Malware Analysis Report

2025-03-15 04:07

Sample ID 240827-fmjblswapn
Target https://solaraexecutor.com/
Tags
adware defense_evasion discovery motw persistence phishing privilege_escalation stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://solaraexecutor.com/ was found to be: Likely malicious.

Malicious Activity Summary

adware defense_evasion discovery motw persistence phishing privilege_escalation stealer upx

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Indicator Removal: File Deletion

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks installed software on the system

Installs/modifies Browser Helper Object

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

System Time Discovery

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies Internet Explorer settings

Checks SCSI registry key(s)

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 04:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 04:59

Reported

2024-08-27 05:16

Platform

win11-20240802-en

Max time kernel

995s

Max time network

999s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://solaraexecutor.com/

Signatures

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\t: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\v: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\r: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\s: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\y: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\o: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\j: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\g: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\m: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\n: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\q: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\w: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\k: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\i: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\l: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\p: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\x: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\a: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\h: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\z: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\u: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\SearchIndexer.exe N/A

Indicator Removal: File Deletion

defense_evasion

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_702fdf2336d2162d\input.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_8207ba80cf22e40a\hdaudbus.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_585900615f764770\usbport.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_585900615f764770\usbport.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_702fdf2336d2162d\input.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_8207ba80cf22e40a\hdaudbus.PNF C:\Windows\system32\dxdiag.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_51\bin\verify.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\prism_d3d.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\release C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\ktab.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jaccess.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunec.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\resource.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\rmiregistry.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\nashorn.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jaas_nt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\sunec.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\snmp.acl.template C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\awt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\rmid.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ko.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_CN.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\JavaAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfxmedia.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.bfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\javaws.policy C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\CIEXYZ.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.access C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfxswt.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_fr.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\logging.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\default.jfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\README.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2iexp.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\gstreamer-lite.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\klist.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\local_policy.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunpkcs11.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\profile.jfc C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\cacerts C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\decora_sse.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\j2pkcs11.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\resources.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F86418051F0} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5af458.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2A78.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFF37B3E4575BDD867.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5af454.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF158B2D95E14CDD93.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF84F54DBBFD95D537.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF7AB8DFC32299A8E8.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF687.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5af454.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\dxdiag.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\dxdiag.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\dxdiag.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dxdiag.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f5c40bee3ef8da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001ff2b30b3ff8da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device C:\Windows\system32\SearchFilterHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000feb2a90e3ff8da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer C:\Windows\system32\SearchFilterHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000019f3cb0c3ff8da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" C:\Windows\system32\SearchIndexer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f384c80e3ff8da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" C:\Windows\system32\SearchIndexer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" C:\Windows\system32\SearchIndexer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png C:\Windows\System32\SearchProtocolHost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0161-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0112-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0187-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0135-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0077-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0150-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_129" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0127-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0308-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0147-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_147" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0242-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0350-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_350" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0305-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_305" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0138-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0240-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_162" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0181-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0265-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_265" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0105-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0139-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0323-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0136-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_136" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0167-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_167" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0062-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0310-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0176-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_176" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0342-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0088-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0217-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 315530.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 416205.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 174549.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 17491.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\dxdiag.exe N/A
N/A N/A C:\Windows\system32\dxdiag.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Windows\system32\dxdiag.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1868 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 1040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1868 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://solaraexecutor.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7708 /prefetch:8

C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe

"C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10180 /prefetch:8

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Java\jre1.8.0_51\installer.exe

"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\c917729dd4a74a4e8aa33196bdcc20eb /t 3016 /p 2768

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8120A54F27A4F6C1271A115DD261E5BD

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe

"C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe" "__IRCT:3" "__IRTSS:26611457" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\05f5c3e014c5457fb981e661309cd124 /t 4048 /p 2736

C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe

"C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Beta-Installer-1.3.6.exe" "__IRCT:3" "__IRTSS:24078219" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10288 /prefetch:8

C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe

"C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe" __IRAOFF:1908938 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Runner-0.1-Installer-0.3-noadmin.exe" "__IRCT:3" "__IRTSS:3754180" "__IRSID:S-1-5-21-1287768749-810021449-2672985988-1000"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\0bb56f13d98a4195939b7185391818fe /t 3728 /p 4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\SearchProtocolHost.exe

"C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 828 2836 2832 816 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe

"C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe"

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe

".\jvms\jre1.8.0_281\bin\javaw.exe" -jar TLauncherRunnerx64.jar

C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe

"C:\Users\Admin\AppData\Roaming\.tlauncher\TLauncherRunnerx64.exe"

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe

".\jvms\jre1.8.0_281\bin\javaw.exe" -jar TLauncherRunnerx64.jar

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 828 1748 1764 816 {85EE815A-7738-4808-A14A-3AD87E32A3BF}

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2721.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.9289.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.9289

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\d0c2aa329eb54a8581c49d49cda9b584 /t 572 /p 876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.tlauncher\starter\NOT_RUN_TLAUNCHER.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.tlauncher\starter\НЕ_ЗАПУСТИЛСЯ_TLAUNCHER.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe "-Dos.name=Windows 10" -Dos.version=10.0 -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xss1M -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives -Dminecraft.launcher.brand=minecraft-launcher -Dminecraft.launcher.version=2.3.173 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\authlib\6.0.54.2\authlib-6.0.54.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\patchy\2.2.101\patchy-2.2.101.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1.jar -Xmx3000M -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dfml.ignoreInvalidMinecraftCertificates=true -Dfml.ignorePatchDiscrepancies=true -Djava.net.preferIPv4Stack=true -Dminecraft.applet.TargetDirectory=C:\Users\Admin\AppData\Roaming\.minecraft -DlibraryDirectory=C:\Users\Admin\AppData\Roaming\.minecraft\libraries -Dlog4j.configurationFile=C:\Users\Admin\AppData\Roaming\.minecraft\assets\log_configs\client-1.12.xml net.minecraft.client.main.Main --username Admin --version 1.21.1 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 17 --uuid 6f3f21e267834847a3c67b93d9bdc4e3 --accessToken null --clientId null --xuid null --userType mojang --versionType release --width 925 --height 530

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1818986187352056211,17830812902184280383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

Network

Country Destination Domain Proto
DE 167.235.14.29:443 solaraexecutor.com tcp
DE 167.235.14.29:443 solaraexecutor.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 172.66.132.114:443 s10.histats.com tcp
FR 142.250.74.226:443 googleads.g.doubleclick.net tcp
CA 149.56.240.27:443 s4.histats.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
GB 92.123.142.75:443 www.bing.com tcp
GB 92.123.142.75:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 92.123.142.75:443 www.bing.com tcp
GB 92.123.142.80:443 www.bing.com tcp
GB 92.123.142.80:443 www.bing.com tcp
GB 92.123.142.75:443 www.bing.com tcp
US 204.79.197.200:443 bing.com tcp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 52.6.10.88:443 www.browserling.com tcp
US 52.6.10.88:443 www.browserling.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
FR 142.250.179.68:443 www.google.com udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
GB 108.156.39.9:443 js.stripe.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
FR 142.250.179.68:443 www.google.com udp
US 151.101.192.176:443 m.stripe.network tcp
US 35.167.165.7:443 m.stripe.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 54.173.51.205:443 queue2.browserling.com tcp
US 54.173.51.205:443 queue2.browserling.com tcp
US 54.173.51.205:443 queue2.browserling.com tcp
US 15.204.142.214:443 encoder-15-204-142-214.browserling.com tcp
US 15.204.142.214:443 encoder-15-204-142-214.browserling.com tcp
US 15.204.142.214:443 encoder-15-204-142-214.browserling.com tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 13.224.222.87:443 sdk.privacy-center.org tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 151.101.193.91:443 en.softonic.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
US 172.67.41.60:443 btloader.com tcp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
FR 142.250.179.123:443 storage.googleapis.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.74.232:443 api.btmessage.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 232.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 notix.io udp
US 151.101.193.91:443 en.softonic.com udp
NL 139.45.197.253:443 notix.io tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 13.107.21.237:443 c.bing.com tcp
GB 108.138.233.67:443 api.privacy-center.org tcp
FR 142.250.179.65:443 f7ae452bc40de5e9106533e8de8a9f81.safeframe.googlesyndication.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
FR 142.250.74.226:443 googleads.g.doubleclick.net tcp
FR 142.250.74.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 67.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 52.211.24.199:443 id.crwdcntrl.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
FR 142.250.74.226:443 googleads.g.doubleclick.net tcp
GB 92.123.143.201:80 apps.identrust.com tcp
FR 142.250.74.226:443 googleads.g.doubleclick.net udp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
FR 142.250.201.163:443 www.google.co.uk udp
FR 142.250.179.78:443 ampcid.google.com tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 35.244.193.51:443 lexicon.33across.com tcp
FR 142.250.179.68:443 www.google.com udp
DE 178.63.241.79:443 s.richaudience.com tcp
DE 178.63.241.79:443 s.richaudience.com tcp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 201.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
IE 54.194.101.55:443 ap.lijit.com tcp
IE 54.194.101.55:443 ap.lijit.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
IE 54.154.198.136:443 ad.360yield.com tcp
IE 54.154.198.136:443 ad.360yield.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 178.63.241.79:443 s.richaudience.com tcp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
DE 168.119.72.236:443 sync.richaudience.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
DE 168.119.72.236:443 sync.richaudience.com tcp
GB 92.123.143.216:443 player.aniview.com tcp
US 34.206.117.153:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 54.243.98.238:443 api-2-0.spot.im tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 34.250.109.179:443 match.prod.bidr.io tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
FR 91.134.110.133:443 ssbsync-global.smartadserver.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 54.157.210.214:443 sync.srv.stackadapt.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
US 151.101.193.91:443 en.softonic.com udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
IE 63.35.37.71:443 jadserve.postrelease.com tcp
DK 157.240.200.14:443 connect.facebook.net tcp
FR 216.58.214.174:443 syndicatedsearch.goog tcp
US 172.111.38.86:443 tracker.open-adsyield.com tcp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 179.109.250.34.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 153.117.206.34.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 238.98.243.54.in-addr.arpa udp
US 8.8.8.8:53 214.210.157.54.in-addr.arpa udp
US 8.8.8.8:53 71.37.35.63.in-addr.arpa udp
US 8.8.8.8:53 14.200.240.157.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 104.26.2.63:443 wct.softonic.com tcp
FR 216.58.214.174:443 syndicatedsearch.goog udp
US 34.120.63.153:443 prebid.media.net udp
GB 18.245.143.68:443 js.adscale.de tcp
DK 157.240.200.35:443 www.facebook.com tcp
DK 157.240.200.35:443 www.facebook.com tcp
DK 157.240.200.35:443 www.facebook.com tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 130.211.23.194:443 api.btloader.com udp
DE 18.195.3.92:443 ih.adscale.de tcp
US 104.26.2.63:443 wct.softonic.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
DE 23.88.8.125:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 216.58.214.66:443 ep1.adtrafficquality.google udp
NL 139.45.197.253:443 notix.io tcp
US 199.232.198.133:443 gsf-fl.softonic.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.250.109.179:443 match.prod.bidr.io tcp
US 54.157.210.214:443 sync.srv.stackadapt.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
GB 108.156.39.10:443 s.ad.smaato.net tcp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
FR 142.250.179.98:443 cm.g.doubleclick.net tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 81.17.55.97:443 rtb-csync.smartadserver.com tcp
FR 142.250.179.98:443 cm.g.doubleclick.net udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
DE 23.88.8.125:443 uidsync.net tcp
GB 20.90.156.32:443 client.wns.windows.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
DE 23.88.8.125:443 uidsync.net tcp
DE 23.88.8.125:443 uidsync.net tcp
GB 2.17.209.170:80 ocsp.securetrust.com tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 92.123.142.155:443 r.bing.com tcp
GB 92.123.142.114:443 r.bing.com tcp
US 13.107.21.237:443 rewards.bing.com tcp
GB 92.123.142.129:443 r.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
FR 142.250.179.68:443 www.google.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 104.19.230.21:443 hcaptcha.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
US 34.120.63.153:443 prebid.media.net udp
IE 34.250.95.85:443 ad.360yield.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 85.95.250.34.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 157.90.33.121:443 sub.got-to-be.net tcp
DE 157.90.33.121:443 sub.got-to-be.net tcp
GB 104.103.251.196:443 javadl.oracle.com tcp
GB 92.123.140.64:80 rps-svcs.sun.com tcp
GB 104.103.251.196:80 javadl.oracle.com tcp
GB 104.103.251.196:443 javadl.oracle.com tcp
US 8.8.8.8:53 196.251.103.104.in-addr.arpa udp
US 8.8.8.8:53 64.140.123.92.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
GB 92.123.142.98:443 www.java.com tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 40.143.178.190:80 ssl.trustwave.com tcp
DE 178.63.69.206:443 advancedrepository.com tcp
GB 92.123.142.97:443 www.bing.com tcp
DE 178.63.69.206:80 advancedrepository.com tcp
DE 178.63.69.206:80 advancedrepository.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.155:443 th.bing.com tcp
GB 92.123.142.155:443 th.bing.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
DE 178.63.69.206:443 advancedrepository.com tcp
DE 178.63.69.206:443 advancedrepository.com tcp
GB 2.18.66.177:443 tcp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.104:443 r.bing.com tcp
GB 92.123.142.104:443 r.bing.com tcp
US 20.42.65.84:443 browser.pipe.aria.microsoft.com tcp
US 13.107.138.254:443 spo-ring.msedge.net tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
DE 20.113.200.164:443 33778827e982dd712b2f055fa3800cba.azr.footprintdns.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:80 img.tlauncher.org tcp
US 104.20.37.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 img.fastrepo.org udp
US 104.20.37.13:443 img.tlauncher.org tcp
US 104.26.11.134:80 img.fastrepo.org tcp
DE 178.63.69.207:443 repo.fastrepo.org tcp
DE 178.63.69.207:443 repo.fastrepo.org tcp
US 8.8.8.8:53 207.69.63.178.in-addr.arpa udp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.37.13:443 tlauncher.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 8.8.8.8:53 dl2.fastrepo.org udp
US 104.26.10.134:443 dl2.fastrepo.org tcp
US 8.8.8.8:53 134.10.26.104.in-addr.arpa udp
US 104.20.37.13:80 cl2-res.tlauncher.org tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 104.20.37.13:443 cl2-res.tlauncher.org tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 141.193.213.20:443 softoniclabs.com tcp
US 141.193.213.20:443 softoniclabs.com tcp
US 141.193.213.21:443 softoniclabs.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
FR 142.250.201.163:443 www.google.co.uk udp
US 151.101.1.91:443 sc.sftcdn.net udp
FR 142.250.179.110:443 www.youtube.com tcp
US 8.8.8.8:53 spn-v1.revampcdn.com udp
US 8.8.8.8:53 20.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 21.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 142.250.179.110:443 www.youtube.com udp
FR 142.250.179.86:443 i.ytimg.com tcp
US 151.101.193.91:443 spn-v1.revampcdn.com tcp
US 151.101.193.91:443 spn-v1.revampcdn.com tcp
GB 2.18.109.60:443 amplify.outbrain.com tcp
GB 13.224.222.64:443 sdk.privacy-center.org tcp
NL 139.45.197.240:443 propeller-tracking.com tcp
DK 157.240.200.14:443 connect.facebook.net tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net udp
DE 157.90.33.68:443 uidsync.net tcp
NL 139.45.197.236:443 unphionetor.com tcp
NL 139.45.197.227:443 notix.io tcp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
FR 142.250.179.68:443 www.google.com udp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
DE 23.88.8.125:443 uidsync.net tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com udp
US 104.22.74.216:443 btloader.com tcp
DE 23.88.8.125:443 uidsync.net tcp
US 64.74.236.63:443 tr.outbrain.com tcp
US 64.74.236.63:443 tr.outbrain.com tcp
GB 2.18.109.60:443 amplify.outbrain.com tcp
NL 139.45.197.227:443 notix.io tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
NL 139.45.197.227:443 notix.io tcp
FR 142.250.75.238:443 play.google.com tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
FR 142.250.75.238:443 play.google.com udp
US 172.67.69.19:443 ad-delivery.net tcp
GB 108.156.39.35:443 config.aps.amazon-adsystem.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 51.8.64.151:443 h.clarity.ms tcp
IE 54.75.251.201:443 id.crwdcntrl.net tcp
FR 142.250.75.238:443 play.google.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 51.8.64.151:443 h.clarity.ms tcp
FR 142.250.179.110:443 www.youtube.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 104.20.36.13:443 cl1-res.tlauncher.org tcp
US 51.8.64.151:443 h.clarity.ms tcp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 104.20.37.13:443 cl1-res.tlauncher.org tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 8.8.8.8:53 api.minecraftservices.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
GB 88.221.135.42:443 www.bing.com tcp
GB 92.123.242.18:80 aka.ms tcp
GB 92.123.242.18:80 aka.ms tcp
GB 173.222.211.57:443 help.minecraft.net tcp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 2.18.108.226:443 assets.adobedtm.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
GB 95.100.244.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 226.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 132.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 minecraftprivacy.microsoft.com udp
GB 173.222.211.50:443 minecraftprivacy.microsoft.com tcp
US 104.18.72.113:443 static.zdassets.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 104.18.72.113:443 static.zdassets.com tcp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 216.198.53.1:443 minecrafthelp.zendesk.com tcp
US 216.198.53.1:443 minecrafthelp.zendesk.com tcp
US 20.42.65.84:443 browser.events.data.microsoft.com tcp
US 20.42.65.84:443 browser.events.data.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 03a56f81ee69dd9727832df26709a1c9
SHA1 ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b
SHA256 65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53
SHA512 e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

\??\pipe\LOCAL\crashpad_1868_SNXVWGBDEIWCQUJC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d30a5618854b9da7bcfc03aeb0a594c4
SHA1 7f37105d7e5b1ecb270726915956c2271116eab7
SHA256 3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8
SHA512 efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 943a2597b10011628be48cda4b8fe5bd
SHA1 392361a73f6bf412d32e443863c9ac333528f349
SHA256 8db5e7c768de67dfa14e4e97832a160ca579d268a96f9d19ae5af80829e559fb
SHA512 2b2ca564ef02d7250674e4d07866ecd6fe1dfa56a1405be3979bbb622c327b29972a18bc2267278297be9608d8ff5b29d89af04767fa0c8539f69f67399e3911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14514a5aac46bbdd1334f8424e68be39
SHA1 0dd8da6da4a77c09df615ad782b0297dcbda6f3d
SHA256 f47919f143b0f2ad8ea7fb3c442d77283ee666d934512a6b509e225ea3dc506b
SHA512 89123699df383b309e34aea34d603eeef2d5a955c4da7a607535de2bf17742495934ebe6518e300df4260d9a1f406482649aa1752e184e3e0bd29252d91ea441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 835838f5ea51a70a3edb6bdcba690e20
SHA1 d55f150e74778a897e2181d4ed1e933391592934
SHA256 fe112cd36cc8c72c9b5b5d04595bd305a5292ed669804b16a343fd138a9bb668
SHA512 01f83655dc80e44198171d31c4927aec217a8e409e430e9c5f3213650544d25884fe8868e7b395156ba2087e0adaa7d0cbd309c831d5cad96b85bf8f2dec5419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 ed124bdf39bbd5902bd2529a0a4114ea
SHA1 b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA256 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512 c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 60f8cd04587a51e31b51d1570d6f889a
SHA1 88574c41d0ab81721b275252464da5c7927a4835
SHA256 27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb
SHA512 84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 038c1f469deb6932520d09a340856ebc
SHA1 8b361a8c0489b69e9ef4e132e36f20c161c5ec1e
SHA256 5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451
SHA512 fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06de37724221a002_0

MD5 71c76385d7bfd5cec052b85f82a25e2e
SHA1 263b030803e65516c7f757777580d0022eac7a45
SHA256 948e24f7ccd57c82a601fb2981faa1ced0ea1733e33cc0e070fef928c336e362
SHA512 9bad24bb8ac4ef03b901eec8e75450787c6d4d55977faffe8bc9a39d358358cbdc6064bacc7248b7ff267a6a310a09bfce01683a29e3b543ffc48be1eb5b0e72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06de37724221a002_0

MD5 17793a3ad69533083ca894753bff4bd5
SHA1 0816406a978284f072cef138f840fe90dfc0216d
SHA256 5a0584a429ddcca8d86f81a5c54e7c775aa80064e15eaeb1e7986ac0d5421f28
SHA512 8114b7d41a6eec1770dbb5eb464619e7786310eb7456eb65ac90f4bae9c08d5e1db327a9588085e6cc9645f2cdec018ea9a49776c56bd09bb7709aefecbb8b9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21c268b62e948d83aea15ed104428ae2
SHA1 6f592918588b663cfb7bfe3de5a5b4bf688678e0
SHA256 62743d15774acac0a8b5953775dde03c3d9f2cccd44f69caa5065b85f2bda0e6
SHA512 fd7211cf6551aa839f746d574a18a0e820a78d3bda68613e1f23ec67e432f84381ecae483875dfe8006e80b7ded8d7bf957e3553d7fdc2d2633ca08fa9d54d9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2460cdc50c06ce7139fbca80ac81efa
SHA1 ec850cb41d2962a4e8664b0ab35b5d2abf12e402
SHA256 11842ba76922fd8a7597c0e8b382ea7ce1d27b76fe9b9cdc8bfc15a54034cf3c
SHA512 6ada1f52a649f61ba4440c4f74fac81bd9d6306d43e8f823cf01827aa0ea24282e9f87294bb9dd3509afb617c257c19e5ac4d0ae30cbe226b0999f4887f64ea0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57efde.TMP

MD5 a5be68aeb8f592a7b2a74fab5c5ad295
SHA1 682ca9048d5f5b49b0d14a422e7c95e42520dd70
SHA256 78251c792300cd19bcb1c00b2431131656c3207880e3276714b2d990f96fdfeb
SHA512 ec9c597eb3a3a023b7514c411958798d71ba7d4e5d43af8134999f6df54f1daa84feeb8f4508bd5657a02ed652eff335f9e62486d04a6adba9b6ccc7403d19b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a03fcf64c64505e8f05812259d878a53
SHA1 8715894cb119bc55a6b2d0fda79509451a9ca68e
SHA256 ebe27838f37a3e0263af4c8d070aef1f91605a333d5ea3689f57e90edbb8c961
SHA512 877778828ff3dcd4519d934cc009ecaaba443cb1c8f8dbb737a3e80b98a575c4fdadf80f0bff141067c41b3d29251edbd571aa5fc6ea32d29631f13a88db57f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4689921d63d2b76425fc537af40352e
SHA1 2e8c327824eacba20c1bff11433ad5ef5a91af14
SHA256 870d316b65f295fb15732d420ecba2cc9fd7c19ddd8b222c673ed3de6f7e4d73
SHA512 63a93306b15a66a06040d1ddcffd41ce40f4d15365520803e03348a6d4d2f8c6f6fedf2dfb828162adf1345019354b12685c573542073b6c7bb6a70152e145fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 833b6e2430a65851bd2891b88e8e4677
SHA1 852308c455e1bbb4f30b8f27f04afecdaff04a09
SHA256 a9ff176616325107480a6015ebbbe9673c21f08313235fe1658c137e66128e00
SHA512 3dafdcc48f1dfd503928eb48d089cadd39b03f2346769c34534de90be4d0de2a1abf8cb5ad0f454016e8197b513fff7ff940bf25c95004be44f30e2608a6c6aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ccb819e65a343d928781f33f403d8c90
SHA1 d0a88c769cde3065f539665dee0db76b77b74e3f
SHA256 db23e71fea19e640f89d51a2268439390b4dbbf6d08542f92d7794d6ff854bb1
SHA512 ebfe892abbcddaa04c58b30444afa6b82caa5b4c6b699f0fa21fec3dc4fe0809b8018e8f0b3410ebbbe1e7183bbc8cc51d1712fb81fd711c9db51b1c4dc45fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4bb9c1b0f35bd19331cb5a2137e5cb85
SHA1 faae5ba7bea8f1e0e0389242f1afec54abcf3c52
SHA256 a44af9d3eae41c7e66c3fa14bc857c64fce6d46028f8e0bf9f95d4aa9164b48d
SHA512 5950c1e0ff577bd671adde64c60d701f63c69c5d4ea04589596ff01877ab0e308b01645e7cf61ea264822949a90c4f41fbd0842d4bcc7866b769fd93e87c0c0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4b37e666dcdcb41ed6c3a9683b36f76b
SHA1 5baa84b5fd2a4ac25da9616cbce695a7e1f2b24d
SHA256 1e88b056e081b09c4c7d2e44b005e9baa64bf00c13e7f251bd8995548709887b
SHA512 1d9e74b4116f1f30cdab897c74a731188155fabe546cda1ad4479a4f53533cd8ded3b05cf1a002111f3441ea100b5e0ca27eef12281451208a6acc8a5bf7fcf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

MD5 e93848e7f29b9126e8c2ed6b0bc630a7
SHA1 10c9807e351a13104c0ee913fe7002f6324199d6
SHA256 4e857dc011248d1ccd8fcf8972714cccc44d7045e0b9dcc18e663b2d754e4bc6
SHA512 54c9b845fef1dacf236f88e7a7de0d1b36a4a4bd20eb926d81ccb6a3f8e7ff78c04ea24fe757c677a2007249713dde30dbb18edefad38d0ad6888d61aa14fca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 98f7ded41df9df121c853574b3e7f15e
SHA1 c33dc8e6b84300e1dd99600e453b1c1103719410
SHA256 52dad93b12d78578fb838e07303cb9f137cc1f46a9fbdc8bf4bbf1ace762555d
SHA512 de43441f031169efa3dd8ba99d9735d72f07272c159a505634a53a5cc34cedf7530cbea6aeb720e69c91c903baca27c271fa8288c97c9c4541aac74821118d50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97a2250a18aa9d9dbfcbc88a254fb1b6
SHA1 53a147e415c69e66ed12f4b25f360971c080c001
SHA256 166a914ee75547780a9e60e775a188c10f8db94e0fcc8dc4a75c660617dab11a
SHA512 41e848a158dd63ed1135534e662e3322741901cbd1267bb96ebf5cd0ea7fc4f86aca7bc36856fb445a5847a590b36d18960d65c670e7f053b6971ac56dc14357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a02b9adb7145f4eac17acd7d016166c0
SHA1 e4fbf5b36181b51afc9cc83789769c8a15e68828
SHA256 af476cad489052d9ad162bd36555bc04f42f0606d2eb3d11bc6f07fac5abd5a3
SHA512 ca54fb5db9daa2658febad4400de6cd240627e6dd8121e410d5140f8f02716f5635601378de864e3192538d26d3dd12e9d1a9d5454ed22d8c3159e9111077052

C:\Users\Admin\Downloads\Unconfirmed 416205.crdownload

MD5 0e0716d2e4aac0bb178c261985acf33a
SHA1 bda605efc74046624e45e7185a1eef7304bab61d
SHA256 3640227b80b8742c811f8ef399ccf1018d21224920e76239136d569db12a6244
SHA512 53898b2801587b941c4e4896746da5b26d02f4e1418fca802407a802d4823578539cd02700a2fa7413c0f2170fe075d65553f433fd1b4f412b0707516364aeeb

C:\Users\Admin\Downloads\TLauncher-2.899-Installer-1.3.1.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01a14775e568a3602919b660f05163d9
SHA1 80d549130cbdb217d37e76b32a6e630c3a76e2d4
SHA256 239997773582e7671784c2812c6b9e984c889d8b59eb26b625a24d7c5d8143e1
SHA512 51a717353847878324c14f93153a25c00c830072db2cd1dc4bd164cdc0f4cf87a1e13db2ce4921bf3b85dfb471956dc6ebd45ac7ef4cc80272eb7996d3a9b8e2

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a019b5697f8336ebc95e55e738dd65ba
SHA1 a91bbac4de57faccbdf04338006a8f136e2103f3
SHA256 abd8a1242e302f0b7067d5bed8fc89ad16136d12e27284911740305708824a69
SHA512 50bc39c25c1299ad3e30a9cea89557f55dc2fb31e03c14e02dd80945d9d006477d3a5a59cab6089b397d04d236ea1e96810d29ae9a3585c56969ad206258d255

memory/2768-1288-0x0000000000EA0000-0x0000000001289000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

memory/2768-1846-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6312ddc08dbd438906525f6444df9d46
SHA1 d7e7330ec7ffbd2d84bd39c74bcaa464027f4722
SHA256 9fb3a4b63c186fc0e7c00142e1e88247e7463df8c585303cd3132166f09d1943
SHA512 9f2dbad4c5b5895a88dfb1079d76b659a98d07ef520da75300a2737f2a32360508a1fca0c2cc6ef83636b0d9cdc46052b034de22ecf932e2c63e71e8acf987c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59d8c2.TMP

MD5 b823d89c8dc54eb170773ca036266e26
SHA1 8e5cc7c031d194081a1f7ae66c0895128132beb2
SHA256 1f8058cec7421e65519624210c9f4a5db564a6702f1552f0a29d2c8d60a31865
SHA512 c5683422f1045bdd28b9bb9d6161371fb3ef8a4a247d73acaa90d48147caf705c7f44f7497ff7e1dd175a814dc4e438b1f772ee9ff5b33878659a8bfc7e50178

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1a906212ec91f81aaac3630b96087a87
SHA1 826f9c77b22e7257d455632532a170b16e07c85b
SHA256 d77ffc4bfeb2753cbff3b961826557684d8366d7c9baae8eb9a30d04aed7da2c
SHA512 8bcc925c20d29c054e19c300758bebe577b9e8a3833eb1f8514a54789bd7f414076806a110e1f1ac1cb6cdd95c0fbb852a0aa0502574403f25895aafcbe1daee

memory/2768-1901-0x0000000000EA0000-0x0000000001289000-memory.dmp

memory/2768-1902-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20dda48c8d16c315704e568218923550
SHA1 e6ce2a264560dc3073f846421db52e1dfdfe45cf
SHA256 0f70e29bd994180227491099ca5cc8d7150ecdf49270e9a8a6c19a404c63956a
SHA512 fd2baf88a342c611d63f62a7a7049b8208691ac64820f69613aedf7ba1307519621e67048cf8fa87dbbefb8f1fa2fb86d5daf74c68d41828856563a96db3e31f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 0d2283b0df70bc0217118f5c6d1fd836
SHA1 0aaa2e0daa0f0671fbf7817e222fcd777be523d0
SHA256 fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb
SHA512 16071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 cf604c923aae437f0acb62820b25d0fd
SHA1 84db753fe8494a397246ccd18b3bb47a6830bc98
SHA256 e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4
SHA512 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 bc2a0b079634e3f46f0a4c571885acd8
SHA1 3a711b7135582edb09cffc9ca9e7541399e3cd58
SHA256 4c6256e6b242b944801944e28268bc463ca9023aeae59e5c5c83037f693d64fd
SHA512 357a3c860e81ba963d2bcdb402fb19ebc3aed45f14e68b7079b65ffe7941aa5114315cb58cb3a0d4467f524287eb3dfd00b369c89c8e152833c428d8840ca377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 397b97e39755f01061537c69bb467381
SHA1 b06e6cd41b97d7cec4f82a3f91305c9eacaf9b1c
SHA256 0f09ca576d0decbe907ddce09df90c03f3d2ec8be742d3aac616d834447d33ad
SHA512 541503d742151a1817a3448ee5f47b09fa04957f26946d057b921c1173db1a5c634205764f8a0bab8d8a04ccf5981aeffa0d194b339bb672e18d0edc3bf6bbc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4f87199cacad871ad2b5faba2428d45
SHA1 0f41ff856e90209fa9c455263ffc9255389367ed
SHA256 8f41e36540694210c6706a0ac49626799d801a434408f17038846f9ffbdc5925
SHA512 50c4fd0a7c5aa439c8ced57828cee01ede32369f0b1b03a704daeb29e2db906b9de4f75c73dc003a26caa562b5e63ad61c4c702b49a676dc31632dc1d9d168f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1b753b5832e2d87d8e48f7aa3a7a42de
SHA1 405779051b96fb00e3248665909b92d03d7411f2
SHA256 cba2dce9aa2e53dff0364406eef195042752f7bf66e068ed7c180a648cb703c8
SHA512 0b8ca69bd31deeefeb84ac624ee864d1ca32d24f7be2a2f33f97a518034d010ac6de7da7c3b4fe2ab6fa0940fc2acad16f00f0e99f414cda952aba5e0dd21c97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c419ff13328ce32ad891d4fc664ad10a
SHA1 4ab740a34e953dd1d54f0272749c1e9a00f61fdc
SHA256 b9e0f3603a2b17230fa2c4a2575f1fd160e95e6a8900cc7d4998ac4a9d0b33bb
SHA512 1d45c0d70f50636b792f123c82d55c2c731909f3436113c42b0f060c5e8e07a9409315fc57af5e710e6d236a80476f7a6f74ff28f3b6d04d867b4e17fb199b00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9688ee3a8db5aeb591644e3860bedf9b
SHA1 84e1590f7e4ab90d2627053b99b575447bac370f
SHA256 5ed7307554d0a77a1a31a751a5b9a996dd36e64834bda716c10b72ef520f1ea6
SHA512 c2269092ca285b47d830e878ae7a249b81f1c3a11c309af5beafd9b6dc7a05dae0815b183d1d7ed8f848e20957a670feb63e6cdf5b77a523c6e4292d6fd9f758

C:\Users\Admin\Downloads\Unconfirmed 174549.crdownload

MD5 1adec7eb478cda3b13c1d0e9211ab2d0
SHA1 9125f5351d91ec050aaec2d8ab57ba2888fe8f23
SHA256 3f2bf670dcff19b02d168935ba9b36058bb088723b2f9064e9c4ee72b5f69894
SHA512 fe19b4beff3dd241d65b6003c8a8d1ba04c44b1146150f8f1b8bdf18ec2d9c8a27eaf12d34eac1b90271f04de6e8b87c5f633e09adc4e4f03aec515dd459c6ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3fe8cd8de5b6d67671e607b4985dd558
SHA1 7c7d5b9c7617260d83b516334ffe9a29c90cf81a
SHA256 cb2cd383a549c749a9e35d0dc0945d42d81de76621f17074137e6e8be808095b
SHA512 0849b1eba74fd9a87f1ff07e74fd98470ac5bb049100685604636c2b73cf0cf1dea120a4229840ef0ea4a2f3aa65c4c7ffb4ed15cff66b6fc42c558f54132a7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f41aaa0fcef631fa11141819004382a5
SHA1 84900ef55caf3a17053528b8b96f15b78eb5ce22
SHA256 796e56188dfbecf5ba364c3992c8bae43fa10ace1e9b19b7751728a046e0b8cc
SHA512 44e9459c77f13db5d89484de0a83c7370d6bcb0b675a9b0de249990d5599ba08f79dc20b152aa672d117e2e90bdabdf4130ca91163f9d1cc99f1aa0b8b057fbc

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe

MD5 b9919195f61824f980f4a088d7447a11
SHA1 447fd1f59219282ec5d2f7a179ac12cc072171c3
SHA256 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
SHA512 d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old

MD5 117bf27972aa4d053412113e1c0619f8
SHA1 f1e4ceabed9aff024fd07a3d5e652250ae1d66a8
SHA256 17cc392eb87be0889d7740cfae95dbe83ecd63508329eb69a4558f29bb1b64ca
SHA512 29177611fb7b697d0e527a46be190aeb7ddd2a1ee0fa5316b5c5f3d9c5889d84cbd34149087e8963836fa449fb5b66292cffc0055a62427460f7c156bb614ee0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old~RFe5acff4.TMP

MD5 ff9214cbcc835bd06375a859b683c24b
SHA1 9848233f4c1e136b3e8ce137eb56741958a4b793
SHA256 7f9809d98ef149e212ee14b088461dba81f9f1e89e19fe216480317e43413f7b
SHA512 6091d34450897780c21a3fef7853d611e27203cebcea41af845fd4e4fb9c6a4cf507f0af4ecbd099c698f2d2fb63e6d5a219a5f0ef58251fca05dc88293d1b93

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 0e2436cc52d5a3c372b062ed502a59ba
SHA1 639d57db2ca9132e01b1b677fe34427e93bc0016
SHA256 37019fb7733f01ee892180398aa5ce52b4e434031c5f48a6152a49c1ed00a94e
SHA512 88a76087faede53acda977fc1bcd8d21e606bdecbaf7100f5e5512b92b24a21a701bd9821d8944b770d3fb285ba5fb442e7f3d7001b4c9750a8b874e200e6ab7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dedb7f808a4584295fb3d5d328608de
SHA1 3678f34710750cc0a215649efd31d252b533ac8c
SHA256 00ae3d3d98988bff619fed0fc6b5a51286049ad44b0f6a58db56c7a9756d3f30
SHA512 752b6b6a5b7cc78d2400e6c771db9dfcca9a8af06c3c6f53a2666116f0975fe2a6f043f1872bba9b9ac90638f6847af949fa5b024e1b6bb1c37154ae02a1664b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3129627f9d159e065e5547a9577d1982
SHA1 c364662c217d530d6583b42d4409ee8191bf5140
SHA256 c16b6c1fa83553ef6c0e3d404e5c7c409478c56b3b0167d9934f5a4ee8080f5a
SHA512 e8ca3f1e887b9144eadc1d113d5c104da5da7735a549c939e2f51aac4b93adcba8a947c8d2bda73b652d2bd6faddfb9729939dd31122b2e12489fcbfb735d0f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 168d4117f75c82f97e75ad7846dd02ad
SHA1 a7436cf6f2da3f1cd764a674c5b5fae665064d7e
SHA256 04dc15aa31474cde99de6fa77b80d80dbfb476d59750e178fad9954b3e2954ff
SHA512 a2be0b2d71cb2a3e111dece15aa80abf943064404887ee4bfa1eb36e444d45260d378f59eddd3928eceffbd7f45bb6adace4d7ee93227448e6e875df25da64b4

C:\Windows\Installer\e5af454.msi

MD5 1ef598379ff589e452e9fc7f93563740
SHA1 82ad65425fa627176592ed5e55c0093e685bfeef
SHA256 d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

memory/3680-2467-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3680-2471-0x0000000000400000-0x0000000000417000-memory.dmp

memory/4620-2702-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

MD5 5ed6faed0b5fe8a02bb78c93c422f948
SHA1 823ed6c635bd7851ccef43cbe23518267327ae9a
SHA256 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA512 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

memory/2188-2919-0x0000000002E40000-0x0000000002E41000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 0bbc0ed9b14141263de7073ac7e06455
SHA1 9233e56965f943f49949e517f85bdaa11186515d
SHA256 44196693f52c160cfa791afc2a98b187c36347ca4ac9c30253cb6653eee85c9c
SHA512 550d5a352d6ece3fb8467d23428e3770b435c4bbe839696421b64e80fa422783366bbfe6aecf5ce5f875d8d71fb6554741dba38f4f928ae23ddcb0c3a465db02

memory/1980-2959-0x00000000014A0000-0x00000000014A1000-memory.dmp

memory/1980-2965-0x00000000014A0000-0x00000000014A1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 b53d7f7a40740885141ba4a5ae97cb2c
SHA1 670306398ff69eeee43566517eff6ad857db0f20
SHA256 5c117900f53e2300b6fc12440a5d264e0715dd39808b00212e0aa93bd9d05aeb
SHA512 2f974e18e29d2876665c0951ee1c7f6e72d784242e3bd83758bb33101a9ef293265b5ab4e5b3f0f96f02e3265e085d7f3d2eb0c46d9172a8c4e85a2cee23c3d6

memory/2340-3007-0x0000000000E10000-0x0000000000E11000-memory.dmp

memory/4284-3006-0x00000272E5170000-0x00000272E5C32000-memory.dmp

memory/2340-3013-0x0000000000E10000-0x0000000000E11000-memory.dmp

C:\Config.Msi\e5af457.rbs

MD5 6cd521569b9db18e718a5222c1f915a3
SHA1 4ac6813bb050bca46c7a561a938f813006f06b04
SHA256 642ed5c9e88587712aeb4ff7994da48b10369d9570afc57b7a52831f03f24970
SHA512 d4a7fa6caf8ec29f4fe69aacc71b67281230e9d224f1f6f7e84b583eedf1ab5def29fafce412600778d718b846203e61460e7cefd4d4c242dff5b59eab9a52d1

memory/2188-3055-0x0000000001550000-0x0000000001551000-memory.dmp

memory/2188-3057-0x0000000001550000-0x0000000001551000-memory.dmp

memory/2188-3061-0x0000000001550000-0x0000000001551000-memory.dmp

memory/4104-3084-0x0000000002680000-0x0000000002681000-memory.dmp

memory/2736-3087-0x0000000000BD0000-0x0000000000FB9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 3d9692082e7850ff65fed29ff965fea2
SHA1 187d2c1828bd0a69031e7e5338db82519aa50c28
SHA256 29dbeb94e25b69a37176995361f05f75445561f2e6c38e0a2861bd921ea99833
SHA512 53d2c2c9d68bd07cca4e731bc070b04395c83cd126c13c186f294f2cce6e8d54ca5481e7060bf6a7e844b17eff7f09dde36b7224fefb6ea4f9e92b8728c26724

memory/2736-3655-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt

MD5 be27a7da181fe2e0f9daaae4c93dc291
SHA1 79bbf661f01c7d11916343bd98f0ec594a4c2434
SHA256 ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d
SHA512 caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG2.PNG

MD5 b9f65a764f4b6e7200d4e8196404506e
SHA1 ff234ad4d6bdefbd327afe797a8d4ad49bc8a6db
SHA256 0edf34b391e628c512c92875c2bef18e4ff6089c684510f7a9899a3ee74e7c03
SHA512 f7f5c039a2afb770dc5c69a25e1b14b1aaab193d3e068cf5122d5b2e852549f7315fee033e08dd6f03fabbca2201d11b40c82a3405052799a11475f14ce77b9f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG4.PNG

MD5 c6186135729878354e56e2430b872621
SHA1 a75d9bd5d067554c20f56b26691b8d2dffd61e55
SHA256 ca14f4876462ae0f578da25803b9a846a7a714f120a7a0c3dc8882540372ea39
SHA512 4f7204200ad7ff0b6af06a2b3bd384296916a5672bd05d8525889a6ef9c0dcc29703ac593f2d09f148a27de7245c2cd73a8be68e356826f912340a36f40ce655

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG3.PNG

MD5 61926338beed8fc9248d30b518a30ca5
SHA1 a8c58b3c54e8022c11e2131b44b79de9a71b8075
SHA256 8e6ecb01714f54d7df658b6e7c959d3ca76344d1e555fd29ceb503589c002ebd
SHA512 d915d4da356c6e86e6e7321f60424738799f833136d5e74f1e3b9b39b484a5edc8f6c5375a66b0bb11027a43ec85c29eeb7478722bd0927d8d89fbe6a5ade28e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.PNG

MD5 91d4b32e546bb567a485368f4f3e9e36
SHA1 1a3c0d14148e89d63133680585a1cc8acf350a30
SHA256 c36b84cd9535d41d0b83314016b94cdfdf240bd561ea6a7364d80c7d1d0a408f
SHA512 60448d51a6963ffe78a27396fbea0bf0b24e7e6fc6b1b20f918162611e715cb3e66aa598d5300701ea5861e6c1157d3dab490fffc250fc848d9b4bc25fd41390

memory/2736-3678-0x0000000000BD0000-0x0000000000FB9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f703380d-40b6-4694-9705-a5d29a87e85f.tmp

MD5 a5ae75bc08d13375aeb5edbeb128503d
SHA1 e1f387024fffd92b9e2f6afd7c9127be8ebf9b75
SHA256 ba6447e6592d7ded38a4520250a7e092bc1fa8e92f226bf647c83fb16fbd562a
SHA512 5354f4879f0db2d72db9d708249a52d7bcd4ee3aaaebf070c62634a2b93086a89bb2056faad941fbb985fbf705673857387c82e9739bdffe23dc06799a9bd073

memory/2736-3696-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe

MD5 53bde2c4c0dd3b594b299e257148c4d6
SHA1 194ff2abae77d4f3d960657181d100a63e3b8717
SHA256 3939ba065ca638c97b046cd350cfe244135253d095aca9845fae12b8651a0e78
SHA512 5bbf9873f805facde7754228171ce2b633fef9277cb9eb15e8996c967f92fab2f6e04e3067952aa912bc1fe0b00d905c0c8f71d741f164ec89cd0d7fc47d328b

memory/4504-3708-0x00000000006E0000-0x0000000000AC9000-memory.dmp

memory/4504-4289-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4504-4303-0x00000000006E0000-0x0000000000AC9000-memory.dmp

memory/4504-4305-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 96712cf66794cff686e1a2d3669a189c
SHA1 94edbf1a64ee923b9968afe57140d5e215033f1b
SHA256 b15764b4c675f157a1cf69babfacc2ff4df10ad467c48a55c3d59601295d8ac1
SHA512 a247d14d9e02f2fa63f19d718ea8bb547f6c62124ce97d6efb7f4393732480d4ec215cdf61d3b918d35784a6dba38b44581f6235c21a9b8a181e11f88a6c3d1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8751b6439438c32e84ca8cf44cc422c6
SHA1 f92e528515eb8d78e03e77db51bf8390064fccfe
SHA256 75addf070e05723f29ee06516b8eabb691092a4812afe6c1c80ee51199a96df4
SHA512 af8df8e642cfbb51b57c92a50c779ac7b0ae4374a3826794872c5873f2e4131aeab484917ec70a6646d56f238b08871077a0e3b98041359495b7237ac09bada5

C:\Users\Admin\Downloads\Unconfirmed 315530.crdownload

MD5 2fdbdd1b695596ad7781b2afc1482a29
SHA1 5a0a035f2652971df0994cd5b7f95eaa9e5cbc05
SHA256 9c6eb720182236494277230060acabbb1fae55682053fb1c241dd357e0eeea49
SHA512 ee934710cc12f991f39952964f81a0287bfa2d3d9f6305131fed97525ca646c1237007b6bde123946cc593ec4da28e09a1c530c889b731df31537e3c967b62df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 057f2fe744d970263e5713ebff750dd4
SHA1 f47c0f8f9f0844f1220846d29adb906b99a46a9a
SHA256 6844dfaf46cdfa6dbaec53b20fc18a43d46027fcc3a171336a47f92a6cc29e85
SHA512 5df227febcd440a92f0acce46983cfaf9c68f5d73144185a2b11c2d8187aff0c4520b9180d934814ebebf2fafc3eb7687617adb254be9b72853a700a39918db0

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe

MD5 4383230c2e8620e2a7f5eeebafecc460
SHA1 990ccea05d61e47ce111e1f05390e0fee96643e4
SHA256 5463454b1a31c64211f2a724a6df78b31da655cbea9998fb2ca9c300d472660c
SHA512 f550362f938fe4bd73257c8f20c5a9164ad63124d9c2b25333a153297a9b1a3133c327d834cc32c8c7d81303cd50325248a9ca0267769d968efaa281c30255d0

memory/876-4390-0x00000000008F0000-0x0000000000CD8000-memory.dmp

memory/876-4506-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 03b9360326932d33624a6f5496f27f54
SHA1 313af6aa9e7127f054304fbb0ba02debded6de00
SHA256 309b88344cd1eed651a93465295c894e8a243bdc65123dafac30c9278c865222
SHA512 fafec56138a580fb1de9568c6fc1a6e880d48573f58429ab807292dbd0a7170c8ecc4df4ffd0632eef42fe11b99c8f6984aac7a7bebcfaafc7a09f23ff86c8f6

memory/876-4538-0x00000000008F0000-0x0000000000CD8000-memory.dmp

memory/876-4548-0x00000000008F0000-0x0000000000CD8000-memory.dmp

memory/876-4549-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d485a5a59ede00bf0be1e57a665358d
SHA1 f624bcf1241f372738287c66e075ade92d861143
SHA256 6451e028481d2bf43120c9b150c119fd32264a660570362e1a0de5af5b5765f0
SHA512 7c64d9694a33023f08b13e90b1352b27e5297dfc2d076065caefc6c16e09fa199f4f5622ed789208bd4c9a9875b63e6213c4b359cc79ba369d3d6ab37b4223aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1401d1c206bb0ba8e6ca7257afa11fcb
SHA1 51a4cc54b61c8ca44d0114258b3154d14532f452
SHA256 ffbcd549abee0194994cfb0a61c8d358f973414d3951ff779c0eed4073f3c063
SHA512 8b0461458a6bab7bdb5b0f739efd14ca7e5cd8586522204a9a846a6f572ea02ea29b174a04fa377f152277b72df921c8d0c0945354a82c464dbb32fc137b05b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f07ec1156e2f9a2453444a91924f592c
SHA1 1f7b07c59222a7567617c1778fe050c23ab3357d
SHA256 2871664926ac50dd6ec20eb89cc8ef6938b20ca2bfcf3f228beb15cf3564d2a3
SHA512 c2d189f9f5c59f722eddab24a1c71b3c32177a033a3e02254d9f9177c482f901182cf7bce16a214e8694bbff56c51992554aa57b57145fb15c94a92c4dd741e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a450168a720f56d9e445d33f8face8cc
SHA1 8e148f928ae1482cfa592c58fd493c1d6a83265f
SHA256 c6aa1cf81390e3a6066b7e9904e42dabaf0ec947687d9bcd2ee6dda3d6e7dac7
SHA512 5c0d1926517f5837ed71f271753b98b38f9e982ccd15fbf3e7389dcfe3f48655b932acf210479763e3c4c79cddd3c56bd9a9ab48dea9fe53381dce8094d6fc08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2b834fd3d419bb7c4c7951b106312ef
SHA1 db1a03a7f98fc26818fbc97bac400451734eaf44
SHA256 db0cb2a7a7c43f2a689a299838d5a01666dd8ced1bf616eaadad239a653831ad
SHA512 8d8505c580cb160d3da526481e164a3c9d0104307e3c28c0fec81a6ede2ce7b5b0ad3f7f43dd48efa0e22ef9c98a4d95a60c04c24e833faa3c1db6a45fcd2252

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 766b8aebe1b096b2217c252484f0868d
SHA1 22caad422cc8fb5cf5ef85d7d1bb2ec70f43ad1d
SHA256 8d35544babb702868aef20e458eab11c78835e93bd7a8363f279bc068dc91634
SHA512 ad49b1eac7a155c56be28e40ad032c8f8bd013994d39dd37f2276c6cb19c6cad89ea1e56dcc9f54e2c1436ddbee939611d228cbd6aaecf200066993aebad9aef

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\plugin2\msvcp140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\server\Xusage.txt

MD5 b3174769a9e9e654812315468ae9c5fa
SHA1 238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8
SHA256 37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08
SHA512 0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\cmm\CIEXYZ.pf

MD5 10f23396e21454e6bdfb0db2d124db85
SHA1 b7779924c70554647b87c2a86159ca7781e929f8
SHA256 207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c
SHA512 f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\cmm\GRAY.pf

MD5 1002f18fc4916f83e0fc7e33dcc1fa09
SHA1 27f93961d66b8230d0cdb8b166bc8b4153d5bc2d
SHA256 081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424
SHA512 334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\cmm\LINEAR_RGB.pf

MD5 a387b65159c9887265babdef9ca8dae5
SHA1 7913274c2f73bafcf888f09ff60990b100214ede
SHA256 712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46
SHA512 359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\cmm\PYCC.pf

MD5 24b9dee2469f9cc8ec39d5bdb3901500
SHA1 4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144
SHA256 48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0
SHA512 d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\cmm\sRGB.pf

MD5 1d3fda2edb4a89ab60a23c5f7c7d81dd
SHA1 9eaea0911d89d63e39e95f2e2116eaec7e0bb91e
SHA256 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
SHA512 16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_es.properties

MD5 6d32848bd173b9444b71922616e0645e
SHA1 1b0334b79db481c3a59be6915d5118d760c97baa
SHA256 be987d93e23ab7318db095727dedd8461ba6d98b9409ef8fc7f5c79fa9666b84
SHA512 8e9e92d3229ff80761010e4878b4a33bfb9f0bd053040fe152565cfb2819467e9a92609b3786f9bdbf0d7934cf3c7d20bc3369fe1ad7d0df7fadf561c3fdca3c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_fr.properties

MD5 c11ab66fede3042ee75dfd19032c8a72
SHA1 69bd2d03c2064f8679de5b4e430ea61b567c69c5
SHA256 8deeec35ed29348f5755801f42675e3bf3fa7ad4b1e414acca283c4da40e4d77
SHA512 072f8923df111f82f482d65651758b8b4ba2486cb0ea08fb8b113f472a42a1c3bcb00dae7d1780cf371e2c2bd955d8b66658d5ee15e548b1eea16b312fdcbdf9

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_de.properties

MD5 d77c3b5274b8161328ab5c78f66dd0d0
SHA1 d989fe1b8f7904888d5102294ebefd28d932ecdb
SHA256 c9399a33bb9c75345130b99d1d7ce886d9148f1936543587848c47b8540da640
SHA512 696e28b6bc7e834c51ab9821d0d65d1a32f00eb15caa732047b751288ea73d8d703d3152bf81f267147f8c1538e1bf470748df41176392f10e622f4c7708dd92

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages.properties

MD5 811bafa6f97801186910e9b1d9927fe2
SHA1 dc52841c708e3c1eb2a044088a43396d1291bb5e
SHA256 926ccadaec649f621590d1aa5e915481016564e7ab28390c8d68bdaaf4785f1f
SHA512 5ae9c27dce552ea32603b2c87c1510858f86d9d10cade691b2e54747c3602fe75de032cf8917dcd4ee160ee4cc5be2e708b321bb1d5cdebfa9fe46c2f870ca7c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\content-types.properties

MD5 f507712b379fdc5a8d539811faf51d02
SHA1 82bb25303cf6835ac4b076575f27e8486dab9511
SHA256 46f47b3883c7244a819ae1161113fe9d2375f881b75c9b3012d7a6b3497e030a
SHA512 cb3c99883336d04c42cea9c2401e81140ecbb7fc5b8ef3301b13268a45c1ac93fd62176ab8270b91528ac8e938c7c90cc9663d8598e224794354546139965dfe

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_it.properties

MD5 a81c4b0f3bf9a499429e14a881010ef6
SHA1 dbe49949308f28540a42ae6cd2ad58afbf615592
SHA256 550954f1f80fe0e73d74eb10ad529b454d5ebc626eb94a6b294d7d2acf06f372
SHA512 6fed61cbcd7fe82c15c9a312aced9d93836ebcffaf3e13543bc9dd8b4c88400c371d2365feee0f1bb844a6372d4128376568a5b6fe666fd6213636fcbd8c7791

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_ja.properties

MD5 b7279f1c3ba0b63806f37f6b9d33c314
SHA1 751170a7cdefcb1226604ac3f8196e06a04fd7ac
SHA256 8d499c1cb14d58e968a823e11d5b114408c010b053b3b38cfef7ebf9fb49096f
SHA512 4a3bf898a36d55010c8a8f92e5a784516475bdfffcd337d439d6da251ddb97bcc7e26f104ac5602320019ed5c0b8dc8883b2581760afea9c59c74982574d164b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_zh_CN.properties

MD5 e6f84c081895acdfd98da0f496e1dd3d
SHA1 1c2b96673dddd3596890ef4fc22017d484a1f652
SHA256 a1752a0175f490f61e0aad46dc6887c19711f078309062d5260e164ac844f61a
SHA512 d4d28780147e22678cd8e7415cacfad533ae5af31d74426bbe4993f05a0707e4f0f71d948093ffa1a0d6ea48310e901cd0ed1c14e2fbdf69c92462d070a9664f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\messages_zh_HK.properties

MD5 880baacb176553deab39edbe4b74380d
SHA1 37a57aad121c14c25e149206179728fa62203bf0
SHA256 ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620
SHA512 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\splash.gif

MD5 249053609eaf5b17ddd42149fc24c469
SHA1 20e7aec75f6d036d504277542e507eb7dc24aae8
SHA256 113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be
SHA512 9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\deploy\[email protected]

MD5 cb81fed291361d1dd745202659857b1b
SHA1 0ae4a5bda2a6d628fac51462390b503c99509fdc
SHA256 9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435
SHA512 4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\ext\meta-index

MD5 005faac2118450bfcd46ae414da5f0e5
SHA1 9f5c887e0505e1bb06bd1fc7975a3219709d061d
SHA256 f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8
SHA512 8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\flavormap.properties

MD5 d8b47b11e300ef3e8be3e6e50ac6910b
SHA1 2d5ed3b53072b184d67b1a4e26aec2df908ddc55
SHA256 c2748e07b59398cc40cacccd47fc98a70c562f84067e9272383b45a8df72a692
SHA512 8c5f3e1619e8a92b9d9cf5932392b1cb9f77625316b9eef447e4dce54836d90951d9ee70ffd765482414dd51b816649f846e40fd07b4fbdd5080c056adbbae6f

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaBrightDemiBold.ttf

MD5 af0c5c24ef340aea5ccac002177e5c09
SHA1 b5c97f985639e19a3b712193ee48b55dda581fd1
SHA256 72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244
SHA512 6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaBrightDemiItalic.ttf

MD5 793ae1ab32085c8de36541bb6b30da7c
SHA1 1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7
SHA256 895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c
SHA512 a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaBrightItalic.ttf

MD5 4d666869c97cdb9e1381a393ffe50a3a
SHA1 aa5c037865c563726ecd63d61ca26443589be425
SHA256 d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06
SHA512 1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaBrightRegular.ttf

MD5 630a6fa16c414f3de6110e46717aad53
SHA1 5d7ed564791c900a8786936930ba99385653139c
SHA256 0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923
SHA512 0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaSansDemiBold.ttf

MD5 5dd099908b722236aa0c0047c56e5af2
SHA1 92b79fefc35e96190250c602a8fed85276b32a95
SHA256 53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee
SHA512 440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaSansRegular.ttf

MD5 b75309b925371b38997df1b25c1ea508
SHA1 39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add
SHA256 f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde
SHA512 9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaTypewriterBold.ttf

MD5 a0c96aa334f1aeaa799773db3e6cba9c
SHA1 a5da2eb49448f461470387c939f0e69119310e0b
SHA256 fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2
SHA512 a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\cursors.properties

MD5 269d03935907969c3f11d43fef252ef1
SHA1 713acb9eff5f0b14a109e6c2771f62eac9b57d7c
SHA256 7b8b63f78e2f732bd58bf8f16144c4802c513a52970c18dc0bdb789dd04078e4
SHA512 94d8ee79847cd07681645d379feef6a4005f1836ac00453fb685422d58113f641e60053f611802b0ff8f595b2186b824675a91bf3e68d336ef5bd72fafb2dcc5

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\fonts\LucidaTypewriterRegular.ttf

MD5 c1397e8d6e6abcd727c71fca2132e218
SHA1 c144dcafe4faf2e79cfd74d8134a631f30234db1
SHA256 d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff
SHA512 da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 694a59efde0648f49fa448a46c4d8948
SHA1 4b3843cbd4f112a90d112a37957684c843d68e83
SHA256 485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198
SHA512 cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\hijrah-config-umalqura.properties

MD5 1eddfb1ee252055556f40cdc79632e98
SHA1 84aa425100740722e91f4725caf849e7863d12ba
SHA256 69becfe0d45b62bbdbcf6fe111a8a3a041fb749b6cf38e8a2f670607e17c9ee2
SHA512 a0fdbf42ff105c9a2f12179124606a720df8f32365605644e15600767e5732312777a58390fdb1a9b1c0b152ccc29496133b278a6e5736b38af2b5fab251d40c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\win32_CopyDrop32x32.gif

MD5 89cdf623e11aaf0407328fd3ada32c07
SHA1 ae813939f9a52e7b59927f531ce8757636ff8082
SHA256 13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d
SHA512 2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\images\cursors\win32_MoveDrop32x32.gif

MD5 cc8dd9ab7ddf6efa2f3b8bcfa31115c0
SHA1 1333f489ac0506d7dc98656a515feeb6e87e27f9
SHA256 12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338
SHA512 9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\jfr\default.jfc

MD5 09ff01e042e7d016217a23f29250c193
SHA1 e60d9aaa39c5f0ef4a54da5107b0c75ab491df0e
SHA256 05079c086677ff5ada9853f60b7b1c623750c7a97c6eec692e54ad7ebf51d343
SHA512 50abc8f6c0eeef68b600826ffb5adc1c329996882d4ef378c65a1c5330e1177222e48fd1a0c4798116ee63cc231ffbd120e22ed82290d975dc81ca246f0e1cb3

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\jfr\profile.jfc

MD5 67735a686d709d5612fae97cd67ecf07
SHA1 5ae707011fb0adaf564d2c71d8e6443aaddd6809
SHA256 57f1556cd4a7554944b8339a4c29cc25c1c462418e42d22a2f84f8b713205826
SHA512 5ba2fb473fa4b3e6c4f13b0aadc5030d35498a8413c928cb6e5f67832cb164238222a21275e7e99cb476f095ab901250417d1f10b2f5e305bd13980182e9c38d

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\jvm.hprof.txt

MD5 c677ff69e70dc36a67c72a3d7ef84d28
SHA1 fbd61d52534cdd0c15df332114d469c65d001e33
SHA256 b055bf25b07e5ac70e99b897fb8152f288769065b5b84387362bb9cc2e6c9d38
SHA512 32d82daedbca1988282a3bf67012970d0ee29b16a7e52c1242234d88e0f3ed8af9fc9d6699924d19d066fd89a2100e4e8898aac67675d4cd9831b19b975ed568

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\logging.properties

MD5 809c50033f825eff7fc70419aaf30317
SHA1 89da8094484891f9ec1fa40c6c8b61f94c5869d0
SHA256 ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232
SHA512 c5aa71ad9e1d17472644eb43146edf87caa7bccf0a39e102e31e6c081cd017e01b39645f55ee87f4ea3556376f7cad3953ce3f3301b4b3af265b7b4357b67a5c

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\management\jmxremote.access

MD5 f63bea1f4a31317f6f061d83215594df
SHA1 21200eaad898ba4a2a8834a032efb6616fabb930
SHA256 439158eb513525feda19e0e4153ccf36a08fe6a39c0c6ceeb9fcee86899dd33c
SHA512 de49913b8fa2593dc71ff8dac85214a86de891bedee0e4c5a70fcdd34e605f8c5c8483e2f1bdb06e1001f7a8cf3c86cad9fa575de1a4dc466e0c8ff5891a2773

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\management\jmxremote.password.template

MD5 7b46c291e7073c31d3ce0adae2f7554f
SHA1 c1e0f01408bf20fbbb8b4810520c725f70050db5
SHA256 3d83e336c9a24d09a16063ea1355885e07f7a176a37543463596b5db8d82f8fa
SHA512 d91eebc8f30edce1a7e16085eb1b18cfddf0566efab174bbca53de453ee36dfecb747d401e787a4d15cc9798e090e19a8a0cf3fc8246116ce507d6b464068cdb

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\management\management.properties

MD5 5edb0d3275263013f0981ff0df96f87e
SHA1 e0451d8d7d9e84d7b1c39ec7d00993307a5cbbf1
SHA256 3a923735d9c2062064cd8fd30ff8cca84d0bc0ab5a8fab80fdad3155c0e3a380
SHA512 f31a3802665f9bb1a00a0f838b94ae4d9f1b9d6284faf626ebe4f96819e24494771a1b8bfe655fd2da202c5463d47bae3b2391764e6f4c5867c0337aa21c87c1

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\management\snmp.acl.template

MD5 71a7de7dbe2977f6ece75c904d430b62
SHA1 2e9f9ac287274532eb1f0d1afcefd7f3e97cc794
SHA256 f1dc97da5a5d220ed5d5b71110ce8200b16cac50622b33790bb03e329c751ced
SHA512 3a46e2a4e8a78b190260afe4eeb54e7d631db50e6776f625861759c0e0bc9f113e8cd8d734a52327c28608715f6eb999a3684abd83ee2970274ce04e56ca1527

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\psfont.properties.ja

MD5 7c5514b805b4a954bc55d67b44330c69
SHA1 56ed1c661eeede17b4fae8c9de7b5edbad387abc
SHA256 0c790de696536165913685785ea8cbe1ac64acf09e2c8d92d802083a6da09393
SHA512 ccd4cb61c95defdcba6a6a3f898c29a64cd5831a8ab50e0afac32adb6a9e0c4a4ba37eb6dee147830da33ae0b2067473132c0b91a21d546a6528f42267a2c40e

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\psfontj2d.properties

MD5 f8734590a1aec97f6b22f08d1ad1b4bb
SHA1 aa327a22a49967f4d74afeee6726f505f209692f
SHA256 7d51936fa3fd5812ae51f9f5657e0e70487dca810b985607b6c5d6603f5e6c98
SHA512 72e62dc63daa2591b48b2b774e2479b8861d159061b92fd3a0a06256295da4d8b20dafa77983fdbf6179f666f9ff6b3275f7a5bcf9555e638595230b9a42b177

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\security\blacklist

MD5 b2c6eae6382150192ea3912393747180
SHA1 d4ffb3857eab403955ce9d156e46d056061e6a5a
SHA256 6c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71
SHA512 898582c23f311f9f46825e7f8b6d36bed7255e5a4e2fa4b4452153b86efbd88db7e5b94dbd9cb9db554f62b84d19f22ae9d81822b4896081c487fb50946a9a9a

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\security\java.policy

MD5 11340cd598a8517a0fd315a319716a08
SHA1 c0112209a567b3b523cfed7041709f9440227968
SHA256 b8582889b0df36065093c642ed0f9fa2a94cc0dc6fde366980cfd818ec957250
SHA512 2b6dadc555eeb28dc1c553ab429f0cb9e3ad9aa64dfa2b62910769a935a1e6030a7ff0dde2689f29c58d1b0720416d6b99ffa19bd23e6686efb1547afb7dccfd

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\security\java.security

MD5 44e161cddfff8b98e40eb76212b5654f
SHA1 9d2da007c0747c6dcf7b27e70805fc38f6f521d4
SHA256 0457564ff35fcc49b4e33f26e6b46a32b68095034c3bdfc17508d8c4c6b1db0f
SHA512 b6f05e107c3a80eab39100ca82475e84bcc02edeb95e1ac8f7fcf5e8e72fc683f09cddb0f4a13c1363556832dfb2f0c94aa460c52c70b5e54063944003235b9b

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\security\javaws.policy

MD5 9107d028bd329dbfe4c1f19015ed6d80
SHA1 4384ca5e4d32f7dd86d8baddd1e690730d74e694
SHA256 b7a87d1f3f4b7ba1d19d0460fa4b63bd1093afc514d67fe3c356247236326425
SHA512 81b14373b64ce14af26b70d12d831e05158d5a4fa8cec0508fef8a6ca65b6f4ef73928f4b1e617c68ddeacff9328a3d4433b041b7fb14de248b1428c51dbc716

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\sound.properties

MD5 4f95242740bfb7b133b879597947a41e
SHA1 9afceb218059d981d0fa9f07aad3c5097cf41b0c
SHA256 299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66
SHA512 99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\lib\tzmappings

MD5 62bc9fa21191d34f1db3ed7ad5106efa
SHA1 750cc36b35487d6054e039469039aece3a0cc9e9
SHA256 83755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a
SHA512 af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3

C:\Users\Admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_281\README.txt

MD5 0f1123976b959ac5e8b89eb8c245c4bd
SHA1 f90331df1e5badeadc501d8dd70714c62a920204
SHA256 963095cf8db76fb8071fd19a3110718a42f2ab42b27a3adfd9ec58981c3e88d2
SHA512 e9136fdf42a4958138732318df0b4ba363655d97f8449703a3b3a40ddb40eeff56363267d07939889086a500cb9c9aaf887b73eead06231269116110a0c0a693

C:\Users\Admin\AppData\Local\Temp\TLauncherRunner.jar

MD5 44ae254d5815287ad22b5369990a74ac
SHA1 1cefb3d5fdf7772a3d829f2e9a9057d41c1123c0
SHA256 86694389253b9ec6a1f1d8dea6ce5cf94806ee0436a105e2de646ad05ed5f676
SHA512 f69500e2e1eab91674beaaf33798cd12097479d7e7be1f033a1357a5f6a4383980be7a9faf4c722a7f6022cf1561cfaa0a024fe4657a989cca26cf6a2a70b71a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\IRIMG2.PNG

MD5 1fccb448e2db24add49621734a1fe4dd
SHA1 7e8a18b22ec6ffb46a1acc4ba0be4bb1e81c8e53
SHA256 5b6f8a8d45abb9976cf482c6cf7c9f2518e9475cf675a562415ed1a1ef97c794
SHA512 c10705c3c3bd60c1c734d7a57a92a5398a1c7a0e5e5fb37905b21ee5586dfad59a46c7c79cfda024f58e0c4716c06a661711b63dc94e6b0005faba63e3cec88d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\IRIMG1.PNG

MD5 355314898d836cbc6aee4a67bf5aa834
SHA1 0516b185eb3aa3fb0a3b4a0622d4b07574a267fe
SHA256 8d557050ff43b914da9ba7f658a03dff3bb4faf3fcdfefb1576e3082732c5391
SHA512 6d61b284133fa8b4ab28176a5d9e3818a54e4bc4acca6422a53ebaf742f789cb5f12b140d7453fb49848a0061666b28404cc25bb52b9c47574855625a62faead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cc18c1701279929aeee4c9db9d15f1c
SHA1 175724032cece6bd577af0ec6738117c5e9afae8
SHA256 5534422c5c9ad0a88b137a76cab2e4ad1fad90b030c3becc804bbe101305ca94
SHA512 cb9a4769caad5a93633e58f5a1aa01ef3b03fd51b494551de1cbc0280289357f6998446c8a67368b14e1bfd402441ce500ab22b70575ae2ea984c20888e5a0ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 331c5b2931fe489adcdbfc920ec4d3c7
SHA1 6cc2f6ee56b0d3ed691de61048be171f01ef57ec
SHA256 4e62311476fc96b9e1e54eed7d4ef6d592b73e47dbb7f0291dcb2d1d346d462e
SHA512 a5e2ef9c3c3f327cc22fd0944119e727f92e055ae382d3dea46846b4dd5f514ef4d2c20484b936b85f065ac284f76e65d77c5e5f56d47c91d1bc26d7974aa913

memory/2184-6352-0x00000000008B0000-0x00000000008C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 aba7fce4661d0d6ea8c40eb63f4718b0
SHA1 0fefed36b06f8a784736dbd504450b1574ada129
SHA256 551d3edbcbea195bc37a1ad887a21452131c132123d1a643be43411932403fee
SHA512 6fee54c2a174743342165846811e39c32eca318b424d1f8a138951cd1c5b0a9c033e5490921b943b84bf47197ede9bbf9c052292295032413abc54c8d63e806d

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\dependencies.json

MD5 6d566646f2f374692a6a8b76ff23f59e
SHA1 43025f5b97daa38aeec3407cc20bf60740a319db
SHA256 b700139641a3d5493cb28c9ce00408f70e4e48083c80ed5693c6ae840ee93dd9
SHA512 0e949c4f50656bdbe4bd2ff47661ac62c942b5744d316242e68306bb751bcfe778037ebbcbcd31188125cc88cc243a497fbea6ccf96701668555df5a35586e34

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\resources.json

MD5 f24f4282f4dbdc650884bd55033d7df3
SHA1 5c1aeb01a17701d7b35dd3454b4088dcd82f396d
SHA256 5690815ca9ad02021f49c1df8fd360a1ac29ef3781c15cb074a064b8669d12a2
SHA512 9d02cad4043de8c09498ed629c5d0c7763f8f4c35166919879acfb3670961e2b943234d0e721cd6b28485af477905437ec4743b41b2dbf8622d7831b0a62801e

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

MD5 e2cbea0a8a22b79e63558273dded5e6c
SHA1 bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA256 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512 a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

MD5 c62a00c3520dc7970a526025a5977c34
SHA1 f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256 a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA512 60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

MD5 494903d6add168a732e73d7b0ba059a0
SHA1 f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA256 0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512 b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

MD5 f815ea85f3b4676874e42320d4b8cfd7
SHA1 3a2ddf103552fefe391f67263b393509eee3e807
SHA256 01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512 ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.media\directshow.md

MD5 b1047db8237b15d97b1dd072f71f4d15
SHA1 2484425df3be1049de4016ed88e5518aa9751b35
SHA256 d847da5757a30d093db3f90a0bac9b1699a52965daa3ec5dedf3ebf14c81c698
SHA512 bbd78681a97abf5fe515be598f81edb4d2140e0dd12959f3ab6f89609e9962991bb5bfe09eed67cdd29529c51ecbdf59c37a61bb0d592250b0f9ad0c6090798b

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\lib\security\blocked.certs

MD5 8273f70416f494f7fa5b6c70a101e00e
SHA1 aeaebb14fbf146fbb0aaf347446c08766c86ca7f
SHA256 583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58
SHA512 e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

C:\Users\Admin\AppData\Local\Temp\+JXF5420622162874777729.tmp

MD5 afa7a91dadd77b23634a0fdf18c148f3
SHA1 6cbb57ba2355cf442e06899898ff5af55867103e
SHA256 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA512 84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

C:\Users\Admin\AppData\Local\Temp\+JXF7519495445962206795.tmp

MD5 54a91b0619ccf9373d525109268219dc
SHA1 1d1d41fcadc571decb6444211b7993b99ce926e2
SHA256 b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA512 7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

C:\Users\Admin\AppData\Local\Temp\+JXF16471271564898198392.tmp

MD5 4c41e856744eb797e9936359a6509287
SHA1 0959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA256 83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA512 07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

C:\Users\Admin\AppData\Local\Temp\+JXF15165147092061206313.tmp

MD5 ec5d243a9958b3858b5a71fb9a690da7
SHA1 d80b02c91addef2ef58136d1a7df0189f453388c
SHA256 a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512 479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

C:\Users\Admin\AppData\Roaming\.minecraft\TlauncherProfiles.json

MD5 db047b36d42d05dea8cdaa673f61c198
SHA1 7600d1fc9d482d38067006a796094c0cb9e55afd
SHA256 c6308697d61507c457ee030400255c8f105c357dccffcaaaf20cb6b004faaeda
SHA512 6495072d985fdc7a5d29cc282873111ac3a88b41c0f8103933e3b99cf6c58c83cb5519c710faa46ba061da61aed38e71a832bcc973e0999e8a7f33c541226ea8

C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

MD5 c12f3c4b9435722a2cbebcf314c51b5a
SHA1 b088174f58edd9ad1c22afa2dad54ad289d5c473
SHA256 2bf98d84136099eb71c4d8cbe2496e057609038518d56b0abb9e86161d99b972
SHA512 0380730e7db7759ef9e27ec7aecfb5fc0bdb93d8a6820ee1640b40110ed0c5bb089a055842d7954b303a75535ad3bb0bfdba6a622bde2832bc0ffd20194ec40b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\logging.properties

MD5 0f00ec3e7a7767a4efeae1875fb5f3d4
SHA1 167808418571e9209b952188ddab2f4e62920e68
SHA256 b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f
SHA512 e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\net.properties

MD5 385443b7e4a37bc277c018cd1d336d49
SHA1 b2c0dfb00bf699e817bdd49b14bc24b8d3282c65
SHA256 5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08
SHA512 260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\README.txt

MD5 3d47d94bc4f19d18bcc8b23f51d013af
SHA1 a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb
SHA256 6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5
SHA512 68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\default_US_export.policy.tlauncherdownload

MD5 1a08ffdf0bc871296c8d698fb22f542a
SHA1 f3f974d3f6245c50804dcc47173aa29d4d7f0e2c
SHA256 758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9
SHA512 4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\default_local.policy

MD5 6d7b4616a5dba477b6b6d3f9a12e568f
SHA1 7fb67e217c53a685cb9314001592b5bd50b5fbb9
SHA256 2b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441
SHA512 a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\exempt_local.policy

MD5 4cbb03f484c86cbea1a217baae07d3c9
SHA1 ee67275bc119c98191a09ff72f043872b05ab7fd
SHA256 8c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9
SHA512 2bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\unlimited\default_local.policy

MD5 2a0f330c51aff13a96af8bd5082c84a8
SHA1 ad2509631ed743c882999ac1200fd5fb8a593639
SHA256 8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a
SHA512 2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\ADDITIONAL_LICENSE_INFO

MD5 71bb3ad0017bf36d14bb96a8d4b32c45
SHA1 1a5c553e71bdb7d94995b206bc9eaa49abd1e888
SHA256 a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916
SHA512 9f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\LICENSE

MD5 3e0b59f8fac05c3c03d4a26bbda13f8f
SHA1 a4fb972c240d89131ee9e16b845cd302e0ecb05f
SHA256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726
SHA512 6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\aes.md

MD5 2e33468a535a4eb09ef57fc12a2652d0
SHA1 e64516f3fa1e72f88caa50f14b8046dd74d012b6
SHA256 45c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d
SHA512 4d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\c-libutl.md

MD5 2e89a282a50f8702e52703464e6937ca
SHA1 cfc22a6f5b17cd539234d5b3160a5224abefadb9
SHA256 bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9
SHA512 ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\wepoll.md

MD5 cef1d92ff8ace278bd32ac5e18735b86
SHA1 6c7d15e2b8f3e99527458c8ea33420ee1d34af7b
SHA256 3ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0
SHA512 12aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\zlib.md.tlauncherdownload

MD5 440321d71d082c9f04a9995b613bdff2
SHA1 9af688d499b3026ec8e5a2e266dc4b9b4884a87b
SHA256 81518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285
SHA512 c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.datatransfer\ADDITIONAL_LICENSE_INFO.tlauncherdownload

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.datatransfer\ASSEMBLY_EXCEPTION.tlauncherdownload

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.datatransfer\LICENSE.tlauncherdownload

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\colorimaging.md

MD5 0889fd01a6802a5a934572d9bd47f430
SHA1 7a7e547452ee1c72e8b0d96dccbe315f62d5b564
SHA256 04d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189
SHA512 f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\mesa3d.md

MD5 c7e0d19c8f4eff11e97f0eb9afd3f7f4
SHA1 6a98ee2703132e181f37d162452f073fb64ced83
SHA256 63f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152
SHA512 9c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\lcms.md

MD5 04a8a77cafdd6185a3506eccf7a83346
SHA1 1acbec21e9eab8bd2bee9826353c1e768d5457b5
SHA256 8acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782
SHA512 a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\giflib.md

MD5 867001e2a577f88cfc856f45959502aa
SHA1 109c11cec13349212ba94b9f3eb7d0943229938e
SHA256 c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8
SHA512 dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\bcel.md

MD5 daae908a4dd474afec9c010d416acb2d
SHA1 a59717166af2e8fa9ecd6d622fd6b82b835acce9
SHA256 853a1e7ce397bb10de0e2b3bde0844bcc651f17d983decd07d2d003c0304c311
SHA512 25f2189643a113616f53cd87fc96df01b55602bfc3f6653e48c310de03f6d79ccbbec58936d54b88052e32d68c646017bf75b8a179f59fb9d2c5f6938e351a4d

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\dom.md

MD5 13952c46b3867103ad7d1e9c6c9e906c
SHA1 4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb
SHA256 6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148
SHA512 8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\jcup.md

MD5 d19594fbf6eab2242dc29257905d8ded
SHA1 fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c
SHA256 8d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf
SHA512 7ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md

MD5 fa24b7e2a61a7045cb0c6c385000681b
SHA1 869fc0b687986ea26b8ff63c137e03c92234a5c8
SHA256 262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811
SHA512 2676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.crypto.cryptoki\pkcs11wrapper.md

MD5 b77d1951df7a8488eb84ce1d25486a14
SHA1 e35415235ec3bbcb92beeceb03a9a8e7c13a6fce
SHA256 371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d
SHA512 759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.internal.opt\jopt-simple.md

MD5 4f3f190fd212329afc39442174ca4b3a
SHA1 d7e25adf223e68d06276ae7666bbc96590dda442
SHA256 99bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05
SHA512 fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.javadoc\jquery.md

MD5 8ef4ab67241efd69eaa3df9871fa0dbd
SHA1 a20a019c3b06d4263b00f5e89ed394a52b8c1981
SHA256 0716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e
SHA512 1f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.javadoc\jqueryUI.md

MD5 86bfe7b4e5cbedc085060a2c3f13febe
SHA1 a98cfdc7d73e016ce8b23c1d00daa3d2d3c03a3d
SHA256 bb0a0e89ebd824df714516bf64b9101c62081e4b376f00f929a58c09555bf111
SHA512 2656ab0100db997c9306be156af613861c9071a3be1b26f2882a68424e37d1b17674183729c1ba1024302011d42658058f024ce98db5bbb4d528c498ddd21d6e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.localedata\thaidict.md

MD5 2ea6eb55ca40902554aaf2fd20a76ba8
SHA1 e5b9e88e174c797c313d6739e7e34772b723bc4b
SHA256 c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a
SHA512 5221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\jvm.cfg

MD5 7ce21bdcfa333c231d74a77394206302
SHA1 c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256 aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA512 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

memory/876-11828-0x0000000010000000-0x0000000010051000-memory.dmp

memory/876-11829-0x00000000008F0000-0x0000000000CD8000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\tzdb.dat

MD5 2fd920c56de68f65493ba6962fd079e1
SHA1 1e79bff02711d3dab3c75e90d4bb08f8086c9626
SHA256 b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93
SHA512 958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\tzmappings

MD5 4c30d7867505379a18a27d0e8f03198c
SHA1 0cc871d5bd91e061d676a861749af68bbc0ca9c6
SHA256 b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab
SHA512 873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

MD5 a85641dbbc2e737f08a83875d8e7706e
SHA1 6e4acbef413babea2733c3c689ccfd7788e2091e
SHA256 c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db
SHA512 9b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

MD5 d6c2839990a382e7d8ecc7a6eba5c743
SHA1 63c3b8976aefee0378796e7a7c41de783ab4f06d
SHA256 8e287c97289fbc126d17879c303e2fa7c1bbd37854afa5ee003b63ccfc3ca481
SHA512 3297ca91769e30b073a3362cf181814120e5b518e936e32799919c9bd501e99bf01d4c0699e8bef2c42af967420d61f61fdee47e1f4cd5a09764b2be20a56010

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

MD5 592a193443e50c2fee58aa2fdc26a324
SHA1 4cd3a50beb62547bc7f1de816ae480a071bb8db5
SHA256 e1f6bcee8bda99ee1e162e9ac53af2bd1510e14bee56a8c01391fc64c756ec41
SHA512 12d7a6f40d948d9289115f9cac584febf4a6c4a222c255e68704dd2ec50023091211ac9ac86623d16bf9de06dfcc391fcc6c1df41dd89332431d69fbca86673e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

MD5 8c0fc2a8cbdf5aa41247d7eea196ec4c
SHA1 50d3a6444aaa4d1be4ce53f9751e67f7fbf601b7
SHA256 91bd5771843bec133c4f6a8b7b0b31951e7b666306c5ed1984e4c3ccbb0c88c8
SHA512 5c7d5c0c629db6129874945506904a3a4f8af94a2b316b8e054cce6f62a0c37ef7a1643b069c57e294df191a5140772bccf9904f55aeb71f4fdb30f0803e7836

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

MD5 97a3bed6457d042c94c28ed74ec2d887
SHA1 02ce7a6171fb1261fde13a8c7cbb58992e9d5299
SHA256 ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67
SHA512 6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff56eb3a7b982182787f9d37c8f53dd6
SHA1 7c251118a33ed1370d746a58978a7e926e2ff2d7
SHA256 9a4b7e2051f7c8236a438252140019943562568f1057d2cdfbd4fcb0f24cf6ef
SHA512 06230454e14d27918af1a43fdad3b73b7ade046c5fff18d6f8113d4be01438d19a83b7b1a477cd81a3294e44f3513d8c87559ebb5015fce352d58ffe7a50ecd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4096061cfe19df4646b60b0abfec558e
SHA1 c2a5653fa8452a876ffd85c48c89598a2730c873
SHA256 0df85a4076b70bb87a3936431bf8e2a031814b0b80e9bce4152a0c901011b575
SHA512 ffe95353fc3894e8e5cab7b1ff1260a3e72d32a50377938b3e8a3a480669881875780bd8b5040a79dfda07ea4532230ea3eef86fcd1962e56da3584e2a1716f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2e6c91abe2de04d547ec2234dcb5230
SHA1 5d0398fc6fa97f8ec2c36564d80dbdcef5244ac0
SHA256 6a48d8e3b1d0c388addb615cb7da2a87f2fd1d8f8614cb80771168fe3275157e
SHA512 5fbf7bc34003e4ea9253f192b7f409f8ee8431ee9021a9a8697f9a130b2407f61582fec9123d2f5b8ef06861dbaadcbe93e40387d6d0a538781a278f9de4ac7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 326d89ae32369d9464208fc09fd3f531
SHA1 39160df66facd66322db49b00e343ac45f9d466b
SHA256 210c6d2d44447a1e363a110f73f6bb1d7848673dc5fb8250620d8dbb52308830
SHA512 0643a351efe495f6445f2ce9bde7103523bf33ffa1814fd9e961dd6ea0f0bffc491455b3be5a834590879d4fd1a53fde036352ebc71a164d648830d05c8838b0

C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\3b\3b6cd8c6ed776422056dc5e536d32cee74819e00.tlauncherdownload

MD5 aa8e701508f6db79d1d18a84f08897af
SHA1 3b6cd8c6ed776422056dc5e536d32cee74819e00
SHA256 f9fa2ca896d4395f555c9a77e946ab391b9de8e22c57b45bc292273150209467
SHA512 80a3763e77e8691256a9c2a31f983dd03573fc3d45b362581de9c04818faaf5cd3ee5cca5d74479eb9dfe92d301e55fd66f8834d3c34306a002df8998268a06d

C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\66\666999116c467f10622db1527a06ddc0a6efad2a.tlauncherdownload

MD5 d635e313e3178146dd6833844c52c16b
SHA1 666999116c467f10622db1527a06ddc0a6efad2a
SHA256 8f6a12f09a805b3e6c2e412050a14912c74f6ff31b157dc08f38eb10144c4643
SHA512 937d6635137db6ec5d4dabea7fed54264ac2e1368f77f4dbbbbca8a8d2a6e0669ac51477775d33db3a458f8f97141e10f636acafdefda5a49c99392033758e7f

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar

MD5 091883993ef5bfa91da01dcc8fc52236
SHA1 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256 a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
SHA512 f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar

MD5 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256 daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
SHA512 ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\v1\objects\30c73b1c5da787909b2f73340419fdf13b9def88\client.jar

MD5 0b90a83eb9910468c60152f6594b9271
SHA1 30c73b1c5da787909b2f73340419fdf13b9def88
SHA256 499f6897d1837516680f3114072d8106e11c9adcd933fe5cf051b551089b0c99
SHA512 a63c09e9b8cfe80bd5815c88818291d54cbe7c9ffcd806be6365376e865c44d5aa85e8348467e6ded8f4d9722047d3c5b075f755047a982c2e75223d2b9f68ac

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar

MD5 eb0d9dffe9b0eddead68fe678be76c49
SHA1 4fdac2fbe92dfad86aa6e9301736f6b4342a3f5c
SHA256 df26cc58f235f477db07f753ba5a3ab243ebe5789d9f89ecf68dd62ea9a66c28
SHA512 cbc27e0b6da6ae4b6245353d6626d2e3c171c3026a555fa21e8ef61b30714e286db85086d1a57c167016e8a7f07be2a243e34b3ab504b1877806f3bcec5df986

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe

MD5 9385d58411dd2ad5500c72960703a1c8
SHA1 cecc49d1551d3b54790337509a2aee6c910ff849
SHA256 b25e97594d8c31bde9391d7a6a365468d63b896f0b9197903d2652f368e67ee8
SHA512 af886f56a6c83cccba296f238b541b48183b457da1c857041612c776085f90307e766eba1a386c3cde35db21f6053ca40e7acf854fe9dd7c9aa38e8d199dd43d

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives\lwjgl.dll

MD5 d8ea3886d9f59b514bfa5b24ab69c0ab
SHA1 2bf57942dff5360889f0e89c58d5acdc54e5f1ea
SHA256 a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d
SHA512 ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives\jemalloc.dll

MD5 e58d41175587d4355fe06bf8b8a1ab32
SHA1 6403f8243ea983a225b3bcda6c821a0029ad9ee2
SHA256 9abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248
SHA512 fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives\glfw.dll

MD5 8cabdbe3d67546771b02af5d42073cfe
SHA1 2e19147110b9872a52814956bab151a7aa80ce58
SHA256 affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a
SHA512 b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives\lwjgl_tinyfd.dll

MD5 e7349669dee3093d266849685efecc60
SHA1 e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0
SHA256 ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c
SHA512 41d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8

C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\natives\jna13811385448782813060.dll

MD5 719d6ba1946c25aa61ce82f90d77ffd5
SHA1 94d2191378cac5719daecc826fc116816284c406
SHA256 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
SHA512 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb868fdf60f2ed206d8bba269dded29e
SHA1 e69854877485f54afb643aa1c801bbe90ee705f7
SHA256 bbf6248cfd71dc87c061ba2edf39bef3a07cfb85bc6fd866a5e3455498fa2ca8
SHA512 5483e9a5262cfe1993b8fae76af888fde358ba56f5ad513f64627c481aeea9182e3124cd6338c13e2efb452fa6e59dd6d00515458d2001400504f62ebfa31a1e