8ab470914e82d7c48b4080217bfa641ef91a7269c288c092e8801eea796c0224eb79b11639f7e0951084526110

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 063400e02efc21e596e64cd9a4c96c28
SHA1 574801e0a2e1e87c753f611e6bf472e18efd3adf
SHA256 b90e7841112c14f80e7cd9ff2477694ea80d2c939bbe0c77110cc66e060f466e
SHA512 0e887036cede285b4cb4ce483a881d9f500f5f52e3147821421c63913f5f1c9e3566c999b287ea46fb57f5d916cd989cc3e6bce6e2c5a8af39c13e48efb08fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3ae1b2f92208b8ba49bef8ee64c4e1a
SHA1 ca676cd792a628545395b9695ccbffff7c482739
SHA256 19d9df455ea67233234204f53d1309b5fdb0f92ad86527f691d5ec94c6cb4ae3
SHA512 bcd95ab4c4399b037126c52c0953dc08ac4129fa8f2749b5177b598ab353e13709e1a99e3c0717a4ac86e476572768fffd46d23b1ef791de7c62043af215b39f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10eba948f47d665db2ba8ee8c44467f1
SHA1 6dc7511eb8f3ebbd14a9fd2ce7a530382061e310
SHA256 213244a63773a47a2fd95ba6be0784e46b044f94d254113ab9885bffe3f76523
SHA512 f62b4cffe5fbd3dba2e7b8660b25e0a40015eb9adf2684b07272dd50219f870416ce981e76196c1b9669520317874807f27680b1285d4e5cd964ba94daddd6fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c6e2b4207b47ed0d5316ed4c6eafdc4
SHA1 852c124b4e7d0cde3d10c06d727becb9adc62ba9
SHA256 3ee7ed2622248a91b3bd4d7823f98cec8c21643f024a57cd0935c07b48d3e420
SHA512 54f2ebc2f31ef5172c25863d77f9cfffe09434b9da0d84f5a50bff4fb6d1f829b1aac89810ab71a514b536fcb22bf8b299fa94ef72f3640c7b7fdf8bf5f167a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cb8dc992a180f4ec5b0d16571be35b1
SHA1 4f5fce4e55afe80a6a40146af5c7be6bc08367c4
SHA256 7a2687191b580f94e5eb792531585dbe4d0c0a00d9ad9a61d2f2d8be2b93333b
SHA512 63886f244df992814e9905d5a96874754060373d7d75c42f9a815a40e3c3c3aa8df5a3b062f02808127412edfaefe8e94b9f5b23b58ee0e1beb8e9de2b56cd8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9897d9eb8c128d23400e560baa1a68ad
SHA1 b6d30927445e69ae2199344cafda8b7b5f1a1cd7
SHA256 3358a60fd5db579723dc011281856c00e1e4ae4f1a64f84e8746852929fd9ccf
SHA512 45e0be8fadfbdd74bb3dc22d393dc6ef76580d252c18bee9f14065b402501b2935a2af2073ad62095759dfb212c5dcfec1dfdb029839d67b8e4bad1b67f261de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9669ab67783075401c5ef5fad578a60
SHA1 781f58c66f4fc30ae4189b1d65b8e86555fd2dc9
SHA256 0a15d71cabc86b347d5864d2de69c7ecfe6fe249b1962a928cbf02f94301910c
SHA512 081686beeec9e994f870ac11a63282985e77f574a53ceca54a4650fb78560bec287a3a46e278c110c0d3c367f637c0561e7fbe562cdf77f6e3630607b289d3e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e5037665c8e4feb5a86b436ea0d362f
SHA1 4b57565fe65f833349a8f78351bcfb4dafa90755
SHA256 986f0695b765d1c18545d4f55835efe4f61ae28466599389b596eedd8b8a7f9d
SHA512 52270950f9947a9885fb123f739c2635c9f646d69c7f8010c12cb8620bec91c31596afe22852212c3ec1c1c59124fe9eba8b6a166645627e29edde8f03428878

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f56c8b3863ffdc75ed541772e360d82
SHA1 de798a53a5095053eb29b1e7b3c92e6f7084e545
SHA256 235a70018d18125b6facb6e45f1e44be773232b7ed21a6af39ba7bfbc5376a85
SHA512 4a3f494d72f475244d5bf8b21c4145b336a8fb2edadd40419d89e8c3e65e14b63ca93493b1c46eaa222934e491af67d3afb9751e0cbf44cd12dc5bb3b9402860

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 486d4a2169d8b8e64755bc5f5d555851
SHA1 5a906df59f2847713653323b4151c8d76441b653
SHA256 f1f10280940c675e804b7d8d1cd2cc1bd3eca44fb992c985f2662fd5822f2e1f
SHA512 85da02d72149c75acd46389a1dad5582bb49102a98768857851c379b25d27e3bf1defa0b5f3442c53c746757a896ea6f82b16aa0a6b7e197b840acbc250b93e6

memory/1248-7277-0x00000000022C0000-0x00000000022CA000-memory.dmp

memory/1248-7276-0x00000000022C0000-0x00000000022CA000-memory.dmp

memory/3184-7425-0x000000001C1C0000-0x000000001C1CA000-memory.dmp

memory/3184-7426-0x000000001C1C0000-0x000000001C1CA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\imageio5679390226611353936.tmp

MD5 61228da7aadf85fff625ca4628a26305
SHA1 7594b1efb0d3960d081b979590f454716a332997
SHA256 9d79cb50f6c13050feb806b39af184a37e271581cc7a0b173cc1bbb363bb3a6e
SHA512 2b799dff133fe99ceac1f1bad24e94b43e4a41f928a451ea166ea8dcb18b824ce81be6a9ae9a0d1721ee627180f9e7ae59ff39659f8bf90913d1dc65298a8259

C:\Users\Admin\AppData\Local\Temp\+~JF18066373605762125740.tmp

MD5 99fc0816a09395454061301fefa42bf1
SHA1 adbc3bde424bcf7dbc38f148005c8319825891f2
SHA256 d0c8f44a774b8490ceee29889cdabc72381fa35fb621619a78fd28211d90241c
SHA512 0a0120d13c729e1b8826b8265dcb47275f4dd1f210a20e708b7cf38cba7ec447e0521c44b51284bff5beddb3a3ac24486aadb085975eaac50be36f5c7bed2e51

C:\Users\Admin\AppData\Local\Temp\+~JF18339204347263300867.tmp

MD5 94ea9cb73d133bb69b1bc5267d93ea00
SHA1 c5fa660b6784cf33282ddcb5125c61cbd82515fc
SHA256 fce548284667e4ae378441fbe726b0d6a25ba159b8d58b9ec4d8a88dedf55ea1
SHA512 57b12f2490df8f4a052d639db6b80c5a284277dbf3621cbb74b034db75c5cc728f3bc1e41e241a1db2333b3c758f69b4482d9706c0a6397742f659cda897c560

C:\Users\Admin\AppData\Local\Temp\+~JF2577783706683287286.tmp

MD5 f057be881b8b55f9f5bbd47e0df885f2
SHA1 0d886de51b46c856c39415beeaeba6ae497a30ac
SHA256 45d5a0ad112e15e1d356d76428419c960d7f71545a0b61a32a1f4e0e9ba60c9e
SHA512 6e4cfc52d015d8f0bb476f867a1d40b7a61e9f58d76b9c0051d658d03cd3a7161f96eaf29ac24ae276e386a5c5eec2e6a505ce0d2b07a9176ddd2d20909363d6

memory/2704-7597-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7600-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF2153902227315816549.tmp

MD5 b0064b538c44db5272e1c240a70157d7
SHA1 9f36b67231e8b5becc4db89e4963b4c982766c12
SHA256 9384b96c3c71d777fe20da8ffec067a4a50802f1ef42a1f3543d2b8059a45add
SHA512 f5a6f858fcc92327095bc30012f09148f271f39644c3d65557466307d89ea20bc79c8da466a283e0ed4a870922b99ef1c94de4bec08b728cf6eefd8ce016a6b7

C:\Users\Admin\AppData\Local\Temp\+JXF3769618318873744399.tmp

MD5 2e991f1cbf1803c2750019936d9f5e04
SHA1 2bf6fbea79f3b3bc3a919bde154c8c44439a1b35
SHA256 0bf95b2c365784e76d65857ebcb64630b383ad6c9051b71014d2f32021c0e945
SHA512 a2655dc018ef33daade7dbf3c9968d4292bdc99b8bea81e1bf6af0aa26d161f62953b50fd5674f8a8189f6d6a90de66f0b2d4f7d6110b75e66b5e50ae17b063c

C:\Users\Admin\AppData\Local\Temp\+JXF15050411717729978062.tmp

MD5 6b21a8d311369174d2828c9b040a639e
SHA1 1c2895403992e5c3f1c78d292a20a839f65b9ce4
SHA256 02bfb7853a60b1ad2fb0f60fb1ab567d6bc83d043433c3c407b941600435529c
SHA512 d3a87059699a5ccdac4dc2d22a4bcc839c1e12da36dbe43533a4d58d596792c9ba66cb505de65b1e07a1c52eb6864b302066f625cbdd7e3ec54c359d3724e6ec

memory/2704-7851-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7860-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7921-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7920-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2536-7923-0x0000000000400000-0x000000000040A000-memory.dmp

memory/2536-7924-0x0000000000400000-0x000000000040A000-memory.dmp

memory/2536-7925-0x0000000002730000-0x000000000278C000-memory.dmp

memory/2536-7926-0x0000000002730000-0x000000000278C000-memory.dmp

memory/3184-7927-0x000000001C1C0000-0x000000001C1CA000-memory.dmp

memory/3184-7928-0x000000001C1C0000-0x000000001C1CA000-memory.dmp

memory/2536-7929-0x0000000002730000-0x000000000278C000-memory.dmp

memory/2704-7931-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7930-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7932-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7933-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2536-7935-0x0000000000520000-0x000000000054A000-memory.dmp

memory/2536-7934-0x0000000000520000-0x000000000054A000-memory.dmp

memory/2704-7936-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7937-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7938-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7943-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2704-7952-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TlauncherProfiles.json

MD5 9902252cf802085600c46d924a747272
SHA1 5563405551088301f0305e2a03682ef607f762b0
SHA256 a56051644ef205fd0381e3f73a04407d9a7a49d282ed4e0c101f4c1b1973fd82
SHA512 6e78b714aeb170e754ca57e3d87b2917500334e71f1d29c283e133b9bd3efa77114ea1c66e48d1381acf71b4f1738855127a01b871a861f0624b5ef209e68108

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7b6a6faa93681205eaa0a491f522b3db
SHA1 0ced5d41a88c0993d70b27f6ddd89fd615dcfb34
SHA256 5ee05ca30b3670c18de57363a4d9175d211ff7fa2a2625a5d81d76286ad5062c
SHA512 f04b20663b8c959d2187223229be164e5eefab9080c1437ebc5e8503f61014a7ccf75d02593c30b0898dfd81af19caaabc7b6076408033246380969e7b012324

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c18d0952b37f02b7e7e91d6bf9217d5
SHA1 333ed6fe8e220559e0f04aac1463462ce9756353
SHA256 7d625c2db9a4c61218eb0cd37be960c66882d4d8a61728207b9d15225d8e2f7d
SHA512 9b3d9761a1556892bc66b0f98dd8e78df00526f53ac8bb7bab7dda94e35dea3ded08960bbb5367f193b015b9ebb5d8de3160196f91c96865def1d452881ea6b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 44632a699252a750c768b4078fdc0208
SHA1 f0e153a81512c8950ecdf4cbefb5e33b1beb47bb
SHA256 0d80f789f3b9b405742e3cf37c4547283a15f4e3551f0f5de9c0eb4507fb23e4
SHA512 90f04b06c0f27d006e67d732b8917a9cef5aa50071554766a880c56e79071d427f2e622dff045f78b9026f8cb20b5078d1b90f539424feae59bb70c7bb2b7273

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 757eeca83c9088be0ad701352a3f2bba
SHA1 d67d8150d498c3965972d245c0429e5f5dcdd5ee
SHA256 21ee7f4142a5a6346149cda958870513960db6db6b0456b9816dcb1f11822a47
SHA512 5b0bef29fee942071bebf6e6d7c9e83b273f95bd2178cd866382bed18769d934bac670505d4d4ff17570c16b34d06ac34f286028996596353f998ca1913d777d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce8c261635aae903b32efe76601464eb
SHA1 33d20a67ace4b44d357955273ff3f25ea2daa4b9
SHA256 de06452756073703d6e27f90896eca2f252caadfdca07b6a28cfe197d2369168
SHA512 b0dc363255eb0b0027ca5460eb92d79c7048350b383d3002fc0f7a7645e917dd291b3d142d582fb1dd40e3dd93086356b62f168767211b20ecc496f77ce76416

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 12:16

Reported

2024-05-04 12:46

Platform

win10v2004-20240419-en

Max time kernel

1799s

Max time network

1801s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592995440999741" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 228 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 228 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 228 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 5052 wrote to memory of 4496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 4496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-17203666-93769886-2545153620-1000"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\f9b0049bca5f4984aff79e0286c5e3d6 /t 764 /p 2012

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffd234cc40,0x7fffd234cc4c,0x7fffd234cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2004,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2392 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3452,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3756,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3772,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4528 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.oracle.com/javase/8/docs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffccdb46f8,0x7fffccdb4708,0x7fffccdb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,3969247042535907705,2469800725644689107,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6459744201727361239,17373144986377402687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 13.37.20.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 docs.oracle.com udp
BE 104.68.70.89:443 docs.oracle.com tcp
BE 104.68.70.89:443 docs.oracle.com tcp
BE 104.68.70.89:443 docs.oracle.com tcp
BE 104.68.70.89:443 docs.oracle.com tcp
BE 104.68.70.89:443 docs.oracle.com tcp
BE 104.68.70.89:443 docs.oracle.com tcp
US 8.8.8.8:53 89.70.68.104.in-addr.arpa udp
US 8.8.8.8:53 www.oracleimg.com udp
BE 23.55.97.240:443 www.oracleimg.com tcp
BE 104.68.70.89:443 docs.oracle.com tcp
US 8.8.8.8:53 240.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.214.77.117:443 dpm.demdex.net tcp
US 8.8.8.8:53 consent.truste.com udp
US 8.8.8.8:53 oracle.demdex.net udp
GB 18.244.155.55:443 consent.truste.com tcp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
US 8.8.8.8:53 cm.everesttech.net udp
IE 52.18.190.199:443 cm.everesttech.net tcp
IE 66.235.152.221:443 oracle.sc.omtrdc.net tcp
IE 66.235.152.221:443 oracle.sc.omtrdc.net tcp
US 8.8.8.8:53 consent.trustarc.com udp
GB 216.137.44.99:443 consent.trustarc.com tcp
GB 216.137.44.99:443 consent.trustarc.com tcp
GB 216.137.44.99:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 55.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 199.190.18.52.in-addr.arpa udp
US 8.8.8.8:53 123.9.84.99.in-addr.arpa udp
US 8.8.8.8:53 99.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 117.77.214.52.in-addr.arpa udp
GB 18.165.227.6:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
GB 143.204.194.118:443 consent-st.trustarc.com tcp
US 8.8.8.8:53 118.194.204.143.in-addr.arpa udp
US 8.8.8.8:53 6.227.165.18.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a14411ca54ffb3b223c21c63a784409b
SHA1 33050df5397e5a44169cf0cd702d776269233f36
SHA256 1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b
SHA512 0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

memory/2012-14-0x0000000000DD0000-0x00000000011B9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

memory/2012-597-0x00000000073B0000-0x00000000073B3000-memory.dmp

memory/2012-596-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

memory/2012-614-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2012-613-0x0000000000DD0000-0x00000000011B9000-memory.dmp

memory/2012-638-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2012-640-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2012-672-0x0000000010000000-0x0000000010051000-memory.dmp

\??\pipe\crashpad_5052_HIIRQXZJOKYVFACY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 daa64da6df01f313ca7c48fe882f92c4
SHA1 2e1bdeed6333b5b5be60b990954c35d0804009c7
SHA256 c9cdc22b8900ba44a18e1c5011118342a0cafb894dc475cdccb8381f2f3aa4d4
SHA512 d9312b9ce4b8bbccb369103ca8e94c6b97801585579dd97caecb826e3245e22181af52389728f6ee977583c682bbeb4710c0664c0ed4ccf9e4bdfb8224fb7111

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a9e55f5864d6e2afd2fd84e25a3bc228
SHA1 a5efcff9e3df6252c7fe8535d505235f82aab276
SHA256 0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA512 12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b778c002dc0bdd9a5af4adf8104f3c36
SHA1 fe1fbf03378048482829b72b12f26ca9e2b6a38c
SHA256 b4a1baf5cd215669d28c8d1141e43948fec3d01b677a654dbebb9965462e0c9c
SHA512 0ed49ec827b9dd3f3a0ec23390cbe0fc7e092e5ee4a93182ecd7f914b3acd030012895f7065e7f8477bd71fbee23bc5eb1b9ac1b9eb289e3a35732f7e8402be1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e72e5e11a15322cb1e704df7ab6f6c08
SHA1 a3ca87dc86f2d9d1268c99c7b37ba0737c255472
SHA256 3463c526437d245a6bf629f6a81eacb196be2c6ddf2b15d2a67d760a6f9f0daf
SHA512 78c4601b51854d1d69d17c0b8723f6ce96844aa6feabf8e5babf378e6d52c55708bf743382f1273a3501472fde9e0d9bb102a651e0cc4b206379fb299fa25ee6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dbac49e66219979194c79f1cf1cb3dd1
SHA1 4ef87804a04d51ae1fac358f92382548b27f62f2
SHA256 f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512 bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bfb3d3e7451536fe2a286ee016a125b7
SHA1 e572bfb2492888c51fb1eb80fda84e0fb5cf877b
SHA256 f647f36628de6cce394d5af367889a0c30d5f7a9693a94d1464fd4f74486ec83
SHA512 0ec3b0267fc9072a6ad3b6674172619a5da5c199629881641449292ec60e292c96f5afcd739a1a2a50278293f3a9fa2b58510d98a7899f115bd77de6913be59c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc79592b37a498ff288401648100562a
SHA1 5b9d39e63b50dfda07ec88cdb44c62036db65e97
SHA256 11d8b65d36341ccd0f2bdd61d5f8d92a68bc8486dc9aa6891925aebd011cafe1
SHA512 428eaffd5c14c39312997983554a234fd2ade1d4b4c76ef8117dbc5f7f0475c6916acd802fe671172e6a2912442c07513bb43a2a27a105917fd748140742d3bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1efd0726dc26e8d35e2f0b394e674758
SHA1 11783728213917e664dd11f954f8959128960238
SHA256 c5b3d04305f5badc32334adec30b8e3ae1941d43dfd31a22842f7f39a30e7099
SHA512 f53d80e0d75cbc6b9af8468b193c684ea14400bfe14cf4533add9567bc878b193333b502c6b8c1f4a9383d67aeb66d34233a88d82536aa19f3ae5420da01168c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c13e24beb68514feb2ac8ccd6b4868a
SHA1 2e6234880e31a4b5139d47c0092cc19b897f7443
SHA256 f6ed63bfa7e2d7c51fc2b0e2d8da13e736495544d1a78ee9e8c1f740b1953373
SHA512 6722f2576f3b4a257a30bfc590b32d680e44ed5076643afb63a8b335658885acce88fe6a5b2bcc4279c4dc3e0e212b5e04838c391d5cd7d7580b6873e67305c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 141c807044ef06d69bb1b14d3b2a5fe0
SHA1 268da26e33ee41d249f0108aafcd15563c51bc2e
SHA256 99f4d4026cdce2e00c220a476184b8538180e1f8e8e5bc71acf7e50bafc51fe3
SHA512 66971f9c00f5925fa7904077e828fb94320318b52db564024f2330b1c072e2b1e270e674797e9915322d842261ae03899954081a49d64cc236c86d7b7b0c81d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88dcb7d960a8c81466b189ee0d9912b5
SHA1 c368889c3626bf9a1ed7d49ad86519f3c4609e69
SHA256 20ee5e3df23a62a58f04200f52eea62e21aafd78756e3a7a360962b145e01a39
SHA512 0811db4a970d4fe7df48045e005212e28d732151a8ad35c94fdb81ea3a0e56bbc9a2aabb5ff7d83ea890aa8ae575ec5a1d32c3883a0aaefa6ca27dc16ff70ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 43fd604585f00536dd2f86981d656179
SHA1 22f4340d562476d0db8f22a2568ed71cb3cb5d3e
SHA256 d8d27ec428aef7204688f7cdca97d6cf207242e0a31386c955ac20687055812c
SHA512 00b0051de63d21a29ae68160f05218299ef735f5835fad73f211aff3922463e4720c2c4f9148386c152affc29de4cfe6b2051b5e56c1b867f7b8b09e0bb2018d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec6821fac1df9299161522ffaa8fd196
SHA1 6541e85c2801bf57c5bbecabcbf49eed7b091eb7
SHA256 ea12a458121bb9a1271a715386e7480d28268cd8ae05194fa64d0d5f4543cc5b
SHA512 d6eec46d4d65d7cfa47006bae48e12f3ae7677417f0f447f8e89fca983a9234a8018ad91ab9515e313921dcf963f462c2f6f78a1c80acd503eddc97d47847496

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a33c2f5c10a09bcdb166c28047bfa594
SHA1 f7cea6768e529832f2b6771f8fb7d8a83340ebe2
SHA256 81afd94d2b240c436038082770fe35b07511de6d0f773c96db40b1cdb54526de
SHA512 13c52587f01c7ff44406ab16a13a11cd55cee3808b8cd92ab67f3aabc787188ea1dc74f02224802a98a4ff2f069c3ba1737ac583928978e77ca5e963f79a3664

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b6199191a901f53dd19e3b1123cabc0
SHA1 65df55f26d4fa853766852d57f3a002a87ef3749
SHA256 b72040dc144f389f6a14032d2809078a67c2fd60cd9d654b5d82e092fe215b64
SHA512 a9fe23c76fbc600a65b85c16a34aee17022dd50b47b33b7d20a0d6ecaaa5aa688c0e22033190757072b688e23817f06e4812c2346f30cda9c8a7aec17e30f54d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d070735e968c4a9bb764a89f9915ddb3
SHA1 c0891c30cd193caad681935f775ae38a7ebe6e35
SHA256 d03144914665d6336947effcd66d664cf015f227bf17d09258aca74837e98f69
SHA512 0566c4e81cc59f773125f1839a09f5f8ec8a504af1f2baa8548c6afe57339fbd86c1f119227f6cc9455f5b371e613fcb6e1d4c8390d59b67f2473ae499be63b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9e3ae150ee4f141dce4f6ae20c1b02f9
SHA1 54b820f23ac23f84125531eaad2b4429bb1a51fa
SHA256 66cac4defb095c82a9d8eb5980c0b13e562a1c47b1b8427b7cc785c1041bca16
SHA512 0e7d18147817a9423458e98539c59604a5d3a55ebb2ac484d64cd272dcc13aeebed61b06a053f8591a4f6275378fabd422a309d566d29991835df83e4745f8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b2a884c5d04abb2d0f1fa18ffc8e8a00
SHA1 cc5aaf410a9730a1e814bfe55ba42034fc71956f
SHA256 231310251107b459a7e4039f93b61341041b9d67f32da0631d6e1d5591d39f41
SHA512 fe1f92018257ad4179ce3bc9784444b8a7e98311c115ef2a7e6d01c54b1a6794f4b5260ec9f7c15d262a11fe6812f1732642a8bf813ac95e38c66b23da595984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed016c4856c70a334d409ad320831af4
SHA1 9156c3a007990509f076018254cba23b3deb9be1
SHA256 016f1c63804622b779b1a4bca54f61e828bcee81a37486dc72d9c4aa8049a017
SHA512 da997d8cb2ca1a3ab652a4496aae9b0e52e89446b230c8eedb666cbc819621a9ad2fe7ceb4d94f95f6c3ed27887c3349f11c671e5c64a952675b781287c6b1cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d1754d49ee7eb10a5986e9f1391e879
SHA1 4e948107d6da29e7301aabe9ad30acb419e419a3
SHA256 5e976d99009cb95d181547c19ea20d758dd433bf90d111ed246b2ad857ef7d2d
SHA512 77a68823017d962ca1cca6d6bbca3555b308f0a039d72332f16e4f57b50f6980532090c01eb6c25b63441caee216030a29289c3a0732d67f7c060f4e171cd2bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9b29a26525ac537d673936a78ad41db
SHA1 1d11dd634e70740699c2fc83157a39557dfa77f2
SHA256 3ecc1ae1e825d7ac7cc7ed85734c53d4987d690f85d739e5d2708a241c465508
SHA512 72b30256403bd0ad6b44e92ce9ebbe9d6da7e8d899b32838b28f1f0514b3874b12f455fdb5b25fbe427d9be96c10e4ba35553eb8fb7b905cf916b332c01e17f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ac8c17423d39a86ca5c0d847098acb9
SHA1 a527d12c3a8d86894aff053d0e7742e3d20de75a
SHA256 f979f9614b93863c7a2aa1560b9ece6df38cdfe3d0c7bf3f0ce4d7fb15920a14
SHA512 48a013a3aaaf253c6d26bf4cd738a5f322207089a9c4a0ebc8fe93d649259b24e8c61a8262ab9e6cc7c9739da6da7b6ff2463d41698f6a47bcbb4429efdd0264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27bbb45948f1c3366b5603f2d630ed00
SHA1 7a76b875d20a7d8f952525e74a8b64aede0ff75a
SHA256 33c97dee51efd49ec5d9e2bb946f724705c48fba23eea17619945f45eaafed60
SHA512 fcdfa0a58af1c7a93c99b29bf20861cd32a5a4d543bbab3c3ce441871e1e1c24b8dd56f3460f15c60861ed1c0f51e3bbf8b277850182769e89922c0adb86260f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1f7ceaa35552e7c62ee7a7c491efd3f
SHA1 d0e270e577040be02b3c6e150fea00a684ab3c2e
SHA256 e565e5fa347beb93ac71b4c39fdd7ee6275a46fd210802023b9c8e8f5ceebb1c
SHA512 14b09791bdf88b5fca398d6ee277db4b6646b38d52cc233d734ef52647144ad69f3d7734d54feb07372e2f6be572589da535fefb26c5e63be9439818d9081b79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d66116c11145ec3ad25bc4ca1590c54d
SHA1 e2cef8f77c493c38dc2deafea75cd550550e7902
SHA256 b238194ad3f2d45b7ca219d96392396c5ab0569b0d5da854433f5f38d48a2d4c
SHA512 87bb53cc8f38ad12ee5b3c2e38fb58b077ba3448a0ee875ba043986bdbbc338d64e41ed091f172139c3c9313ed0ba8ac7e7c7abde1f0576897a19989813715c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6910ee69f2363c84f5880977f64a364d
SHA1 e6a9abce1c9a339cb5266f06124c9afb986cb09c
SHA256 dd3408a39c47ab377099edbd4a81d4a2925bab86529a4fa0a895fb257fb3eb08
SHA512 cbf9fee26e5a59df0742601182a5e1a87bc4690b0c13e37c3668a192962bae62596857396b63a68a46a35ee84e1b980d47cb0c706eb22a172dbdf337d1fc7535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee6ff85a9baaeaf67abaae0b89d686a9
SHA1 6259d7fe292baae73b38fdffea4fc7b741433b20
SHA256 6acb26a483c384801839fa48f375082098d1f4e86656b4eab315b6871dbc70fd
SHA512 188e354eec45f627b2e2de127673f1d8c29d4caa2d6ff625120b06b4f5d547db6675eebdf757d7000f6b038c12a6fce6a294313b49b2855a71d4b810b5fbbedb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c12ce8e71744b4857ea32c8e33c53b84
SHA1 241f7b3384fe863fb213fc50fdda9f37f962032c
SHA256 169b1c9f0b637b0684a425b3f9c062fbce20c11ad50cc3faecb829c058d31516
SHA512 552d5c53e7e43d1f6b6ccc347e74d436f58e1864dcfe684309ad5c65817df21ddf4701e80847f5bf525696cd156cf1cd49e41ea53a041a78c20c598f91a07703

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af2540faa1afcf5c5b27d3ff72f3000c
SHA1 8c7371291d871488bbe97c9a0ddf1662431641b4
SHA256 97605b9bd5898d9d396e1b2e03992e473a9ab11531beaf47da0730999481cf8b
SHA512 ad379bb92c2ae62a6f4be3d8e18f165e0a678e19a40d57a6b8be796db17da02e8d3ab914a9e52f995c09c120a82f25eadd7b1f154d990548a1ae930c1b16b3a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be1b6c0cafb83f811ee7db1fb4b75262
SHA1 288a2f92561a59052fe5138092201d3387e83a08
SHA256 88695fe7c487cd509490795b162a05a0e3eb2dab88259a44d3b5b899e2563a03
SHA512 50dec0da6a9b3169054bfafbfc512606ec82e392fcfbfec8952c1757a6ea91aa2f60cca9fa9e13debf59b9f42a17d43b942cfa62964bd8d46292f9c726eadfd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18e34ba642d5c967d5c67d29cdec3ba1
SHA1 b180fc132f679460299494242f2cac89d696a73a
SHA256 e41cc253923268cbda4a606773acced60c7c1a2a1e176df856d556047b7e2665
SHA512 43d3b284e82d22bbd0d34e46df4329c8a6d7d1e4d5a9b32382c4e699eb4daac63d4dfdcb399197a099724770bd8260ab6d9d630f5b067d1d55be47028e02dcbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 831bd9ec605fd17a237dabc40742517e
SHA1 2102e4115574958c8275acc639f758257bff7e96
SHA256 035d8a2979de165a1e7a2c894943e311de92ccacfd8b97341588a1a16327f049
SHA512 78ae6b02dc9df72be1b0703812692f750874dc8019b40fea7e8d6f99057cd79cd1cdcc4c5dd96fcb15ef0b2e45e874b455d595c67ede22fe12d80b463ffcdcc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56af6e650fe4f9c3a9cf2544b939dc26
SHA1 b127dd0aaf3341a6622195798d6fcef9de76c2c3
SHA256 0be39c0019d35922ed71f91bf956c672fb13989ddc6bf62ef7d86c5d20e6a9ff
SHA512 16b574499404d3df0250ebc0409cb9db49b4efa756e9f58d2b45b0385be0171fb4f4bbaf1e335f04b057e81d740d63b7501ee963804caa2ce2fb8556ab6629d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6b41394a9c43e530b3fea83b180c1e2
SHA1 038ddaa7a256b52e123bfb3cd44ea6f8112257b9
SHA256 096314ee515288ac3fde831041430e7882a4037c1285fe9751c1eb9494f478e7
SHA512 c9c36df07441d6e5b19443c59694922846c408e079e789138b291fb2e341d521e43baa44f3dcf5c3e2b40efb1ca43dd8427740ce43aff261ea0bc58e9f55fc24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 562a707770f62f30fcd6b6ddb6d76d7f
SHA1 ef209feffb6f251a3e347e547b7e15d21640493b
SHA256 f0eb5b0766ae5f830ff5bb907c9721319ccdeabbc56b47c165d0ba82675e2fab
SHA512 f78c6562ad2de7b818e2bc1eb4efa7129f0e966da0c7375a44e33576973d758a03ca38f0e34a1721a5928d497342095232ed7691bc879d921c0ed531f2bee3cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 463f4210e9e2a80ee2a1ecd3c35e7b65
SHA1 94096c5f3d907f69ba7460aafcb09748e034a6b6
SHA256 0945a3a0c1f9742fe0e1f54bac2c86ee3913c35b4338ed54441481e59c407fdd
SHA512 93179fe869f2140ac6fa526720b343057087bb02b106b246c74734b4f80178769fae9321afaada940c95e0559e0ceee544792387c382fa76da47248c4ab0a0ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2066a040732c092fb99d950ee16a671c
SHA1 5e705b1fd175a5fc3c6ee1285c73d0e329c275dd
SHA256 26e7778424dc68facc968b6ca2d01ab9e89f73f1f7823e565e77bc0276e043c6
SHA512 ee60ae7059d574771744303d7e695037aaa999914793ed7c06c0754751f0b5c5773b5f6d2c938893fbef4cd5cda22336016baf8c2e76f3dad93ff7c6eaae7db2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0c09ca98b9763d7646a86bb90b4cd3e
SHA1 3da74521183430cfd5168e1fdfcf1eecf3e20422
SHA256 19166709c3ef7fe5328faedeedc41d064c7d10dc5a797f66a1be5943218c9e9f
SHA512 b34a2b5902266236dd8f329a3ee76ea9905343e00a118807832411ad4cdf78852fdf839155b5b03727d56bcd5798a69db618a82e33769b51c0fb67562e4fee1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c18ae44a6fdc54b8bb09608307676a88
SHA1 e1510a5187f28447ae03ca91cad0e816d0793614
SHA256 0aeefd9e774b6a38c4e172335abbcc0f2625631f24d07d532bcc7642e0698c95
SHA512 01244b4f136c4b4f61798e0ca29f5f94f1309bcde3ca6c14be9460e640ebc7b0919bb86fefde77c233a5a6e6a5494e9690fbdbc7cb3d46bd5cc6b272170ad9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d994328858a4a4f57d1066e984a2037a
SHA1 9fc00d117208c5c002c59c95689e31bd98a1f86f
SHA256 10421775ef8a78a141b061233b0a23cb9fcef11fa3bfb64d3ed7f4cebfa8f3d0
SHA512 9e21504b49e658b165b0dc746ee8d12ea595ee2ab45041db0051dd46a9953cf6dcac46289a6e4bd54c9edbadc4f0ab62775ebe6217aa22c932643260ab724ff5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dea10d097135c6b0739f2886d5c41f22
SHA1 f2320baae798c051d140a65dffe859a0971a6dfb
SHA256 df2fb4814842416b8660afd7e9a2771923a8183f76247c70709176e2a2a3ae88
SHA512 5d9419774ccbf13312cec56a7df998b5910a4096d43f594477c6a2787868b72e0b9cec63f7ab238499b0e48aa1f4af13da4c598793d1d36a57a80614f285562a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18469d32fc8910df22a0ad2a6255635a
SHA1 3e9ec3f3abd0639747c778e3bc5c21dac5875220
SHA256 7ffefac5bc015149c872c58bca032b4abd4f41f86c84fe41d2fef47e322b2b17
SHA512 7a4b9f3c1d88371b714878fb2032125047dd5b0108b82abff8ab4402f1cca72298753db4fd71941f5997d09ff8db3c276596ccaa99df0447843a2371a3706aa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 328fd3fe78725b116963f916718ca613
SHA1 cad5b34a2933b2801c2921537f1fe44dffae01ad
SHA256 f46ce23270bb8e5353b98ff3fe3b9344a5063eb558752659bcea967700019a51
SHA512 82ca692396be953668aed6b8b360b1ca7ad5f6a18f85bbc236317fabd35efe8ac4e3add15e4ee8d2ca6a0c3432847efffc220c294e96d92660912c334f572e2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d156722866e0ce13d93d1ebdc290f11
SHA1 3615512b7a636645c8d0372ba82577c57cedefbe
SHA256 f1ecb0fee6ca2eedd180f32a354527fc6105e1a215f70e42ecfbd548438274b8
SHA512 f05b52ed1ecedbe4d41f096e2fca56f07e2d1c00f6cf5b0607040a62c2b62bacbcac125b935ecd35afa1b33ff8ec34c1464ddfdb1b2bc53e29a3c1191fb826d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 037a2a543968e77924ac6ea6fabda64b
SHA1 3526ec1473541021a81eb7d4f207b2855d891bd2
SHA256 d86a96bd36de81ace3fd8a63d2c0664451d32d9150a034b5000bf53e6d7ede90
SHA512 69f26fc51854c15e8aa7702606d84e43c187de1b08dd0ecd96bde8b48459d290026cf5a6d8d5a9bb9020f2d37be09d69a59b7c2ac31cdaf7f6242361fab979c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3445bc1f4629456b00afdd6ed8305088
SHA1 6907bbc9b437366c95f2bda1c2aa526b90320802
SHA256 1bc198929d4fce42278b93018c3fd167199fa64704ef68f5deedc8d7b5c1a332
SHA512 a604341bf3c6487ab42151efa9916f8359b41b4cc5776ef3385b080962d779d8f4795036c580c0d17c4455dfe82dac9e5364b0ba2d609a4488d9e58c9bfa366f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bff0d7cbe026d5eb3f46c3ac76ed79e
SHA1 a1c97f183951751bb0b5c0d1cfe976ca3868e7fd
SHA256 3f5edb10fb0cbb95dbd1591e2ebc4856d5dd3d86a666e86f6ff9be12a308b696
SHA512 bb32a34f568d188ca02a5e050af536798097458c15af7ae5dcaabedd1c154b122242409d6ea320c2f405b5334540d377c2c467288a28e7ce6595b4c0e6a71a64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a3b59ee67817599a179715b6f1e09ba
SHA1 b89c8824e2192371df08a23e2a15617ebbcb66ae
SHA256 24f0eebc37c4bfccb01661662087e7560b36aad8cab014f70f69dd15761bd397
SHA512 b1269cfb4826534ad9eee788fdf20c21fa50c0e11be9ab2ce16b833e7965441eebe8ace80cd07f77df62d60ef1927aa1a5bfba768c8c942f19264b576161d6b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90d9e9181e523e821f70c263d9475606
SHA1 98f064f2a27368170edcf45c394fe5c91066b008
SHA256 bbca1c0673924c3befe26e16387ac235b11a01252f7338d79ccd5c5f7a5d41cf
SHA512 7131ade19a4cde422bfc5245661662119797f7aac9c3d1579ae6fc8edc15b23b2116fbcd17f7775e8313914eeb292f0fe2db552d4f6069241136374f868d2ec6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\196065f4-19db-4e17-946d-82526878a9d0.tmp

MD5 2dd49721b347c361a1d54bac3e051414
SHA1 8be410485efa82cfb4d0d6931a9a170298bff5a3
SHA256 8b3fbb47a6da48e5094688c749f129a41f40058b06cc8fb9f15e155ed6609b14
SHA512 0f986290e3cc2b2431c6f8e70e08ab44df045515eeb0e0e90a65b441745c53cc70093c837555d3a576137e197e2fd7a43877fecec5dd2f2c7405c37b61d2b534

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee7a6ed43735d00e60c5838c34474eb1
SHA1 8c4d548ae51f555f648b4f764875229101abe580
SHA256 2f53ae7091932c6bb4f46f31a487ba5fa8d76391310ec9a7cb358f99bd5e0774
SHA512 15f04a68cef0f60353ef6a16f1fda5cc90f044a7ab4f8c4016b05cf9ca11981f6f1378dc885f71c9d842f3783361fc84a605c958feb274ef980e9c1d80f447f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdb735e0c292c4c357a6f8153e6978f5
SHA1 634365353b8b488bbd9b93b8811b889ea68fec71
SHA256 1a331515718b9cf86c542b7587da86a9c5737c213c47c1d1a122790faba413e2
SHA512 2dfa90544f332235a357f3c32277ae9d0c1c444da7cfca22bd29d22e8e79751ec08706534fdeee6ad9a97db8777a20ff9d020813d5315ad49572f8470b0a7d5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db4fc99db2983a27c6216bdff33dbcd5
SHA1 4f4a39a8aff010e7ec42edd51ad9f621a3395aa9
SHA256 2a9541fb72a2338f85bb472e99387894c8176264304c51f9da3bd4e6463fb868
SHA512 0a31e8bda75bf43d7ffb7bfca2981da493cebe7de4d1dc1706ea7c771390bd5cb0eaff086fae21be313fe73b580290082dad51c793119af65114f702a1591e79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb74153ac074e6262522d2f31fc11691
SHA1 86e72fcd9d96d725f0f196eea612a8e44eb03956
SHA256 f2c9a2c754742868a91109ac9e5206d01bf4ebdc11b3f90b3436a1cde6557414
SHA512 066b76b5a31a23f81f62d0431c200ba9f8986777ac55f29524be36e0857a1f7232753e097cb6b4bed1ed2a195027bb6509a062f8009b78ce4cc59157f9d5215a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1032fa497d94d562d2aaeebe891f3bb9
SHA1 2f148a31bbaf8bd86e3b2797e2a98a37b6ded090
SHA256 f1bff2438f7d8407d2ef67a43b088c25bb4527e5392c1d91f1b039388aafa105
SHA512 8a960d8c77048a5e507837ac85a4199c70f48fd20714b9409686479b7567f9e2c17cd44449f46fea9df8e0f12684632f3bd027ec916599b1a2cd0b9a13216e6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76b3a9dac270b0b38de484785c93ed01
SHA1 646f30727b465554e2adc7997eba602b42549a69
SHA256 c2f6ba78267b122376330590c22a5638301c5d736b16df33c7050160a1dcee94
SHA512 2cdb2cfe3d791c4971212f3d857dbad52cf336879531dbfbc38cb523accf7aa6003c92a067a63eb7cdab004a8e220f6126f0818d0af3cfc07af052195c2b155f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be414f1d9cafe911a26dc5c932ed1331
SHA1 c0223c1f73edafd37aace5860d92baa86dc5dca5
SHA256 76623864667d46c006639a77fb2dd923b0824afd921a5f1345e45862d9b5da52
SHA512 f91a29c58f7e340fa890c46963465aa6c4ca4545b2ed5e3876950539c78e194835f06fce9519ca62435495e586049f414621ecf20fdc0e90f1340d3f9115e599

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9416326d6769bfb2bca557dd496ef737
SHA1 a9cce76d6a4095bdf39ade5c613d271d8b8e972c
SHA256 293a749829a79a42255289196f2f5a955ca5e5bcac38c261439234dda5dfe438
SHA512 5971898130a5b4d2744d9b61f484898d34500504fe7dc21e1df432925a68aa3036dc5e43a32e3175ffb70b477cf7118dc821cef6c0d4cd00460a91b677a73ff9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4fbb7a8304972d836c8c887592ad881a
SHA1 f2085d5e771e0ef903a79dcacea9eae3568eb851
SHA256 7ca521401f63ed070aca4a581ae54fe68bc73089945e03b450bcf9f8e67a7fbe
SHA512 9da7bead6f90d991fd4c0b72347db66cd2e76e4fbe8662519d3e84f41c8aa8d12a4a4b3d74a1fbfdfe2f2c8159137a3bd12237f9c56df9dc40c319d010259e7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2aab71cbafe47126111d39fc365fb46c
SHA1 c0ef5e2f3486a829db31f269c1ecf910d71258fc
SHA256 24dcddda081adf38da5cbb79333afc8884d0398c1788da6b97cfad76c9b28558
SHA512 941638ab70a822b6675eb07b11a21bc0b6e836c5df6ee76b552a62cb0a0eb2a739c63d86688f1c55b60d8270e71b4ac7813f6e972240fbc8627492aca683470b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d497c4835e481bf0770785fe346f6dbc
SHA1 f9b515478caaeef1eaeaf33ef720b87c74496099
SHA256 526d853868a25c35600de4c8a091b1bca9d2d4eb882c162cc2349bfe868a4a26
SHA512 61b599b2e52bc40c116b156a55e5d751e9549fc9a843a725ebcb934fd6f7b2c204fcc7f3f2b8bb214cd1b4d7754579dd710d76ea99a1661fa124f3dc2d52fb58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 096092260803b225587ae025cdcaefd0
SHA1 715b227aa445d7d3a6b70100224fcd84826bdad5
SHA256 0c8e76073a65f0b3b96d5bff4db7fd63ab1b2af6de1a5eb95f5bbf0f46613a58
SHA512 54dddbbf6435ef9598c7082b432123e81c6ea403a430eb674b51bb75a97e8f47ecea7345d7d355171fc0cb6e307785c925772c6f4e54e91249aeeab2359555a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5aeec297ca4222303d73903b1c0e8af5
SHA1 3763f8b8ed272e0f356aa44dd69af34e030dfa0e
SHA256 25f5250afeb704ccc20203f32baf415ae572d050379b597bace9c3ff6419afc8
SHA512 dfb7391277ebc590ad5a6df80aa17986b24a7026613a709d977ff3613f7d11494bbc38936836b5ec1865cac73047838e62419d989e6e66fc62eb7ae07784316d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe2fbec33866ca1819e880cb9cc1e78a
SHA1 3451b395d09af41703c6b02445dc8df408942251
SHA256 25c06706a3322c01fcc0e9e214016e90de30d000612e893993ef9f9babdd26cf
SHA512 b7752655831aab1a6ffbc952f27ba744b3f309c89f28094b9dd72631736e6657a62de760ca7a23a0ed3c84186160da12276c4d884e636b7d2adeda9052fa1b5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ebcc68a931f9fea43fbd22a12954e9f0
SHA1 0b685a71ac30729048949baa6175eacec231926c
SHA256 5079ebdccba1ff7e594ce6e9ea6f89e8da2e64f70f431a22a5178f198e08f459
SHA512 cedafc21360520d1fe18f70b56539e04bf0d1113b05dd50a7238f8ce07c0151006c3b40cd74ed843d2a8a7354c12a096cbb4e5b5b4d8a3133486ac604ba704fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee4c595072504c24d00997fd3c77e979
SHA1 78350bc1efae26347ef530e74ac9b95f7c9eed83
SHA256 58808af0e3600551b850c359c4eea20aaf96563fbffbf3a15861fe7c1364f48f
SHA512 73ba32e99abceac2a620c6bfbf5bb0857d1eab167b7045905b59b289828513c9b9b41fbef42a209b5debee93b7748c3d6d5682cb8656d3f12cb2e626b9e8959f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ef3cfc41c7be581ee0a9c40bd294985
SHA1 a1b86845d42103b23b0c1a2caf8500dcd99efe35
SHA256 dd046b0854b4ba3953d34f4a2cc0129ff02ce396a44cd1200ae3e3ec2347a4a9
SHA512 4d09c2065561391a6186b8caa3773ef482557f23b166d643485246b7bb6f8c2b212d30f1055483a74a44ceb7b2a40d24e922e3d52a1a4c261f40848a0049e7d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d258b999d3bb9db893376e2f30a1b2c6
SHA1 faa9f3cbbae63e64e6a87ce9c4bd2d6a27a752e9
SHA256 c38e7a8a1661064f9105732859ebe5d43951d87df79738c2206e1ac5ef6eb88a
SHA512 ed82205b8a18d0c6801c403fd3958f8faebf8fb16ce5279a079ede080c61474d131c26722919f15e81bd4aa819bc037536104470f1b9e242866ad5c672749168

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0bdbaad2cd3cfd96935460b0cd94a05
SHA1 be38243c9e14240837884b190378522c59cebf3f
SHA256 8e9cba6c2df09ed301120323fe8d045b738a1a208a33a037726fa688e09a3bdf
SHA512 12d95d22d6cd539edeedea91c810405c42c36b536233717638b7344ecadc08e288e3653d9cab043215bda419bc386a90cfac167f367a455f4edbf09fd9c014d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ff08e237d48f78129e071cb07dd9189
SHA1 45baeae3e36501623efe191fefe70e2a8a7a9efa
SHA256 5dddeea984cc12c029eb5e64f514fcfa01a852fbe9afb7a25b988e2046aeb45c
SHA512 95f9d78b2b83f4d3e96faa0bc3378278981bfafc43965ca973db5db3432d0b642b8f6d709e1157c068706614734d96a5a45a7214c2d2558040b8af0ed90ff555