Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
995s -
max time network
999s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/08/2024, 04:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://solaraexecutor.com/
Resource
win11-20240802-en
General
-
Target
https://solaraexecutor.com/
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 33 IoCs
pid Process 5344 TLauncher-2.899-Installer-1.3.1.exe 2768 irsetup.exe 1336 jre-8u51-windows-x64.exe 4604 installer.exe 3680 bspatch.exe 4688 unpack200.exe 2188 unpack200.exe 6084 unpack200.exe 4028 unpack200.exe 5352 unpack200.exe 5848 unpack200.exe 5412 unpack200.exe 3388 unpack200.exe 4620 javaw.exe 5384 javaws.exe 2188 javaw.exe 1980 jp2launcher.exe 2540 javaws.exe 2340 jp2launcher.exe 2188 javaw.exe 4104 javaw.exe 4856 TLauncher-2.899-Installer-1.3.1.exe 2736 irsetup.exe 4296 TLauncher-Beta-Installer-1.3.6.exe 4504 irsetup.exe 2232 TLauncher-Runner-0.1-Installer-0.3-noadmin.exe 876 irsetup.exe 2184 TLauncherRunnerx64.exe 4224 javaw.exe 5544 TLauncherRunnerx64.exe 3644 javaw.exe 6376 java.exe 6896 javaw.exe -
Loads dropped DLL 64 IoCs
pid Process 2768 irsetup.exe 2768 irsetup.exe 2768 irsetup.exe 4688 unpack200.exe 2188 unpack200.exe 6084 unpack200.exe 4028 unpack200.exe 5352 unpack200.exe 5848 unpack200.exe 5412 unpack200.exe 3388 unpack200.exe 4620 javaw.exe 4620 javaw.exe 4620 javaw.exe 4620 javaw.exe 4620 javaw.exe 4604 installer.exe 4604 installer.exe 5384 javaws.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 2540 javaws.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 4028 MsiExec.exe 1336 jre-8u51-windows-x64.exe 1336 jre-8u51-windows-x64.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 2188 javaw.exe 4104 javaw.exe 4104 javaw.exe 4104 javaw.exe 4104 javaw.exe 4104 javaw.exe 4104 javaw.exe 4104 javaw.exe -
resource yara_rule behavioral1/files/0x000100000002ac55-1283.dat upx behavioral1/memory/2768-1288-0x0000000000EA0000-0x0000000001289000-memory.dmp upx behavioral1/memory/2768-1901-0x0000000000EA0000-0x0000000001289000-memory.dmp upx behavioral1/memory/3680-2467-0x0000000000400000-0x0000000000417000-memory.dmp upx behavioral1/memory/3680-2471-0x0000000000400000-0x0000000000417000-memory.dmp upx behavioral1/memory/2736-3087-0x0000000000BD0000-0x0000000000FB9000-memory.dmp upx behavioral1/memory/2736-3678-0x0000000000BD0000-0x0000000000FB9000-memory.dmp upx behavioral1/files/0x000700000002ae94-3703.dat upx behavioral1/memory/4504-3708-0x00000000006E0000-0x0000000000AC9000-memory.dmp upx behavioral1/memory/4504-4303-0x00000000006E0000-0x0000000000AC9000-memory.dmp upx behavioral1/files/0x000300000002b402-4385.dat upx behavioral1/memory/876-4390-0x00000000008F0000-0x0000000000CD8000-memory.dmp upx behavioral1/memory/876-4538-0x00000000008F0000-0x0000000000CD8000-memory.dmp upx behavioral1/memory/876-4548-0x00000000008F0000-0x0000000000CD8000-memory.dmp upx behavioral1/memory/876-11829-0x00000000008F0000-0x0000000000CD8000-memory.dmp upx -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\t: SearchIndexer.exe File opened (read-only) \??\v: SearchIndexer.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\N: SearchIndexer.exe File opened (read-only) \??\P: SearchIndexer.exe File opened (read-only) \??\r: SearchIndexer.exe File opened (read-only) \??\s: SearchIndexer.exe File opened (read-only) \??\y: SearchIndexer.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\o: SearchIndexer.exe File opened (read-only) \??\Q: SearchIndexer.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\G: SearchIndexer.exe File opened (read-only) \??\j: SearchIndexer.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\E: SearchIndexer.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\g: SearchIndexer.exe File opened (read-only) \??\O: SearchIndexer.exe File opened (read-only) \??\X: SearchIndexer.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: SearchIndexer.exe File opened (read-only) \??\S: SearchIndexer.exe File opened (read-only) \??\Y: SearchIndexer.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\A: SearchIndexer.exe File opened (read-only) \??\L: SearchIndexer.exe File opened (read-only) \??\m: SearchIndexer.exe File opened (read-only) \??\W: SearchIndexer.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\n: SearchIndexer.exe File opened (read-only) \??\q: SearchIndexer.exe File opened (read-only) \??\T: SearchIndexer.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\M: SearchIndexer.exe File opened (read-only) \??\V: SearchIndexer.exe File opened (read-only) \??\w: SearchIndexer.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\H: SearchIndexer.exe File opened (read-only) \??\I: SearchIndexer.exe File opened (read-only) \??\k: SearchIndexer.exe File opened (read-only) \??\K: SearchIndexer.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\F: SearchIndexer.exe File opened (read-only) \??\i: SearchIndexer.exe File opened (read-only) \??\l: SearchIndexer.exe File opened (read-only) \??\p: SearchIndexer.exe File opened (read-only) \??\x: SearchIndexer.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\a: SearchIndexer.exe File opened (read-only) \??\D: SearchIndexer.exe File opened (read-only) \??\h: SearchIndexer.exe File opened (read-only) \??\J: SearchIndexer.exe File opened (read-only) \??\z: SearchIndexer.exe File opened (read-only) \??\u: SearchIndexer.exe File opened (read-only) \??\U: SearchIndexer.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Installs/modifies Browser Helper Object 2 TTPs 6 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" installer.exe -
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
flow ioc 218 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html -
Drops file in System32 directory 20 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_702fdf2336d2162d\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_8207ba80cf22e40a\hdaudbus.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF dxdiag.exe File created C:\Windows\system32\WindowsAccessBridge-64.dll installer.exe File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll installer.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_585900615f764770\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_585900615f764770\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_702fdf2336d2162d\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_8207ba80cf22e40a\hdaudbus.PNF dxdiag.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre1.8.0_51\bin\verify.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\prism_d3d.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\release installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\ktab.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jaccess.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunec.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\resource.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\rmiregistry.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\nashorn.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa javaw.exe File created C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jaas_nt.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\sunec.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\management\snmp.acl.template installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\awt.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\rmid.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ko.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_CN.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\JavaAccessBridge-64.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jfxmedia.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.bfc installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\security\javaws.policy installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\CIEXYZ.pf installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.access installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\jfxswt.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar unpack200.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_fr.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\logging.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\default.jfc installer.exe File created C:\Program Files\Java\jre1.8.0_51\README.txt installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jp2iexp.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\gstreamer-lite.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\klist.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\security\local_policy.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar unpack200.exe File created C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME-JAVAFX.txt installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunpkcs11.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\profile.jfc installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\security\cacerts installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\decora_sse.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar unpack200.exe File created C:\Program Files\Java\jre1.8.0_51\bin\j2pkcs11.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\resources.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties installer.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F86418051F0} msiexec.exe File created C:\Windows\Installer\e5af458.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2A78.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFF37B3E4575BDD867.TMP msiexec.exe File opened for modification C:\Windows\Installer\e5af454.msi msiexec.exe File created C:\Windows\SystemTemp\~DF158B2D95E14CDD93.TMP msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\SystemTemp\~DF84F54DBBFD95D537.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF7AB8DFC32299A8E8.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSIF687.tmp msiexec.exe File created C:\Windows\Installer\e5af454.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 11 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language irsetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TLauncher-Beta-Installer-1.3.6.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TLauncher-Runner-0.1-Installer-0.3-noadmin.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language irsetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bspatch.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TLauncher-2.899-Installer-1.3.1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TLauncher-2.899-Installer-1.3.1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language irsetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language irsetup.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 6376 java.exe -
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
pid Process 6376 java.exe -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dxdiag.exe -
Checks processor information in registry 2 TTPs 13 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz javaw.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msiexec.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision java.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ javaw.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msiexec.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 java.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 javaw.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision javaw.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f5c40bee3ef8da01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001ff2b30b3ff8da01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000feb2a90e3ff8da01 SearchProtocolHost.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000019f3cb0c3ff8da01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f384c80e3ff8da01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png SearchProtocolHost.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBC}\INPROCSERVER32 installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0161-ABCDEFFEDCBA} installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC} installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBC} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBA}\InprocServer32 installer.exe Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0112-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0187-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0135-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0077-ABCDEFFEDCBB} installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0150-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_129" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0127-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0308-ABCDEFFEDCBC}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0147-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_147" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0242-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0350-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_350" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0305-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_305" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBA} installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0138-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0240-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_162" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0181-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBB}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0265-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_265" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBB}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0105-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0139-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBA} installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\INPROCSERVER32 installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0323-ABCDEFFEDCBC}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0136-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_136" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\INPROCSERVER32 installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBB}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0167-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_167" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBA}\InprocServer32 installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0062-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0310-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject dxdiag.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0176-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_176" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0342-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0088-ABCDEFFEDCBC}\INPROCSERVER32 installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0217-ABCDEFFEDCBB} installer.exe -
NTFS ADS 8 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 315530.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 416205.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 174549.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 17491.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 32 IoCs
pid Process 2032 msedge.exe 2032 msedge.exe 1868 msedge.exe 1868 msedge.exe 1412 msedge.exe 1412 msedge.exe 4852 identity_helper.exe 4852 identity_helper.exe 716 msedge.exe 716 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 3684 msedge.exe 3684 msedge.exe 2812 msedge.exe 2812 msedge.exe 4696 msedge.exe 4696 msedge.exe 1980 jp2launcher.exe 1980 jp2launcher.exe 2340 jp2launcher.exe 2340 jp2launcher.exe 3904 msedge.exe 3904 msedge.exe 7124 dxdiag.exe 7124 dxdiag.exe 6896 javaw.exe 6896 javaw.exe 6896 javaw.exe 6896 javaw.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 5016 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5016 AUDIODG.EXE Token: SeShutdownPrivilege 1336 jre-8u51-windows-x64.exe Token: SeIncreaseQuotaPrivilege 1336 jre-8u51-windows-x64.exe Token: SeSecurityPrivilege 4284 msiexec.exe Token: SeCreateTokenPrivilege 1336 jre-8u51-windows-x64.exe Token: SeAssignPrimaryTokenPrivilege 1336 jre-8u51-windows-x64.exe Token: SeLockMemoryPrivilege 1336 jre-8u51-windows-x64.exe Token: SeIncreaseQuotaPrivilege 1336 jre-8u51-windows-x64.exe Token: SeMachineAccountPrivilege 1336 jre-8u51-windows-x64.exe Token: SeTcbPrivilege 1336 jre-8u51-windows-x64.exe Token: SeSecurityPrivilege 1336 jre-8u51-windows-x64.exe Token: SeTakeOwnershipPrivilege 1336 jre-8u51-windows-x64.exe Token: SeLoadDriverPrivilege 1336 jre-8u51-windows-x64.exe Token: SeSystemProfilePrivilege 1336 jre-8u51-windows-x64.exe Token: SeSystemtimePrivilege 1336 jre-8u51-windows-x64.exe Token: SeProfSingleProcessPrivilege 1336 jre-8u51-windows-x64.exe Token: SeIncBasePriorityPrivilege 1336 jre-8u51-windows-x64.exe Token: SeCreatePagefilePrivilege 1336 jre-8u51-windows-x64.exe Token: SeCreatePermanentPrivilege 1336 jre-8u51-windows-x64.exe Token: SeBackupPrivilege 1336 jre-8u51-windows-x64.exe Token: SeRestorePrivilege 1336 jre-8u51-windows-x64.exe Token: SeShutdownPrivilege 1336 jre-8u51-windows-x64.exe Token: SeDebugPrivilege 1336 jre-8u51-windows-x64.exe Token: SeAuditPrivilege 1336 jre-8u51-windows-x64.exe Token: SeSystemEnvironmentPrivilege 1336 jre-8u51-windows-x64.exe Token: SeChangeNotifyPrivilege 1336 jre-8u51-windows-x64.exe Token: SeRemoteShutdownPrivilege 1336 jre-8u51-windows-x64.exe Token: SeUndockPrivilege 1336 jre-8u51-windows-x64.exe Token: SeSyncAgentPrivilege 1336 jre-8u51-windows-x64.exe Token: SeEnableDelegationPrivilege 1336 jre-8u51-windows-x64.exe Token: SeManageVolumePrivilege 1336 jre-8u51-windows-x64.exe Token: SeImpersonatePrivilege 1336 jre-8u51-windows-x64.exe Token: SeCreateGlobalPrivilege 1336 jre-8u51-windows-x64.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe Token: SeRestorePrivilege 4284 msiexec.exe Token: SeTakeOwnershipPrivilege 4284 msiexec.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe -
Suspicious use of SendNotifyMessage 17 IoCs
pid Process 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe 1868 msedge.exe -
Suspicious use of SetWindowsHookEx 62 IoCs
pid Process 5344 TLauncher-2.899-Installer-1.3.1.exe 2768 irsetup.exe 2768 irsetup.exe 2768 irsetup.exe 2768 irsetup.exe 2768 irsetup.exe 1336 jre-8u51-windows-x64.exe 1980 jp2launcher.exe 2340 jp2launcher.exe 4856 TLauncher-2.899-Installer-1.3.1.exe 2736 irsetup.exe 2736 irsetup.exe 2736 irsetup.exe 2736 irsetup.exe 2736 irsetup.exe 4296 TLauncher-Beta-Installer-1.3.6.exe 4504 irsetup.exe 4504 irsetup.exe 4504 irsetup.exe 4504 irsetup.exe 4504 irsetup.exe 876 irsetup.exe 876 irsetup.exe 876 irsetup.exe 876 irsetup.exe 876 irsetup.exe 876 irsetup.exe 4224 javaw.exe 4224 javaw.exe 4224 javaw.exe 4224 javaw.exe 3644 javaw.exe 3644 javaw.exe 6376 java.exe 6376 java.exe 7124 dxdiag.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 5068 OpenWith.exe 6896 javaw.exe 6376 java.exe 6376 java.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1868 wrote to memory of 2396 1868 msedge.exe 81 PID 1868 wrote to memory of 2396 1868 msedge.exe 81 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 1040 1868 msedge.exe 82 PID 1868 wrote to memory of 2032 1868 msedge.exe 83 PID 1868 wrote to memory of 2032 1868 msedge.exe 83 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84 PID 1868 wrote to memory of 3232 1868 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://solaraexecutor.com/1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1868 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd82⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:22⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5252 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:12⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:12⤵PID:576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:12⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7192 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:12⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:5956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:12⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:12⤵PID:5512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:12⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:12⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:12⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:12⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:12⤵PID:5944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7292 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7708 /prefetch:82⤵PID:4224
-
-
C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5344 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2768
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:12⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10184 /prefetch:12⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10916 /prefetch:12⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:12⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10956 /prefetch:82⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10340 /prefetch:82⤵PID:5820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7988 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10180 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4696
-
-
C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1336 -
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2188
-
-
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 303⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4104
-
-
-
C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4856 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2736
-
-
-
C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe"C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4296 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe" "__IRCT:3" "__IRTSS:24078219" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4504
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8144 /prefetch:82⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10288 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3904
-
-
C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe"C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2232 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe" __IRAOFF:1908938 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe" "__IRCT:3" "__IRTSS:3754180" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:876
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10988 /prefetch:12⤵PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:12⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:12⤵PID:6084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵PID:6984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:12⤵PID:6632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3192
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C41⤵
- Suspicious use of AdjustPrivilegeToken
PID:5016
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4284 -
C:\Program Files\Java\jre1.8.0_51\installer.exe"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=02⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:4604 -
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe"bspatch.exe" baseimagefam8 newimage diff3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3680
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4688
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2188
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6084
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4028
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5352
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5848
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:5412
-
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:3388
-
-
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:4620
-
-
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5384 -
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2188
-
-
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1980
-
-
-
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2540 -
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2340
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8120A54F27A4F6C1271A115DD261E5BD2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4028 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"3⤵
- System Location Discovery: System Language Discovery
PID:5952
-
-
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\c917729dd4a74a4e8aa33196bdcc20eb /t 3016 /p 27681⤵PID:4504
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\05f5c3e014c5457fb981e661309cd124 /t 4048 /p 27361⤵PID:5356
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\0bb56f13d98a4195939b7185391818fe /t 3728 /p 45041⤵PID:5504
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Enumerates connected drives
- Modifies data under HKEY_USERS
PID:2920 -
C:\Windows\System32\SearchProtocolHost.exe"C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:4640
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 828 2836 2832 816 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}2⤵
- Modifies data under HKEY_USERS
PID:6124
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 828 1748 1764 816 {85EE815A-7738-4808-A14A-3AD87E32A3BF}2⤵
- Modifies data under HKEY_USERS
PID:3144
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1804
-
C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe"C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe"1⤵
- Executes dropped EXE
PID:2184 -
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe".\jvms\jre1.8.0_281\bin\javaw.exe" -jar TLauncherRunnerx64.jar2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4224
-
-
C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe"C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe"1⤵
- Executes dropped EXE
PID:5544 -
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe".\jvms\jre1.8.0_281\bin\javaw.exe" -jar TLauncherRunnerx64.jar2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3644 -
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exeC:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2721.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.9289.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.92893⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
- System Time Discovery
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:6376 -
C:\Windows\SYSTEM32\cmd.execmd.exe /C chcp 437 & wmic CPU get NAME4⤵PID:6352
-
C:\Windows\system32\chcp.comchcp 4375⤵PID:6780
-
-
C:\Windows\System32\Wbem\WMIC.exewmic CPU get NAME5⤵PID:6828
-
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C chcp 437 & set processor4⤵PID:7072
-
C:\Windows\system32\chcp.comchcp 4375⤵PID:6972
-
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt4⤵PID:6996
-
C:\Windows\system32\chcp.comchcp 4375⤵PID:7100
-
-
C:\Windows\system32\dxdiag.exedxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt5⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:7124
-
-
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C chcp 437 & wmic qfe get HotFixID4⤵PID:6668
-
C:\Windows\system32\chcp.comchcp 4375⤵PID:6084
-
-
C:\Windows\System32\Wbem\WMIC.exewmic qfe get HotFixID5⤵PID:1716
-
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exeC:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe "-Dos.name=Windows 10" -Dos.version=10.0 -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xss1M -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Dminecraft.launcher.brand=minecraft-launcher -Dminecraft.launcher.version=2.3.173 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\authlib\6.0.54.2\authlib-6.0.54.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\patchy\2.2.101\patchy-2.2.101.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1.jar -Xmx3000M -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dfml.ignoreInvalidMinecraftCertificates=true -Dfml.ignorePatchDiscrepancies=true -Djava.net.preferIPv4Stack=true -Dminecraft.applet.TargetDirectory=C:\Users\Admin\AppData\Roaming\.minecraft -DlibraryDirectory=C:\Users\Admin\AppData\Roaming\.minecraft\libraries -Dlog4j.configurationFile=C:\Users\Admin\AppData\Roaming\.minecraft\assets\log_configs\client-1.12.xml net.minecraft.client.main.Main --username Admin --version 1.21.1 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 17 --uuid 6f3f21e267834847a3c67b93d9bdc4e3 --accessToken null --clientId null --xuid null --userType mojang --versionType release --width 925 --height 5304⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6896
-
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt1⤵PID:5232
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\d0c2aa329eb54a8581c49d49cda9b584 /t 572 /p 8761⤵PID:4584
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6924
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.tlauncher\starter\NOT_RUN_TLAUNCHER.txt1⤵PID:4752
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.tlauncher\starter\НЕ_ЗАПУСТИЛСЯ_TLAUNCHER.txt1⤵PID:5448
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5068
Network
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Query Registry
5System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
789KB
MD56cd521569b9db18e718a5222c1f915a3
SHA14ac6813bb050bca46c7a561a938f813006f06b04
SHA256642ed5c9e88587712aeb4ff7994da48b10369d9570afc57b7a52831f03f24970
SHA512d4a7fa6caf8ec29f4fe69aacc71b67281230e9d224f1f6f7e84b583eedf1ab5def29fafce412600778d718b846203e61460e7cefd4d4c242dff5b59eab9a52d1
-
Filesize
314KB
MD55ed6faed0b5fe8a02bb78c93c422f948
SHA1823ed6c635bd7851ccef43cbe23518267327ae9a
SHA25660f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA5125a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92
-
Filesize
153B
MD51e9d8f133a442da6b0c74d49bc84a341
SHA1259edc45b4569427e8319895a444f4295d54348f
SHA2561a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA51263d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37
-
Filesize
1KB
MD50bbc0ed9b14141263de7073ac7e06455
SHA19233e56965f943f49949e517f85bdaa11186515d
SHA25644196693f52c160cfa791afc2a98b187c36347ca4ac9c30253cb6653eee85c9c
SHA512550d5a352d6ece3fb8467d23428e3770b435c4bbe839696421b64e80fa422783366bbfe6aecf5ce5f875d8d71fb6554741dba38f4f928ae23ddcb0c3a465db02
-
Filesize
1KB
MD5b53d7f7a40740885141ba4a5ae97cb2c
SHA1670306398ff69eeee43566517eff6ad857db0f20
SHA2565c117900f53e2300b6fc12440a5d264e0715dd39808b00212e0aa93bd9d05aeb
SHA5122f974e18e29d2876665c0951ee1c7f6e72d784242e3bd83758bb33101a9ef293265b5ab4e5b3f0f96f02e3265e085d7f3d2eb0c46d9172a8c4e85a2cee23c3d6
-
Filesize
152B
MD5d30a5618854b9da7bcfc03aeb0a594c4
SHA17f37105d7e5b1ecb270726915956c2271116eab7
SHA2563494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8
SHA512efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77
-
Filesize
152B
MD503a56f81ee69dd9727832df26709a1c9
SHA1ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b
SHA25665d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53
SHA512e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781
-
Filesize
47KB
MD50d2283b0df70bc0217118f5c6d1fd836
SHA10aaa2e0daa0f0671fbf7817e222fcd777be523d0
SHA256fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb
SHA51216071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD5ed124bdf39bbd5902bd2529a0a4114ea
SHA1b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA25648232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532
-
Filesize
41KB
MD560f8cd04587a51e31b51d1570d6f889a
SHA188574c41d0ab81721b275252464da5c7927a4835
SHA25627cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb
SHA51284c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.2MB
MD5038c1f469deb6932520d09a340856ebc
SHA18b361a8c0489b69e9ef4e132e36f20c161c5ec1e
SHA2565fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451
SHA512fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8
-
Filesize
43KB
MD5209af4da7e0c3b2a6471a968ba1fc992
SHA12240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA51209201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35
-
Filesize
73KB
MD5cf604c923aae437f0acb62820b25d0fd
SHA184db753fe8494a397246ccd18b3bb47a6830bc98
SHA256e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4
SHA512754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8
-
Filesize
25KB
MD5bc2a0b079634e3f46f0a4c571885acd8
SHA13a711b7135582edb09cffc9ca9e7541399e3cd58
SHA2564c6256e6b242b944801944e28268bc463ca9023aeae59e5c5c83037f693d64fd
SHA512357a3c860e81ba963d2bcdb402fb19ebc3aed45f14e68b7079b65ffe7941aa5114315cb58cb3a0d4467f524287eb3dfd00b369c89c8e152833c428d8840ca377
-
Filesize
212KB
MD52257803a7e34c3abd90ec6d41fd76a5a
SHA1f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
20KB
MD598f7ded41df9df121c853574b3e7f15e
SHA1c33dc8e6b84300e1dd99600e453b1c1103719410
SHA25652dad93b12d78578fb838e07303cb9f137cc1f46a9fbdc8bf4bbf1ace762555d
SHA512de43441f031169efa3dd8ba99d9735d72f07272c159a505634a53a5cc34cedf7530cbea6aeb720e69c91c903baca27c271fa8288c97c9c4541aac74821118d50
-
Filesize
63KB
MD5e93848e7f29b9126e8c2ed6b0bc630a7
SHA110c9807e351a13104c0ee913fe7002f6324199d6
SHA2564e857dc011248d1ccd8fcf8972714cccc44d7045e0b9dcc18e663b2d754e4bc6
SHA51254c9b845fef1dacf236f88e7a7de0d1b36a4a4bd20eb926d81ccb6a3f8e7ff78c04ea24fe757c677a2007249713dde30dbb18edefad38d0ad6888d61aa14fca7
-
Filesize
18KB
MD58eff0b8045fd1959e117f85654ae7770
SHA1227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA25689978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA5122e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
148KB
MD5a85641dbbc2e737f08a83875d8e7706e
SHA16e4acbef413babea2733c3c689ccfd7788e2091e
SHA256c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db
SHA5129b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2
-
Filesize
20KB
MD5d6c2839990a382e7d8ecc7a6eba5c743
SHA163c3b8976aefee0378796e7a7c41de783ab4f06d
SHA2568e287c97289fbc126d17879c303e2fa7c1bbd37854afa5ee003b63ccfc3ca481
SHA5123297ca91769e30b073a3362cf181814120e5b518e936e32799919c9bd501e99bf01d4c0699e8bef2c42af967420d61f61fdee47e1f4cd5a09764b2be20a56010
-
Filesize
136KB
MD5592a193443e50c2fee58aa2fdc26a324
SHA14cd3a50beb62547bc7f1de816ae480a071bb8db5
SHA256e1f6bcee8bda99ee1e162e9ac53af2bd1510e14bee56a8c01391fc64c756ec41
SHA51212d7a6f40d948d9289115f9cac584febf4a6c4a222c255e68704dd2ec50023091211ac9ac86623d16bf9de06dfcc391fcc6c1df41dd89332431d69fbca86673e
-
Filesize
27KB
MD58c0fc2a8cbdf5aa41247d7eea196ec4c
SHA150d3a6444aaa4d1be4ce53f9751e67f7fbf601b7
SHA25691bd5771843bec133c4f6a8b7b0b31951e7b666306c5ed1984e4c3ccbb0c88c8
SHA5125c7d5c0c629db6129874945506904a3a4f8af94a2b316b8e054cce6f62a0c37ef7a1643b069c57e294df191a5140772bccf9904f55aeb71f4fdb30f0803e7836
-
Filesize
26KB
MD597a3bed6457d042c94c28ed74ec2d887
SHA102ce7a6171fb1261fde13a8c7cbb58992e9d5299
SHA256ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67
SHA5126c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a
-
Filesize
232B
MD571c76385d7bfd5cec052b85f82a25e2e
SHA1263b030803e65516c7f757777580d0022eac7a45
SHA256948e24f7ccd57c82a601fb2981faa1ced0ea1733e33cc0e070fef928c336e362
SHA5129bad24bb8ac4ef03b901eec8e75450787c6d4d55977faffe8bc9a39d358358cbdc6064bacc7248b7ff267a6a310a09bfce01683a29e3b543ffc48be1eb5b0e72
-
Filesize
19KB
MD517793a3ad69533083ca894753bff4bd5
SHA10816406a978284f072cef138f840fe90dfc0216d
SHA2565a0584a429ddcca8d86f81a5c54e7c775aa80064e15eaeb1e7986ac0d5421f28
SHA5128114b7d41a6eec1770dbb5eb464619e7786310eb7456eb65ac90f4bae9c08d5e1db327a9588085e6cc9645f2cdec018ea9a49776c56bd09bb7709aefecbb8b9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5b2e6c91abe2de04d547ec2234dcb5230
SHA15d0398fc6fa97f8ec2c36564d80dbdcef5244ac0
SHA2566a48d8e3b1d0c388addb615cb7da2a87f2fd1d8f8614cb80771168fe3275157e
SHA5125fbf7bc34003e4ea9253f192b7f409f8ee8431ee9021a9a8697f9a130b2407f61582fec9123d2f5b8ef06861dbaadcbe93e40387d6d0a538781a278f9de4ac7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD51a906212ec91f81aaac3630b96087a87
SHA1826f9c77b22e7257d455632532a170b16e07c85b
SHA256d77ffc4bfeb2753cbff3b961826557684d8366d7c9baae8eb9a30d04aed7da2c
SHA5128bcc925c20d29c054e19c300758bebe577b9e8a3833eb1f8514a54789bd7f414076806a110e1f1ac1cb6cdd95c0fbb852a0aa0502574403f25895aafcbe1daee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5a4689921d63d2b76425fc537af40352e
SHA12e8c327824eacba20c1bff11433ad5ef5a91af14
SHA256870d316b65f295fb15732d420ecba2cc9fd7c19ddd8b222c673ed3de6f7e4d73
SHA51263a93306b15a66a06040d1ddcffd41ce40f4d15365520803e03348a6d4d2f8c6f6fedf2dfb828162adf1345019354b12685c573542073b6c7bb6a70152e145fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD53fe8cd8de5b6d67671e607b4985dd558
SHA17c7d5b9c7617260d83b516334ffe9a29c90cf81a
SHA256cb2cd383a549c749a9e35d0dc0945d42d81de76621f17074137e6e8be808095b
SHA5120849b1eba74fd9a87f1ff07e74fd98470ac5bb049100685604636c2b73cf0cf1dea120a4229840ef0ea4a2f3aa65c4c7ffb4ed15cff66b6fc42c558f54132a7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5766b8aebe1b096b2217c252484f0868d
SHA122caad422cc8fb5cf5ef85d7d1bb2ec70f43ad1d
SHA2568d35544babb702868aef20e458eab11c78835e93bd7a8363f279bc068dc91634
SHA512ad49b1eac7a155c56be28e40ad032c8f8bd013994d39dd37f2276c6cb19c6cad89ea1e56dcc9f54e2c1436ddbee939611d228cbd6aaecf200066993aebad9aef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize96B
MD5833b6e2430a65851bd2891b88e8e4677
SHA1852308c455e1bbb4f30b8f27f04afecdaff04a09
SHA256a9ff176616325107480a6015ebbbe9673c21f08313235fe1658c137e66128e00
SHA5123dafdcc48f1dfd503928eb48d089cadd39b03f2346769c34534de90be4d0de2a1abf8cb5ad0f454016e8197b513fff7ff940bf25c95004be44f30e2608a6c6aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old
Filesize5KB
MD5117bf27972aa4d053412113e1c0619f8
SHA1f1e4ceabed9aff024fd07a3d5e652250ae1d66a8
SHA25617cc392eb87be0889d7740cfae95dbe83ecd63508329eb69a4558f29bb1b64ca
SHA51229177611fb7b697d0e527a46be190aeb7ddd2a1ee0fa5316b5c5f3d9c5889d84cbd34149087e8963836fa449fb5b66292cffc0055a62427460f7c156bb614ee0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old~RFe5acff4.TMP
Filesize611B
MD5ff9214cbcc835bd06375a859b683c24b
SHA19848233f4c1e136b3e8ce137eb56741958a4b793
SHA2567f9809d98ef149e212ee14b088461dba81f9f1e89e19fe216480317e43413f7b
SHA5126091d34450897780c21a3fef7853d611e27203cebcea41af845fd4e4fb9c6a4cf507f0af4ecbd099c698f2d2fb63e6d5a219a5f0ef58251fca05dc88293d1b93
-
Filesize
15KB
MD51b753b5832e2d87d8e48f7aa3a7a42de
SHA1405779051b96fb00e3248665909b92d03d7411f2
SHA256cba2dce9aa2e53dff0364406eef195042752f7bf66e068ed7c180a648cb703c8
SHA5120b8ca69bd31deeefeb84ac624ee864d1ca32d24f7be2a2f33f97a518034d010ac6de7da7c3b4fe2ab6fa0940fc2acad16f00f0e99f414cda952aba5e0dd21c97
-
Filesize
17KB
MD5326d89ae32369d9464208fc09fd3f531
SHA139160df66facd66322db49b00e343ac45f9d466b
SHA256210c6d2d44447a1e363a110f73f6bb1d7848673dc5fb8250620d8dbb52308830
SHA5120643a351efe495f6445f2ce9bde7103523bf33ffa1814fd9e961dd6ea0f0bffc491455b3be5a834590879d4fd1a53fde036352ebc71a164d648830d05c8838b0
-
Filesize
3KB
MD5ccb819e65a343d928781f33f403d8c90
SHA1d0a88c769cde3065f539665dee0db76b77b74e3f
SHA256db23e71fea19e640f89d51a2268439390b4dbbf6d08542f92d7794d6ff854bb1
SHA512ebfe892abbcddaa04c58b30444afa6b82caa5b4c6b699f0fa21fec3dc4fe0809b8018e8f0b3410ebbbe1e7183bbc8cc51d1712fb81fd711c9db51b1c4dc45fef
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
5KB
MD5943a2597b10011628be48cda4b8fe5bd
SHA1392361a73f6bf412d32e443863c9ac333528f349
SHA2568db5e7c768de67dfa14e4e97832a160ca579d268a96f9d19ae5af80829e559fb
SHA5122b2ca564ef02d7250674e4d07866ecd6fe1dfa56a1405be3979bbb622c327b29972a18bc2267278297be9608d8ff5b29d89af04767fa0c8539f69f67399e3911
-
Filesize
19KB
MD5fb868fdf60f2ed206d8bba269dded29e
SHA1e69854877485f54afb643aa1c801bbe90ee705f7
SHA256bbf6248cfd71dc87c061ba2edf39bef3a07cfb85bc6fd866a5e3455498fa2ca8
SHA5125483e9a5262cfe1993b8fae76af888fde358ba56f5ad513f64627c481aeea9182e3124cd6338c13e2efb452fa6e59dd6d00515458d2001400504f62ebfa31a1e
-
Filesize
7KB
MD521c268b62e948d83aea15ed104428ae2
SHA16f592918588b663cfb7bfe3de5a5b4bf688678e0
SHA25662743d15774acac0a8b5953775dde03c3d9f2cccd44f69caa5065b85f2bda0e6
SHA512fd7211cf6551aa839f746d574a18a0e820a78d3bda68613e1f23ec67e432f84381ecae483875dfe8006e80b7ded8d7bf957e3553d7fdc2d2633ca08fa9d54d9a
-
Filesize
14KB
MD54b37e666dcdcb41ed6c3a9683b36f76b
SHA15baa84b5fd2a4ac25da9616cbce695a7e1f2b24d
SHA2561e88b056e081b09c4c7d2e44b005e9baa64bf00c13e7f251bd8995548709887b
SHA5121d9e74b4116f1f30cdab897c74a731188155fabe546cda1ad4479a4f53533cd8ded3b05cf1a002111f3441ea100b5e0ca27eef12281451208a6acc8a5bf7fcf0
-
Filesize
8KB
MD5a03fcf64c64505e8f05812259d878a53
SHA18715894cb119bc55a6b2d0fda79509451a9ca68e
SHA256ebe27838f37a3e0263af4c8d070aef1f91605a333d5ea3689f57e90edbb8c961
SHA512877778828ff3dcd4519d934cc009ecaaba443cb1c8f8dbb737a3e80b98a575c4fdadf80f0bff141067c41b3d29251edbd571aa5fc6ea32d29631f13a88db57f2
-
Filesize
17KB
MD520dda48c8d16c315704e568218923550
SHA1e6ce2a264560dc3073f846421db52e1dfdfe45cf
SHA2560f70e29bd994180227491099ca5cc8d7150ecdf49270e9a8a6c19a404c63956a
SHA512fd2baf88a342c611d63f62a7a7049b8208691ac64820f69613aedf7ba1307519621e67048cf8fa87dbbefb8f1fa2fb86d5daf74c68d41828856563a96db3e31f
-
Filesize
17KB
MD51dedb7f808a4584295fb3d5d328608de
SHA13678f34710750cc0a215649efd31d252b533ac8c
SHA25600ae3d3d98988bff619fed0fc6b5a51286049ad44b0f6a58db56c7a9756d3f30
SHA512752b6b6a5b7cc78d2400e6c771db9dfcca9a8af06c3c6f53a2666116f0975fe2a6f043f1872bba9b9ac90638f6847af949fa5b024e1b6bb1c37154ae02a1664b
-
Filesize
6KB
MD5835838f5ea51a70a3edb6bdcba690e20
SHA1d55f150e74778a897e2181d4ed1e933391592934
SHA256fe112cd36cc8c72c9b5b5d04595bd305a5292ed669804b16a343fd138a9bb668
SHA51201f83655dc80e44198171d31c4927aec217a8e409e430e9c5f3213650544d25884fe8868e7b395156ba2087e0adaa7d0cbd309c831d5cad96b85bf8f2dec5419
-
Filesize
19KB
MD54096061cfe19df4646b60b0abfec558e
SHA1c2a5653fa8452a876ffd85c48c89598a2730c873
SHA2560df85a4076b70bb87a3936431bf8e2a031814b0b80e9bce4152a0c901011b575
SHA512ffe95353fc3894e8e5cab7b1ff1260a3e72d32a50377938b3e8a3a480669881875780bd8b5040a79dfda07ea4532230ea3eef86fcd1962e56da3584e2a1716f0
-
Filesize
17KB
MD5b4f87199cacad871ad2b5faba2428d45
SHA10f41ff856e90209fa9c455263ffc9255389367ed
SHA2568f41e36540694210c6706a0ac49626799d801a434408f17038846f9ffbdc5925
SHA51250c4fd0a7c5aa439c8ced57828cee01ede32369f0b1b03a704daeb29e2db906b9de4f75c73dc003a26caa562b5e63ad61c4c702b49a676dc31632dc1d9d168f3
-
Filesize
17KB
MD59688ee3a8db5aeb591644e3860bedf9b
SHA184e1590f7e4ab90d2627053b99b575447bac370f
SHA2565ed7307554d0a77a1a31a751a5b9a996dd36e64834bda716c10b72ef520f1ea6
SHA512c2269092ca285b47d830e878ae7a249b81f1c3a11c309af5beafd9b6dc7a05dae0815b183d1d7ed8f848e20957a670feb63e6cdf5b77a523c6e4292d6fd9f758
-
Filesize
18KB
MD5331c5b2931fe489adcdbfc920ec4d3c7
SHA16cc2f6ee56b0d3ed691de61048be171f01ef57ec
SHA2564e62311476fc96b9e1e54eed7d4ef6d592b73e47dbb7f0291dcb2d1d346d462e
SHA512a5e2ef9c3c3f327cc22fd0944119e727f92e055ae382d3dea46846b4dd5f514ef4d2c20484b936b85f065ac284f76e65d77c5e5f56d47c91d1bc26d7974aa913
-
Filesize
17KB
MD5f07ec1156e2f9a2453444a91924f592c
SHA11f7b07c59222a7567617c1778fe050c23ab3357d
SHA2562871664926ac50dd6ec20eb89cc8ef6938b20ca2bfcf3f228beb15cf3564d2a3
SHA512c2d189f9f5c59f722eddab24a1c71b3c32177a033a3e02254d9f9177c482f901182cf7bce16a214e8694bbff56c51992554aa57b57145fb15c94a92c4dd741e9
-
Filesize
17KB
MD5e2b834fd3d419bb7c4c7951b106312ef
SHA1db1a03a7f98fc26818fbc97bac400451734eaf44
SHA256db0cb2a7a7c43f2a689a299838d5a01666dd8ced1bf616eaadad239a653831ad
SHA5128d8505c580cb160d3da526481e164a3c9d0104307e3c28c0fec81a6ede2ce7b5b0ad3f7f43dd48efa0e22ef9c98a4d95a60c04c24e833faa3c1db6a45fcd2252
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD56312ddc08dbd438906525f6444df9d46
SHA1d7e7330ec7ffbd2d84bd39c74bcaa464027f4722
SHA2569fb3a4b63c186fc0e7c00142e1e88247e7463df8c585303cd3132166f09d1943
SHA5129f2dbad4c5b5895a88dfb1079d76b659a98d07ef520da75300a2737f2a32360508a1fca0c2cc6ef83636b0d9cdc46052b034de22ecf932e2c63e71e8acf987c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59d8c2.TMP
Filesize48B
MD5b823d89c8dc54eb170773ca036266e26
SHA18e5cc7c031d194081a1f7ae66c0895128132beb2
SHA2561f8058cec7421e65519624210c9f4a5db564a6702f1552f0a29d2c8d60a31865
SHA512c5683422f1045bdd28b9bb9d6161371fb3ef8a4a247d73acaa90d48147caf705c7f44f7497ff7e1dd175a814dc4e438b1f772ee9ff5b33878659a8bfc7e50178
-
Filesize
1KB
MD5e2460cdc50c06ce7139fbca80ac81efa
SHA1ec850cb41d2962a4e8664b0ab35b5d2abf12e402
SHA25611842ba76922fd8a7597c0e8b382ea7ce1d27b76fe9b9cdc8bfc15a54034cf3c
SHA5126ada1f52a649f61ba4440c4f74fac81bd9d6306d43e8f823cf01827aa0ea24282e9f87294bb9dd3509afb617c257c19e5ac4d0ae30cbe226b0999f4887f64ea0
-
Filesize
5KB
MD54bb9c1b0f35bd19331cb5a2137e5cb85
SHA1faae5ba7bea8f1e0e0389242f1afec54abcf3c52
SHA256a44af9d3eae41c7e66c3fa14bc857c64fce6d46028f8e0bf9f95d4aa9164b48d
SHA5125950c1e0ff577bd671adde64c60d701f63c69c5d4ea04589596ff01877ab0e308b01645e7cf61ea264822949a90c4f41fbd0842d4bcc7866b769fd93e87c0c0e
-
Filesize
6KB
MD5f41aaa0fcef631fa11141819004382a5
SHA184900ef55caf3a17053528b8b96f15b78eb5ce22
SHA256796e56188dfbecf5ba364c3992c8bae43fa10ace1e9b19b7751728a046e0b8cc
SHA51244e9459c77f13db5d89484de0a83c7370d6bcb0b675a9b0de249990d5599ba08f79dc20b152aa672d117e2e90bdabdf4130ca91163f9d1cc99f1aa0b8b057fbc
-
Filesize
7KB
MD5ff56eb3a7b982182787f9d37c8f53dd6
SHA17c251118a33ed1370d746a58978a7e926e2ff2d7
SHA2569a4b7e2051f7c8236a438252140019943562568f1057d2cdfbd4fcb0f24cf6ef
SHA51206230454e14d27918af1a43fdad3b73b7ade046c5fff18d6f8113d4be01438d19a83b7b1a477cd81a3294e44f3513d8c87559ebb5015fce352d58ffe7a50ecd7
-
Filesize
6KB
MD5c419ff13328ce32ad891d4fc664ad10a
SHA14ab740a34e953dd1d54f0272749c1e9a00f61fdc
SHA256b9e0f3603a2b17230fa2c4a2575f1fd160e95e6a8900cc7d4998ac4a9d0b33bb
SHA5121d45c0d70f50636b792f123c82d55c2c731909f3436113c42b0f060c5e8e07a9409315fc57af5e710e6d236a80476f7a6f74ff28f3b6d04d867b4e17fb199b00
-
Filesize
6KB
MD5168d4117f75c82f97e75ad7846dd02ad
SHA1a7436cf6f2da3f1cd764a674c5b5fae665064d7e
SHA25604dc15aa31474cde99de6fa77b80d80dbfb476d59750e178fad9954b3e2954ff
SHA512a2be0b2d71cb2a3e111dece15aa80abf943064404887ee4bfa1eb36e444d45260d378f59eddd3928eceffbd7f45bb6adace4d7ee93227448e6e875df25da64b4
-
Filesize
5KB
MD5a02b9adb7145f4eac17acd7d016166c0
SHA1e4fbf5b36181b51afc9cc83789769c8a15e68828
SHA256af476cad489052d9ad162bd36555bc04f42f0606d2eb3d11bc6f07fac5abd5a3
SHA512ca54fb5db9daa2658febad4400de6cd240627e6dd8121e410d5140f8f02716f5635601378de864e3192538d26d3dd12e9d1a9d5454ed22d8c3159e9111077052
-
Filesize
5KB
MD5397b97e39755f01061537c69bb467381
SHA1b06e6cd41b97d7cec4f82a3f91305c9eacaf9b1c
SHA2560f09ca576d0decbe907ddce09df90c03f3d2ec8be742d3aac616d834447d33ad
SHA512541503d742151a1817a3448ee5f47b09fa04957f26946d057b921c1173db1a5c634205764f8a0bab8d8a04ccf5981aeffa0d194b339bb672e18d0edc3bf6bbc9
-
Filesize
6KB
MD5057f2fe744d970263e5713ebff750dd4
SHA1f47c0f8f9f0844f1220846d29adb906b99a46a9a
SHA2566844dfaf46cdfa6dbaec53b20fc18a43d46027fcc3a171336a47f92a6cc29e85
SHA5125df227febcd440a92f0acce46983cfaf9c68f5d73144185a2b11c2d8187aff0c4520b9180d934814ebebf2fafc3eb7687617adb254be9b72853a700a39918db0
-
Filesize
6KB
MD58751b6439438c32e84ca8cf44cc422c6
SHA1f92e528515eb8d78e03e77db51bf8390064fccfe
SHA25675addf070e05723f29ee06516b8eabb691092a4812afe6c1c80ee51199a96df4
SHA512af8df8e642cfbb51b57c92a50c779ac7b0ae4374a3826794872c5873f2e4131aeab484917ec70a6646d56f238b08871077a0e3b98041359495b7237ac09bada5
-
Filesize
6KB
MD51401d1c206bb0ba8e6ca7257afa11fcb
SHA151a4cc54b61c8ca44d0114258b3154d14532f452
SHA256ffbcd549abee0194994cfb0a61c8d358f973414d3951ff779c0eed4073f3c063
SHA5128b0461458a6bab7bdb5b0f739efd14ca7e5cd8586522204a9a846a6f572ea02ea29b174a04fa377f152277b72df921c8d0c0945354a82c464dbb32fc137b05b1
-
Filesize
706B
MD5a5be68aeb8f592a7b2a74fab5c5ad295
SHA1682ca9048d5f5b49b0d14a422e7c95e42520dd70
SHA25678251c792300cd19bcb1c00b2431131656c3207880e3276714b2d990f96fdfeb
SHA512ec9c597eb3a3a023b7514c411958798d71ba7d4e5d43af8134999f6df54f1daa84feeb8f4508bd5657a02ed652eff335f9e62486d04a6adba9b6ccc7403d19b7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f703380d-40b6-4694-9705-a5d29a87e85f.tmp
Filesize15KB
MD5a5ae75bc08d13375aeb5edbeb128503d
SHA1e1f387024fffd92b9e2f6afd7c9127be8ebf9b75
SHA256ba6447e6592d7ded38a4520250a7e092bc1fa8e92f226bf647c83fb16fbd562a
SHA5125354f4879f0db2d72db9d708249a52d7bcd4ee3aaaebf070c62634a2b93086a89bb2056faad941fbb985fbf705673857387c82e9739bdffe23dc06799a9bd073
-
Filesize
11KB
MD514514a5aac46bbdd1334f8424e68be39
SHA10dd8da6da4a77c09df615ad782b0297dcbda6f3d
SHA256f47919f143b0f2ad8ea7fb3c442d77283ee666d934512a6b509e225ea3dc506b
SHA51289123699df383b309e34aea34d603eeef2d5a955c4da7a607535de2bf17742495934ebe6518e300df4260d9a1f406482649aa1752e184e3e0bd29252d91ea441
-
Filesize
11KB
MD501a14775e568a3602919b660f05163d9
SHA180d549130cbdb217d37e76b32a6e630c3a76e2d4
SHA256239997773582e7671784c2812c6b9e984c889d8b59eb26b625a24d7c5d8143e1
SHA51251a717353847878324c14f93153a25c00c830072db2cd1dc4bd164cdc0f4cf87a1e13db2ce4921bf3b85dfb471956dc6ebd45ac7ef4cc80272eb7996d3a9b8e2
-
Filesize
11KB
MD596712cf66794cff686e1a2d3669a189c
SHA194edbf1a64ee923b9968afe57140d5e215033f1b
SHA256b15764b4c675f157a1cf69babfacc2ff4df10ad467c48a55c3d59601295d8ac1
SHA512a247d14d9e02f2fa63f19d718ea8bb547f6c62124ce97d6efb7f4393732480d4ec215cdf61d3b918d35784a6dba38b44581f6235c21a9b8a181e11f88a6c3d1d
-
Filesize
11KB
MD53129627f9d159e065e5547a9577d1982
SHA1c364662c217d530d6583b42d4409ee8191bf5140
SHA256c16b6c1fa83553ef6c0e3d404e5c7c409478c56b3b0167d9934f5a4ee8080f5a
SHA512e8ca3f1e887b9144eadc1d113d5c104da5da7735a549c939e2f51aac4b93adcba8a947c8d2bda73b652d2bd6faddfb9729939dd31122b2e12489fcbfb735d0f2
-
Filesize
11KB
MD5a450168a720f56d9e445d33f8face8cc
SHA18e148f928ae1482cfa592c58fd493c1d6a83265f
SHA256c6aa1cf81390e3a6066b7e9904e42dabaf0ec947687d9bcd2ee6dda3d6e7dac7
SHA5125c0d1926517f5837ed71f271753b98b38f9e982ccd15fbf3e7389dcfe3f48655b932acf210479763e3c4c79cddd3c56bd9a9ab48dea9fe53381dce8094d6fc08
-
Filesize
11KB
MD597a2250a18aa9d9dbfcbc88a254fb1b6
SHA153a147e415c69e66ed12f4b25f360971c080c001
SHA256166a914ee75547780a9e60e775a188c10f8db94e0fcc8dc4a75c660617dab11a
SHA51241e848a158dd63ed1135534e662e3322741901cbd1267bb96ebf5cd0ea7fc4f86aca7bc36856fb445a5847a590b36d18960d65c670e7f053b6971ac56dc14357
-
Filesize
11KB
MD503b9360326932d33624a6f5496f27f54
SHA1313af6aa9e7127f054304fbb0ba02debded6de00
SHA256309b88344cd1eed651a93465295c894e8a243bdc65123dafac30c9278c865222
SHA512fafec56138a580fb1de9568c6fc1a6e880d48573f58429ab807292dbd0a7170c8ecc4df4ffd0632eef42fe11b99c8f6984aac7a7bebcfaafc7a09f23ff86c8f6
-
Filesize
11KB
MD55d485a5a59ede00bf0be1e57a665358d
SHA1f624bcf1241f372738287c66e075ade92d861143
SHA2566451e028481d2bf43120c9b150c119fd32264a660570362e1a0de5af5b5765f0
SHA5127c64d9694a33023f08b13e90b1352b27e5297dfc2d076065caefc6c16e09fa199f4f5622ed789208bd4c9a9875b63e6213c4b359cc79ba369d3d6ab37b4223aa
-
Filesize
11KB
MD53cc18c1701279929aeee4c9db9d15f1c
SHA1175724032cece6bd577af0ec6738117c5e9afae8
SHA2565534422c5c9ad0a88b137a76cab2e4ad1fad90b030c3becc804bbe101305ca94
SHA512cb9a4769caad5a93633e58f5a1aa01ef3b03fd51b494551de1cbc0280289357f6998446c8a67368b14e1bfd402441ce500ab22b70575ae2ea984c20888e5a0ab
-
Filesize
477KB
MD5ec5d243a9958b3858b5a71fb9a690da7
SHA1d80b02c91addef2ef58136d1a7df0189f453388c
SHA256a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931
-
Filesize
424KB
MD54c41e856744eb797e9936359a6509287
SHA10959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA25683ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA51207ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b
-
Filesize
132KB
MD5afa7a91dadd77b23634a0fdf18c148f3
SHA16cbb57ba2355cf442e06899898ff5af55867103e
SHA2569287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA51284d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115
-
Filesize
141KB
MD554a91b0619ccf9373d525109268219dc
SHA11d1d41fcadc571decb6444211b7993b99ce926e2
SHA256b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA5127f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887
-
Filesize
9.0MB
MD544ae254d5815287ad22b5369990a74ac
SHA11cefb3d5fdf7772a3d829f2e9a9057d41c1123c0
SHA25686694389253b9ec6a1f1d8dea6ce5cf94806ee0436a105e2de646ad05ed5f676
SHA512f69500e2e1eab91674beaaf33798cd12097479d7e7be1f033a1357a5f6a4383980be7a9faf4c722a7f6022cf1561cfaa0a024fe4657a989cca26cf6a2a70b71a
-
Filesize
116KB
MD5e043a9cb014d641a56f50f9d9ac9a1b9
SHA161dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA2569dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA5124ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f
-
Filesize
1.6MB
MD583a8f0546164c9ba1a248acedefd6e5d
SHA17652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d
-
Filesize
1.7MB
MD5dabd469bae99f6f2ada08cd2dd3139c3
SHA16714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA25689acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA5129c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915
-
Filesize
97KB
MD5da1d0cd400e0b6ad6415fd4d90f69666
SHA1de9083d2902906cacf57259cf581b1466400b799
SHA2567a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a
-
Filesize
1.2MB
MD5a019b5697f8336ebc95e55e738dd65ba
SHA1a91bbac4de57faccbdf04338006a8f136e2103f3
SHA256abd8a1242e302f0b7067d5bed8fc89ad16136d12e27284911740305708824a69
SHA51250bc39c25c1299ad3e30a9cea89557f55dc2fb31e03c14e02dd80945d9d006477d3a5a59cab6089b397d04d236ea1e96810d29ae9a3585c56969ad206258d255
-
Filesize
339B
MD591d4b32e546bb567a485368f4f3e9e36
SHA11a3c0d14148e89d63133680585a1cc8acf350a30
SHA256c36b84cd9535d41d0b83314016b94cdfdf240bd561ea6a7364d80c7d1d0a408f
SHA51260448d51a6963ffe78a27396fbea0bf0b24e7e6fc6b1b20f918162611e715cb3e66aa598d5300701ea5861e6c1157d3dab490fffc250fc848d9b4bc25fd41390
-
Filesize
280B
MD5b9f65a764f4b6e7200d4e8196404506e
SHA1ff234ad4d6bdefbd327afe797a8d4ad49bc8a6db
SHA2560edf34b391e628c512c92875c2bef18e4ff6089c684510f7a9899a3ee74e7c03
SHA512f7f5c039a2afb770dc5c69a25e1b14b1aaab193d3e068cf5122d5b2e852549f7315fee033e08dd6f03fabbca2201d11b40c82a3405052799a11475f14ce77b9f
-
Filesize
281B
MD561926338beed8fc9248d30b518a30ca5
SHA1a8c58b3c54e8022c11e2131b44b79de9a71b8075
SHA2568e6ecb01714f54d7df658b6e7c959d3ca76344d1e555fd29ceb503589c002ebd
SHA512d915d4da356c6e86e6e7321f60424738799f833136d5e74f1e3b9b39b484a5edc8f6c5375a66b0bb11027a43ec85c29eeb7478722bd0927d8d89fbe6a5ade28e
-
Filesize
45KB
MD5c6186135729878354e56e2430b872621
SHA1a75d9bd5d067554c20f56b26691b8d2dffd61e55
SHA256ca14f4876462ae0f578da25803b9a846a7a714f120a7a0c3dc8882540372ea39
SHA5124f7204200ad7ff0b6af06a2b3bd384296916a5672bd05d8525889a6ef9c0dcc29703ac593f2d09f148a27de7245c2cd73a8be68e356826f912340a36f40ce655
-
Filesize
7.4MB
MD53d9692082e7850ff65fed29ff965fea2
SHA1187d2c1828bd0a69031e7e5338db82519aa50c28
SHA25629dbeb94e25b69a37176995361f05f75445561f2e6c38e0a2861bd921ea99833
SHA51253d2c2c9d68bd07cca4e731bc070b04395c83cd126c13c186f294f2cce6e8d54ca5481e7060bf6a7e844b17eff7f09dde36b7224fefb6ea4f9e92b8728c26724
-
Filesize
1.2MB
MD553bde2c4c0dd3b594b299e257148c4d6
SHA1194ff2abae77d4f3d960657181d100a63e3b8717
SHA2563939ba065ca638c97b046cd350cfe244135253d095aca9845fae12b8651a0e78
SHA5125bbf9873f805facde7754228171ce2b633fef9277cb9eb15e8996c967f92fab2f6e04e3067952aa912bc1fe0b00d905c0c8f71d741f164ec89cd0d7fc47d328b
-
Filesize
339B
MD5355314898d836cbc6aee4a67bf5aa834
SHA10516b185eb3aa3fb0a3b4a0622d4b07574a267fe
SHA2568d557050ff43b914da9ba7f658a03dff3bb4faf3fcdfefb1576e3082732c5391
SHA5126d61b284133fa8b4ab28176a5d9e3818a54e4bc4acca6422a53ebaf742f789cb5f12b140d7453fb49848a0061666b28404cc25bb52b9c47574855625a62faead
-
Filesize
280B
MD51fccb448e2db24add49621734a1fe4dd
SHA17e8a18b22ec6ffb46a1acc4ba0be4bb1e81c8e53
SHA2565b6f8a8d45abb9976cf482c6cf7c9f2518e9475cf675a562415ed1a1ef97c794
SHA512c10705c3c3bd60c1c734d7a57a92a5398a1c7a0e5e5fb37905b21ee5586dfad59a46c7c79cfda024f58e0c4716c06a661711b63dc94e6b0005faba63e3cec88d
-
Filesize
1.7MB
MD51bbf5dd0b6ca80e4c7c77495c3f33083
SHA1e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA51297bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab
-
Filesize
1.3MB
MD54383230c2e8620e2a7f5eeebafecc460
SHA1990ccea05d61e47ce111e1f05390e0fee96643e4
SHA2565463454b1a31c64211f2a724a6df78b31da655cbea9998fb2ca9c300d472660c
SHA512f550362f938fe4bd73257c8f20c5a9164ad63124d9c2b25333a153297a9b1a3133c327d834cc32c8c7d81303cd50325248a9ca0267769d968efaa281c30255d0
-
Filesize
50B
MD5be27a7da181fe2e0f9daaae4c93dc291
SHA179bbf661f01c7d11916343bd98f0ec594a4c2434
SHA256ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d
SHA512caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e
-
Filesize
171KB
MD50e2436cc52d5a3c372b062ed502a59ba
SHA1639d57db2ca9132e01b1b677fe34427e93bc0016
SHA25637019fb7733f01ee892180398aa5ce52b4e434031c5f48a6152a49c1ed00a94e
SHA51288a76087faede53acda977fc1bcd8d21e606bdecbaf7100f5e5512b92b24a21a701bd9821d8944b770d3fb285ba5fb442e7f3d7001b4c9750a8b874e200e6ab7
-
Filesize
430B
MD5db047b36d42d05dea8cdaa673f61c198
SHA17600d1fc9d482d38067006a796094c0cb9e55afd
SHA256c6308697d61507c457ee030400255c8f105c357dccffcaaaf20cb6b004faaeda
SHA5126495072d985fdc7a5d29cc282873111ac3a88b41c0f8103933e3b99cf6c58c83cb5519c710faa46ba061da61aed38e71a832bcc973e0999e8a7f33c541226ea8
-
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\3b\3b6cd8c6ed776422056dc5e536d32cee74819e00.tlauncherdownload
Filesize438KB
MD5aa8e701508f6db79d1d18a84f08897af
SHA13b6cd8c6ed776422056dc5e536d32cee74819e00
SHA256f9fa2ca896d4395f555c9a77e946ab391b9de8e22c57b45bc292273150209467
SHA51280a3763e77e8691256a9c2a31f983dd03573fc3d45b362581de9c04818faaf5cd3ee5cca5d74479eb9dfe92d301e55fd66f8834d3c34306a002df8998268a06d
-
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\66\666999116c467f10622db1527a06ddc0a6efad2a.tlauncherdownload
Filesize1.4MB
MD5d635e313e3178146dd6833844c52c16b
SHA1666999116c467f10622db1527a06ddc0a6efad2a
SHA2568f6a12f09a805b3e6c2e412050a14912c74f6ff31b157dc08f38eb10144c4643
SHA512937d6635137db6ec5d4dabea7fed54264ac2e1368f77f4dbbbbca8a8d2a6e0669ac51477775d33db3a458f8f97141e10f636acafdefda5a49c99392033758e7f
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar
Filesize4KB
MD5091883993ef5bfa91da01dcc8fc52236
SHA11dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
SHA512f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar
Filesize60KB
MD5040b4b4d8eac886f6b4a2a3bd2f31b00
SHA14bfc12adfe4842bf07b657f0369c4cb522955686
SHA256daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
SHA512ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar
Filesize76KB
MD5eb0d9dffe9b0eddead68fe678be76c49
SHA14fdac2fbe92dfad86aa6e9301736f6b4342a3f5c
SHA256df26cc58f235f477db07f753ba5a3ab243ebe5789d9f89ecf68dd62ea9a66c28
SHA512cbc27e0b6da6ae4b6245353d6626d2e3c171c3026a555fa21e8ef61b30714e286db85086d1a57c167016e8a7f07be2a243e34b3ab504b1877806f3bcec5df986
-
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\v1\objects\30c73b1c5da787909b2f73340419fdf13b9def88\client.jar
Filesize25.6MB
MD50b90a83eb9910468c60152f6594b9271
SHA130c73b1c5da787909b2f73340419fdf13b9def88
SHA256499f6897d1837516680f3114072d8106e11c9adcd933fe5cf051b551089b0c99
SHA512a63c09e9b8cfe80bd5815c88818291d54cbe7c9ffcd806be6365376e865c44d5aa85e8348467e6ded8f4d9722047d3c5b075f755047a982c2e75223d2b9f68ac
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
Filesize38KB
MD59385d58411dd2ad5500c72960703a1c8
SHA1cecc49d1551d3b54790337509a2aee6c910ff849
SHA256b25e97594d8c31bde9391d7a6a365468d63b896f0b9197903d2652f368e67ee8
SHA512af886f56a6c83cccba296f238b541b48183b457da1c857041612c776085f90307e766eba1a386c3cde35db21f6053ca40e7acf854fe9dd7c9aa38e8d199dd43d
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\logging.properties
Filesize2KB
MD50f00ec3e7a7767a4efeae1875fb5f3d4
SHA1167808418571e9209b952188ddab2f4e62920e68
SHA256b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f
SHA512e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\net.properties
Filesize6KB
MD5385443b7e4a37bc277c018cd1d336d49
SHA1b2c0dfb00bf699e817bdd49b14bc24b8d3282c65
SHA2565bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08
SHA512260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\README.txt
Filesize2KB
MD53d47d94bc4f19d18bcc8b23f51d013af
SHA1a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb
SHA2566da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5
SHA51268a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\default_US_export.policy.tlauncherdownload
Filesize146B
MD51a08ffdf0bc871296c8d698fb22f542a
SHA1f3f974d3f6245c50804dcc47173aa29d4d7f0e2c
SHA256758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9
SHA5124cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\default_local.policy
Filesize647B
MD56d7b4616a5dba477b6b6d3f9a12e568f
SHA17fb67e217c53a685cb9314001592b5bd50b5fbb9
SHA2562b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441
SHA512a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\exempt_local.policy
Filesize566B
MD54cbb03f484c86cbea1a217baae07d3c9
SHA1ee67275bc119c98191a09ff72f043872b05ab7fd
SHA2568c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9
SHA5122bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\unlimited\default_local.policy
Filesize193B
MD52a0f330c51aff13a96af8bd5082c84a8
SHA1ad2509631ed743c882999ac1200fd5fb8a593639
SHA2568d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a
SHA5122b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\ADDITIONAL_LICENSE_INFO
Filesize2KB
MD571bb3ad0017bf36d14bb96a8d4b32c45
SHA11a5c553e71bdb7d94995b206bc9eaa49abd1e888
SHA256a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916
SHA5129f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\LICENSE
Filesize18KB
MD53e0b59f8fac05c3c03d4a26bbda13f8f
SHA1a4fb972c240d89131ee9e16b845cd302e0ecb05f
SHA2564b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726
SHA5126732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\aes.md
Filesize1KB
MD52e33468a535a4eb09ef57fc12a2652d0
SHA1e64516f3fa1e72f88caa50f14b8046dd74d012b6
SHA25645c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d
SHA5124d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\c-libutl.md
Filesize1KB
MD52e89a282a50f8702e52703464e6937ca
SHA1cfc22a6f5b17cd539234d5b3160a5224abefadb9
SHA256bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9
SHA512ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\wepoll.md
Filesize1KB
MD5cef1d92ff8ace278bd32ac5e18735b86
SHA16c7d15e2b8f3e99527458c8ea33420ee1d34af7b
SHA2563ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0
SHA51212aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\zlib.md.tlauncherdownload
Filesize1011B
MD5440321d71d082c9f04a9995b613bdff2
SHA19af688d499b3026ec8e5a2e266dc4b9b4884a87b
SHA25681518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285
SHA512c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.datatransfer\ADDITIONAL_LICENSE_INFO.tlauncherdownload
Filesize48B
MD5512f151af02b6bd258428b784b457531
SHA184d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA5121a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.datatransfer\ASSEMBLY_EXCEPTION.tlauncherdownload
Filesize43B
MD5bd468da51b15a9f09778545b00265f34
SHA1c80e4bab46e34d02826eab226a4441d0970f2aba
SHA2567901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA5122c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.datatransfer\LICENSE.tlauncherdownload
Filesize32B
MD5663f71c746cc2002aa53b066b06c88ab
SHA112976a6c2b227cbac58969c1455444596c894656
SHA256d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\colorimaging.md
Filesize167B
MD50889fd01a6802a5a934572d9bd47f430
SHA17a7e547452ee1c72e8b0d96dccbe315f62d5b564
SHA25604d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189
SHA512f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\giflib.md
Filesize1KB
MD5867001e2a577f88cfc856f45959502aa
SHA1109c11cec13349212ba94b9f3eb7d0943229938e
SHA256c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8
SHA512dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\lcms.md
Filesize2KB
MD504a8a77cafdd6185a3506eccf7a83346
SHA11acbec21e9eab8bd2bee9826353c1e768d5457b5
SHA2568acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782
SHA512a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\mesa3d.md
Filesize5KB
MD5c7e0d19c8f4eff11e97f0eb9afd3f7f4
SHA16a98ee2703132e181f37d162452f073fb64ced83
SHA25663f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152
SHA5129c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\bcel.md
Filesize10KB
MD5daae908a4dd474afec9c010d416acb2d
SHA1a59717166af2e8fa9ecd6d622fd6b82b835acce9
SHA256853a1e7ce397bb10de0e2b3bde0844bcc651f17d983decd07d2d003c0304c311
SHA51225f2189643a113616f53cd87fc96df01b55602bfc3f6653e48c310de03f6d79ccbbec58936d54b88052e32d68c646017bf75b8a179f59fb9d2c5f6938e351a4d
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\dom.md
Filesize3KB
MD513952c46b3867103ad7d1e9c6c9e906c
SHA14bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb
SHA2566686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148
SHA5128c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\jcup.md
Filesize1KB
MD5d19594fbf6eab2242dc29257905d8ded
SHA1fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c
SHA2568d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf
SHA5127ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md
Filesize3KB
MD5fa24b7e2a61a7045cb0c6c385000681b
SHA1869fc0b687986ea26b8ff63c137e03c92234a5c8
SHA256262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811
SHA5122676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.crypto.cryptoki\pkcs11wrapper.md
Filesize2KB
MD5b77d1951df7a8488eb84ce1d25486a14
SHA1e35415235ec3bbcb92beeceb03a9a8e7c13a6fce
SHA256371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d
SHA512759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.internal.opt\jopt-simple.md
Filesize1KB
MD54f3f190fd212329afc39442174ca4b3a
SHA1d7e25adf223e68d06276ae7666bbc96590dda442
SHA25699bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05
SHA512fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.javadoc\jquery.md
Filesize2KB
MD58ef4ab67241efd69eaa3df9871fa0dbd
SHA1a20a019c3b06d4263b00f5e89ed394a52b8c1981
SHA2560716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e
SHA5121f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.javadoc\jqueryUI.md
Filesize1KB
MD586bfe7b4e5cbedc085060a2c3f13febe
SHA1a98cfdc7d73e016ce8b23c1d00daa3d2d3c03a3d
SHA256bb0a0e89ebd824df714516bf64b9101c62081e4b376f00f929a58c09555bf111
SHA5122656ab0100db997c9306be156af613861c9071a3be1b26f2882a68424e37d1b17674183729c1ba1024302011d42658058f024ce98db5bbb4d528c498ddd21d6e
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.localedata\thaidict.md
Filesize1KB
MD52ea6eb55ca40902554aaf2fd20a76ba8
SHA1e5b9e88e174c797c313d6739e7e34772b723bc4b
SHA256c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a
SHA5125221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\jvm.cfg
Filesize29B
MD57ce21bdcfa333c231d74a77394206302
SHA1c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA5128b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\tzdb.dat
Filesize101KB
MD52fd920c56de68f65493ba6962fd079e1
SHA11e79bff02711d3dab3c75e90d4bb08f8086c9626
SHA256b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93
SHA512958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47
-
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\tzmappings
Filesize21KB
MD54c30d7867505379a18a27d0e8f03198c
SHA10cc871d5bd91e061d676a861749af68bbc0ca9c6
SHA256b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab
SHA512873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56
-
Filesize
484KB
MD58cabdbe3d67546771b02af5d42073cfe
SHA12e19147110b9872a52814956bab151a7aa80ce58
SHA256affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a
SHA512b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f
-
Filesize
389KB
MD5e58d41175587d4355fe06bf8b8a1ab32
SHA16403f8243ea983a225b3bcda6c821a0029ad9ee2
SHA2569abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248
SHA512fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4
-
Filesize
248KB
MD5719d6ba1946c25aa61ce82f90d77ffd5
SHA194d2191378cac5719daecc826fc116816284c406
SHA25669c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b
-
Filesize
468KB
MD5d8ea3886d9f59b514bfa5b24ab69c0ab
SHA12bf57942dff5360889f0e89c58d5acdc54e5f1ea
SHA256a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d
SHA512ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e
-
Filesize
246KB
MD5e7349669dee3093d266849685efecc60
SHA1e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0
SHA256ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c
SHA51241d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8
-
Filesize
46B
MD50f1123976b959ac5e8b89eb8c245c4bd
SHA1f90331df1e5badeadc501d8dd70714c62a920204
SHA256963095cf8db76fb8071fd19a3110718a42f2ab42b27a3adfd9ec58981c3e88d2
SHA512e9136fdf42a4958138732318df0b4ba363655d97f8449703a3b3a40ddb40eeff56363267d07939889086a500cb9c9aaf887b73eead06231269116110a0c0a693
-
Filesize
613KB
MD5c1b066f9e3e2f3a6785161a8c7e0346a
SHA18b3b943e79c40bc81fdac1e038a276d034bbe812
SHA25699e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA51236f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728
-
Filesize
1KB
MD5b3174769a9e9e654812315468ae9c5fa
SHA1238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8
SHA25637cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08
SHA5120815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3
-
Filesize
83KB
MD51453290db80241683288f33e6dd5e80e
SHA129fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA2562b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA5124ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91
-
Filesize
50KB
MD510f23396e21454e6bdfb0db2d124db85
SHA1b7779924c70554647b87c2a86159ca7781e929f8
SHA256207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c
SHA512f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444
-
Filesize
632B
MD51002f18fc4916f83e0fc7e33dcc1fa09
SHA127f93961d66b8230d0cdb8b166bc8b4153d5bc2d
SHA256081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424
SHA512334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1
-
Filesize
1KB
MD5a387b65159c9887265babdef9ca8dae5
SHA17913274c2f73bafcf888f09ff60990b100214ede
SHA256712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46
SHA512359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350
-
Filesize
268KB
MD524b9dee2469f9cc8ec39d5bdb3901500
SHA14f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144
SHA25648122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0
SHA512d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693
-
Filesize
3KB
MD51d3fda2edb4a89ab60a23c5f7c7d81dd
SHA19eaea0911d89d63e39e95f2e2116eaec7e0bb91e
SHA2562b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
SHA51216aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b
-
Filesize
5KB
MD5f507712b379fdc5a8d539811faf51d02
SHA182bb25303cf6835ac4b076575f27e8486dab9511
SHA25646f47b3883c7244a819ae1161113fe9d2375f881b75c9b3012d7a6b3497e030a
SHA512cb3c99883336d04c42cea9c2401e81140ecbb7fc5b8ef3301b13268a45c1ac93fd62176ab8270b91528ac8e938c7c90cc9663d8598e224794354546139965dfe
-
Filesize
2KB
MD5811bafa6f97801186910e9b1d9927fe2
SHA1dc52841c708e3c1eb2a044088a43396d1291bb5e
SHA256926ccadaec649f621590d1aa5e915481016564e7ab28390c8d68bdaaf4785f1f
SHA5125ae9c27dce552ea32603b2c87c1510858f86d9d10cade691b2e54747c3602fe75de032cf8917dcd4ee160ee4cc5be2e708b321bb1d5cdebfa9fe46c2f870ca7c
-
Filesize
3KB
MD5d77c3b5274b8161328ab5c78f66dd0d0
SHA1d989fe1b8f7904888d5102294ebefd28d932ecdb
SHA256c9399a33bb9c75345130b99d1d7ce886d9148f1936543587848c47b8540da640
SHA512696e28b6bc7e834c51ab9821d0d65d1a32f00eb15caa732047b751288ea73d8d703d3152bf81f267147f8c1538e1bf470748df41176392f10e622f4c7708dd92
-
Filesize
3KB
MD56d32848bd173b9444b71922616e0645e
SHA11b0334b79db481c3a59be6915d5118d760c97baa
SHA256be987d93e23ab7318db095727dedd8461ba6d98b9409ef8fc7f5c79fa9666b84
SHA5128e9e92d3229ff80761010e4878b4a33bfb9f0bd053040fe152565cfb2819467e9a92609b3786f9bdbf0d7934cf3c7d20bc3369fe1ad7d0df7fadf561c3fdca3c
-
Filesize
3KB
MD5c11ab66fede3042ee75dfd19032c8a72
SHA169bd2d03c2064f8679de5b4e430ea61b567c69c5
SHA2568deeec35ed29348f5755801f42675e3bf3fa7ad4b1e414acca283c4da40e4d77
SHA512072f8923df111f82f482d65651758b8b4ba2486cb0ea08fb8b113f472a42a1c3bcb00dae7d1780cf371e2c2bd955d8b66658d5ee15e548b1eea16b312fdcbdf9
-
Filesize
3KB
MD5a81c4b0f3bf9a499429e14a881010ef6
SHA1dbe49949308f28540a42ae6cd2ad58afbf615592
SHA256550954f1f80fe0e73d74eb10ad529b454d5ebc626eb94a6b294d7d2acf06f372
SHA5126fed61cbcd7fe82c15c9a312aced9d93836ebcffaf3e13543bc9dd8b4c88400c371d2365feee0f1bb844a6372d4128376568a5b6fe666fd6213636fcbd8c7791
-
Filesize
6KB
MD5b7279f1c3ba0b63806f37f6b9d33c314
SHA1751170a7cdefcb1226604ac3f8196e06a04fd7ac
SHA2568d499c1cb14d58e968a823e11d5b114408c010b053b3b38cfef7ebf9fb49096f
SHA5124a3bf898a36d55010c8a8f92e5a784516475bdfffcd337d439d6da251ddb97bcc7e26f104ac5602320019ed5c0b8dc8883b2581760afea9c59c74982574d164b
-
Filesize
3KB
MD5e6f84c081895acdfd98da0f496e1dd3d
SHA11c2b96673dddd3596890ef4fc22017d484a1f652
SHA256a1752a0175f490f61e0aad46dc6887c19711f078309062d5260e164ac844f61a
SHA512d4d28780147e22678cd8e7415cacfad533ae5af31d74426bbe4993f05a0707e4f0f71d948093ffa1a0d6ea48310e901cd0ed1c14e2fbdf69c92462d070a9664f
-
Filesize
3KB
MD5880baacb176553deab39edbe4b74380d
SHA137a57aad121c14c25e149206179728fa62203bf0
SHA256ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620
SHA5123039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5
-
Filesize
8KB
MD5249053609eaf5b17ddd42149fc24c469
SHA120e7aec75f6d036d504277542e507eb7dc24aae8
SHA256113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be
SHA5129c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb
-
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\[email protected]
Filesize14KB
MD5cb81fed291361d1dd745202659857b1b
SHA10ae4a5bda2a6d628fac51462390b503c99509fdc
SHA2569dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435
SHA5124a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9
-
Filesize
1KB
MD5005faac2118450bfcd46ae414da5f0e5
SHA19f5c887e0505e1bb06bd1fc7975a3219709d061d
SHA256f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8
SHA5128b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9
-
Filesize
3KB
MD5d8b47b11e300ef3e8be3e6e50ac6910b
SHA12d5ed3b53072b184d67b1a4e26aec2df908ddc55
SHA256c2748e07b59398cc40cacccd47fc98a70c562f84067e9272383b45a8df72a692
SHA5128c5f3e1619e8a92b9d9cf5932392b1cb9f77625316b9eef447e4dce54836d90951d9ee70ffd765482414dd51b816649f846e40fd07b4fbdd5080c056adbbae6f
-
Filesize
73KB
MD5af0c5c24ef340aea5ccac002177e5c09
SHA1b5c97f985639e19a3b712193ee48b55dda581fd1
SHA25672cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244
SHA5126ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9
-
Filesize
73KB
MD5793ae1ab32085c8de36541bb6b30da7c
SHA11fd1f757febf3e5f5fbb7fbf7a56587a40d57de7
SHA256895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c
SHA512a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6
-
Filesize
78KB
MD54d666869c97cdb9e1381a393ffe50a3a
SHA1aa5c037865c563726ecd63d61ca26443589be425
SHA256d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06
SHA5121d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2
-
Filesize
336KB
MD5630a6fa16c414f3de6110e46717aad53
SHA15d7ed564791c900a8786936930ba99385653139c
SHA2560faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923
SHA5120b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035
-
Filesize
310KB
MD55dd099908b722236aa0c0047c56e5af2
SHA192b79fefc35e96190250c602a8fed85276b32a95
SHA25653773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee
SHA512440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a
-
Filesize
681KB
MD5b75309b925371b38997df1b25c1ea508
SHA139cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add
SHA256f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde
SHA5129c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d
-
Filesize
228KB
MD5a0c96aa334f1aeaa799773db3e6cba9c
SHA1a5da2eb49448f461470387c939f0e69119310e0b
SHA256fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2
SHA512a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796
-
Filesize
237KB
MD5c1397e8d6e6abcd727c71fca2132e218
SHA1c144dcafe4faf2e79cfd74d8134a631f30234db1
SHA256d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff
SHA512da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1
-
Filesize
13KB
MD51eddfb1ee252055556f40cdc79632e98
SHA184aa425100740722e91f4725caf849e7863d12ba
SHA25669becfe0d45b62bbdbcf6fe111a8a3a041fb749b6cf38e8a2f670607e17c9ee2
SHA512a0fdbf42ff105c9a2f12179124606a720df8f32365605644e15600767e5732312777a58390fdb1a9b1c0b152ccc29496133b278a6e5736b38af2b5fab251d40c
-
Filesize
1KB
MD5269d03935907969c3f11d43fef252ef1
SHA1713acb9eff5f0b14a109e6c2771f62eac9b57d7c
SHA2567b8b63f78e2f732bd58bf8f16144c4802c513a52970c18dc0bdb789dd04078e4
SHA51294d8ee79847cd07681645d379feef6a4005f1836ac00453fb685422d58113f641e60053f611802b0ff8f595b2186b824675a91bf3e68d336ef5bd72fafb2dcc5
-
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\win32_CopyDrop32x32.gif
Filesize165B
MD589cdf623e11aaf0407328fd3ada32c07
SHA1ae813939f9a52e7b59927f531ce8757636ff8082
SHA25613c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d
SHA5122a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7
-
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\win32_LinkDrop32x32.gif
Filesize168B
MD5694a59efde0648f49fa448a46c4d8948
SHA14b3843cbd4f112a90d112a37957684c843d68e83
SHA256485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198
SHA512cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27
-
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\win32_MoveDrop32x32.gif
Filesize147B
MD5cc8dd9ab7ddf6efa2f3b8bcfa31115c0
SHA11333f489ac0506d7dc98656a515feeb6e87e27f9
SHA25612cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338
SHA5129857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8
-
Filesize
20KB
MD509ff01e042e7d016217a23f29250c193
SHA1e60d9aaa39c5f0ef4a54da5107b0c75ab491df0e
SHA25605079c086677ff5ada9853f60b7b1c623750c7a97c6eec692e54ad7ebf51d343
SHA51250abc8f6c0eeef68b600826ffb5adc1c329996882d4ef378c65a1c5330e1177222e48fd1a0c4798116ee63cc231ffbd120e22ed82290d975dc81ca246f0e1cb3
-
Filesize
20KB
MD567735a686d709d5612fae97cd67ecf07
SHA15ae707011fb0adaf564d2c71d8e6443aaddd6809
SHA25657f1556cd4a7554944b8339a4c29cc25c1c462418e42d22a2f84f8b713205826
SHA5125ba2fb473fa4b3e6c4f13b0aadc5030d35498a8413c928cb6e5f67832cb164238222a21275e7e99cb476f095ab901250417d1f10b2f5e305bd13980182e9c38d
-
Filesize
4KB
MD5c677ff69e70dc36a67c72a3d7ef84d28
SHA1fbd61d52534cdd0c15df332114d469c65d001e33
SHA256b055bf25b07e5ac70e99b897fb8152f288769065b5b84387362bb9cc2e6c9d38
SHA51232d82daedbca1988282a3bf67012970d0ee29b16a7e52c1242234d88e0f3ed8af9fc9d6699924d19d066fd89a2100e4e8898aac67675d4cd9831b19b975ed568
-
Filesize
2KB
MD5809c50033f825eff7fc70419aaf30317
SHA189da8094484891f9ec1fa40c6c8b61f94c5869d0
SHA256ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232
SHA512c5aa71ad9e1d17472644eb43146edf87caa7bccf0a39e102e31e6c081cd017e01b39645f55ee87f4ea3556376f7cad3953ce3f3301b4b3af265b7b4357b67a5c
-
Filesize
3KB
MD5f63bea1f4a31317f6f061d83215594df
SHA121200eaad898ba4a2a8834a032efb6616fabb930
SHA256439158eb513525feda19e0e4153ccf36a08fe6a39c0c6ceeb9fcee86899dd33c
SHA512de49913b8fa2593dc71ff8dac85214a86de891bedee0e4c5a70fcdd34e605f8c5c8483e2f1bdb06e1001f7a8cf3c86cad9fa575de1a4dc466e0c8ff5891a2773
-
C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\management\jmxremote.password.template
Filesize2KB
MD57b46c291e7073c31d3ce0adae2f7554f
SHA1c1e0f01408bf20fbbb8b4810520c725f70050db5
SHA2563d83e336c9a24d09a16063ea1355885e07f7a176a37543463596b5db8d82f8fa
SHA512d91eebc8f30edce1a7e16085eb1b18cfddf0566efab174bbca53de453ee36dfecb747d401e787a4d15cc9798e090e19a8a0cf3fc8246116ce507d6b464068cdb
-
Filesize
14KB
MD55edb0d3275263013f0981ff0df96f87e
SHA1e0451d8d7d9e84d7b1c39ec7d00993307a5cbbf1
SHA2563a923735d9c2062064cd8fd30ff8cca84d0bc0ab5a8fab80fdad3155c0e3a380
SHA512f31a3802665f9bb1a00a0f838b94ae4d9f1b9d6284faf626ebe4f96819e24494771a1b8bfe655fd2da202c5463d47bae3b2391764e6f4c5867c0337aa21c87c1
-
Filesize
3KB
MD571a7de7dbe2977f6ece75c904d430b62
SHA12e9f9ac287274532eb1f0d1afcefd7f3e97cc794
SHA256f1dc97da5a5d220ed5d5b71110ce8200b16cac50622b33790bb03e329c751ced
SHA5123a46e2a4e8a78b190260afe4eeb54e7d631db50e6776f625861759c0e0bc9f113e8cd8d734a52327c28608715f6eb999a3684abd83ee2970274ce04e56ca1527
-
Filesize
2KB
MD57c5514b805b4a954bc55d67b44330c69
SHA156ed1c661eeede17b4fae8c9de7b5edbad387abc
SHA2560c790de696536165913685785ea8cbe1ac64acf09e2c8d92d802083a6da09393
SHA512ccd4cb61c95defdcba6a6a3f898c29a64cd5831a8ab50e0afac32adb6a9e0c4a4ba37eb6dee147830da33ae0b2067473132c0b91a21d546a6528f42267a2c40e
-
Filesize
10KB
MD5f8734590a1aec97f6b22f08d1ad1b4bb
SHA1aa327a22a49967f4d74afeee6726f505f209692f
SHA2567d51936fa3fd5812ae51f9f5657e0e70487dca810b985607b6c5d6603f5e6c98
SHA51272e62dc63daa2591b48b2b774e2479b8861d159061b92fd3a0a06256295da4d8b20dafa77983fdbf6179f666f9ff6b3275f7a5bcf9555e638595230b9a42b177
-
Filesize
3KB
MD5b2c6eae6382150192ea3912393747180
SHA1d4ffb3857eab403955ce9d156e46d056061e6a5a
SHA2566c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71
SHA512898582c23f311f9f46825e7f8b6d36bed7255e5a4e2fa4b4452153b86efbd88db7e5b94dbd9cb9db554f62b84d19f22ae9d81822b4896081c487fb50946a9a9a
-
Filesize
2KB
MD511340cd598a8517a0fd315a319716a08
SHA1c0112209a567b3b523cfed7041709f9440227968
SHA256b8582889b0df36065093c642ed0f9fa2a94cc0dc6fde366980cfd818ec957250
SHA5122b6dadc555eeb28dc1c553ab429f0cb9e3ad9aa64dfa2b62910769a935a1e6030a7ff0dde2689f29c58d1b0720416d6b99ffa19bd23e6686efb1547afb7dccfd
-
Filesize
49KB
MD544e161cddfff8b98e40eb76212b5654f
SHA19d2da007c0747c6dcf7b27e70805fc38f6f521d4
SHA2560457564ff35fcc49b4e33f26e6b46a32b68095034c3bdfc17508d8c4c6b1db0f
SHA512b6f05e107c3a80eab39100ca82475e84bcc02edeb95e1ac8f7fcf5e8e72fc683f09cddb0f4a13c1363556832dfb2f0c94aa460c52c70b5e54063944003235b9b
-
Filesize
98B
MD59107d028bd329dbfe4c1f19015ed6d80
SHA14384ca5e4d32f7dd86d8baddd1e690730d74e694
SHA256b7a87d1f3f4b7ba1d19d0460fa4b63bd1093afc514d67fe3c356247236326425
SHA51281b14373b64ce14af26b70d12d831e05158d5a4fa8cec0508fef8a6ca65b6f4ef73928f4b1e617c68ddeacff9328a3d4433b041b7fb14de248b1428c51dbc716
-
Filesize
1KB
MD54f95242740bfb7b133b879597947a41e
SHA19afceb218059d981d0fa9f07aad3c5097cf41b0c
SHA256299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66
SHA51299fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87
-
Filesize
9KB
MD562bc9fa21191d34f1db3ed7ad5106efa
SHA1750cc36b35487d6054e039469039aece3a0cc9e9
SHA25683755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a
SHA512af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\dependencies.json
Filesize17KB
MD56d566646f2f374692a6a8b76ff23f59e
SHA143025f5b97daa38aeec3407cc20bf60740a319db
SHA256b700139641a3d5493cb28c9ce00408f70e4e48083c80ed5693c6ae840ee93dd9
SHA5120e949c4f50656bdbe4bd2ff47661ac62c942b5744d316242e68306bb751bcfe778037ebbcbcd31188125cc88cc243a497fbea6ccf96701668555df5a35586e34
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\resources.json
Filesize18KB
MD5f24f4282f4dbdc650884bd55033d7df3
SHA15c1aeb01a17701d7b35dd3454b4088dcd82f396d
SHA2565690815ca9ad02021f49c1df8fd360a1ac29ef3781c15cb074a064b8669d12a2
SHA5129d02cad4043de8c09498ed629c5d0c7763f8f4c35166919879acfb3670961e2b943234d0e721cd6b28485af477905437ec4743b41b2dbf8622d7831b0a62801e
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json
Filesize3KB
MD5aba7fce4661d0d6ea8c40eb63f4718b0
SHA10fefed36b06f8a784736dbd504450b1574ada129
SHA256551d3edbcbea195bc37a1ad887a21452131c132123d1a643be43411932403fee
SHA5126fee54c2a174743342165846811e39c32eca318b424d1f8a138951cd1c5b0a9c033e5490921b943b84bf47197ede9bbf9c052292295032413abc54c8d63e806d
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json
Filesize3KB
MD5e2cbea0a8a22b79e63558273dded5e6c
SHA1bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA25610d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT
Filesize35B
MD54586c3797f538d41b7b2e30e8afebbc9
SHA13419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA2567afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE
Filesize33B
MD516989bab922811e28b64ac30449a5d05
SHA151ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA25686e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA51286571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.media\directshow.md
Filesize1KB
MD5b1047db8237b15d97b1dd072f71f4d15
SHA12484425df3be1049de4016ed88e5518aa9751b35
SHA256d847da5757a30d093db3f90a0bac9b1699a52965daa3ec5dedf3ebf14c81c698
SHA512bbd78681a97abf5fe515be598f81edb4d2140e0dd12959f3ab6f89609e9962991bb5bfe09eed67cdd29529c51ecbdf59c37a61bb0d592250b0f9ad0c6090798b
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO
Filesize51B
MD5494903d6add168a732e73d7b0ba059a0
SHA1f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA2560a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION
Filesize46B
MD5c62a00c3520dc7970a526025a5977c34
SHA1f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA51260907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE
Filesize35B
MD5f815ea85f3b4676874e42320d4b8cfd7
SHA13a2ddf103552fefe391f67263b393509eee3e807
SHA25601a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\lib\security\blocked.certs
Filesize2KB
MD58273f70416f494f7fa5b6c70a101e00e
SHA1aeaebb14fbf146fbb0aaf347446c08766c86ca7f
SHA256583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58
SHA512e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da
-
Filesize
1KB
MD5c12f3c4b9435722a2cbebcf314c51b5a
SHA1b088174f58edd9ad1c22afa2dad54ad289d5c473
SHA2562bf98d84136099eb71c4d8cbe2496e057609038518d56b0abb9e86161d99b972
SHA5120380730e7db7759ef9e27ec7aecfb5fc0bdb93d8a6820ee1640b40110ed0c5bb089a055842d7954b303a75535ad3bb0bfdba6a622bde2832bc0ffd20194ec40b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
23.0MB
MD51adec7eb478cda3b13c1d0e9211ab2d0
SHA19125f5351d91ec050aaec2d8ab57ba2888fe8f23
SHA2563f2bf670dcff19b02d168935ba9b36058bb088723b2f9064e9c4ee72b5f69894
SHA512fe19b4beff3dd241d65b6003c8a8d1ba04c44b1146150f8f1b8bdf18ec2d9c8a27eaf12d34eac1b90271f04de6e8b87c5f633e09adc4e4f03aec515dd459c6ce
-
Filesize
3.6MB
MD52fdbdd1b695596ad7781b2afc1482a29
SHA15a0a035f2652971df0994cd5b7f95eaa9e5cbc05
SHA2569c6eb720182236494277230060acabbb1fae55682053fb1c241dd357e0eeea49
SHA512ee934710cc12f991f39952964f81a0287bfa2d3d9f6305131fed97525ca646c1237007b6bde123946cc593ec4da28e09a1c530c889b731df31537e3c967b62df
-
Filesize
25.4MB
MD50e0716d2e4aac0bb178c261985acf33a
SHA1bda605efc74046624e45e7185a1eef7304bab61d
SHA2563640227b80b8742c811f8ef399ccf1018d21224920e76239136d569db12a6244
SHA51253898b2801587b941c4e4896746da5b26d02f4e1418fca802407a802d4823578539cd02700a2fa7413c0f2170fe075d65553f433fd1b4f412b0707516364aeeb
-
Filesize
41.2MB
MD5b9919195f61824f980f4a088d7447a11
SHA1447fd1f59219282ec5d2f7a179ac12cc072171c3
SHA2563895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
SHA512d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6
-
Filesize
38.7MB
MD51ef598379ff589e452e9fc7f93563740
SHA182ad65425fa627176592ed5e55c0093e685bfeef
SHA256d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23