Resubmissions

07/11/2024, 15:25

241107-st48wavdlr 7

24/09/2024, 16:35

240924-t3nsxstarm 8

Analysis

  • max time kernel
    115s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/09/2024, 16:35

General

  • Target

    TLauncher-Installer-1.5.2.exe

  • Size

    24.1MB

  • MD5

    bf7c6b903ee4acb62a91c2c46d773f88

  • SHA1

    68a5e851745b2c0620cc3a54797f5a440f849df1

  • SHA256

    31109bf139e93350f2adf5aceb87184ad8dacebf3ad31190451f44768a9f6725

  • SHA512

    7d3f82ec46c26fab2270181e7fcb6dc683ce66053dee1bff150960bb8416d0db28c37a324fbfa1bb0a7f424047dfac2f3d32deafc00f99c335e312bc38452e64

  • SSDEEP

    786432:TKQdii3bJZM9irrKJBH5lFRqkd4zUcjc+orlG:TKULMQPKJBZlCkOQcrorl

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 2 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.2.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.2.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.2.exe" "__IRCT:3" "__IRTSS:25260951" "__IRSID:S-1-5-21-457978338-2990298471-2379561640-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2000
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1709878" "__IRSID:S-1-5-21-457978338-2990298471-2379561640-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:2448
      • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
        "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Users\Admin\AppData\Local\Temp\jds259596505.tmp\jre-windows.exe
          "C:\Users\Admin\AppData\Local\Temp\jds259596505.tmp\jre-windows.exe" "STATIC=1"
          4⤵
          • Executes dropped EXE
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2692
          • C:\Program Files\Java\jre-1.8\bin\javaw.exe
            -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
            5⤵
              PID:3020
            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
              -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
              5⤵
                PID:2208
          • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
            "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
            3⤵
              PID:2660
              • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                4⤵
                  PID:3104
          • C:\Windows\system32\msiexec.exe
            C:\Windows\system32\msiexec.exe /V
            1⤵
            • Loads dropped DLL
            • Blocklisted process makes network request
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2264
            • C:\Windows\system32\MsiExec.exe
              C:\Windows\system32\MsiExec.exe -Embedding B627C1CF1754D0A00FA5A7C4438D0E38
              2⤵
              • Loads dropped DLL
              PID:2172
            • C:\Program Files\Java\jre-1.8\installer.exe
              "C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Installs/modifies Browser Helper Object
              • Drops file in System32 directory
              • Modifies Internet Explorer settings
              • Modifies data under HKEY_USERS
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:1812
              • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
                3⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                PID:2704
              • C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
                "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup
                3⤵
                  PID:2544
                • C:\Program Files\Java\jre-1.8\bin\javaws.exe
                  "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent
                  3⤵
                    PID:568
                    • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
                      "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
                      4⤵
                        PID:1604
                    • C:\Program Files\Java\jre-1.8\bin\javaws.exe
                      "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent
                      3⤵
                        PID:2452
                        • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
                          "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
                          4⤵
                            PID:2160
                      • C:\Windows\system32\MsiExec.exe
                        C:\Windows\system32\MsiExec.exe -Embedding A71AA40E24F927C9BA819AF442ADB248 M Global\MSI0000
                        2⤵
                          PID:3012
                        • C:\Windows\syswow64\MsiExec.exe
                          C:\Windows\syswow64\MsiExec.exe -Embedding DC9131633298D73AF3F57456DF126B81
                          2⤵
                            PID:1156
                          • C:\Windows\syswow64\MsiExec.exe
                            C:\Windows\syswow64\MsiExec.exe -Embedding 891C34DEB1935E578047BF499681FD15 M Global\MSI0000
                            2⤵
                              PID:2932
                          • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
                            "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                            1⤵
                              PID:1052
                              • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                                2⤵
                                  PID:940
                                  • C:\Windows\system32\icacls.exe
                                    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                    3⤵
                                    • Modifies file permissions
                                    PID:2652

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Config.Msi\f7955e1.rbs

                                      Filesize

                                      962KB

                                      MD5

                                      3db59eaa0880f52c2bfaf14f70cda26f

                                      SHA1

                                      e451c0ebeccb97e3c18f8b8a5ad6b55ff064c9a5

                                      SHA256

                                      4e9e5b365eae3e7615ad7a5f45317843e221b75d9bb9d0ccd21a1696e1d72821

                                      SHA512

                                      aab49d3b29e4bd0456abb7952ff33ee7f7f3daf1a216fd9a825e7e1fc7df176959907753dd3737c3d1e0ad6a7113f9354a35c4302a4f43a157477e2c25c29840

                                    • C:\Config.Msi\f7955e7.rbs

                                      Filesize

                                      7KB

                                      MD5

                                      71ca615ba88c1c72df9b165f9eec1f4f

                                      SHA1

                                      cf458b178cd5547e85da4ee2fda403097a0ae066

                                      SHA256

                                      c115442351dce4ef3e7a8a8ec9a9e40372c90f59f10f6fdeb971e757cc3070cc

                                      SHA512

                                      cc64796fb68e4393a6bf39542f47a3dfe2a43cef818ea351ad07741ee52b7f91eb543ddcbed1d36a2654a8e80d2f361a6288c0982580a0f7503e44ad8d08206e

                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

                                      Filesize

                                      197B

                                      MD5

                                      b5e1de7d05841796c6d96dfe5b8b338c

                                      SHA1

                                      c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547

                                      SHA256

                                      062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d

                                      SHA512

                                      963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

                                      Filesize

                                      177B

                                      MD5

                                      6684bd30905590fb5053b97bfce355bc

                                      SHA1

                                      41f6b2b3d719bc36743037ae2896c3d5674e8af7

                                      SHA256

                                      aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20

                                      SHA512

                                      1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

                                      Filesize

                                      173B

                                      MD5

                                      625bd85c8b8661c2d42626fc892ee663

                                      SHA1

                                      86c29abb8b229f2d982df62119a23976a15996d9

                                      SHA256

                                      63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a

                                      SHA512

                                      07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                      Filesize

                                      471B

                                      MD5

                                      b4ad493c69fe5464fced9ffc402f66fd

                                      SHA1

                                      6ec9d3b8520f7a1cf520e46f17fc32df062be3a1

                                      SHA256

                                      9c8afb3ffd5c711cc0e5fb3e7013ae28787b3c6cb660c42affe17b209579324c

                                      SHA512

                                      649e34ebe653e03cd9687423b5163428ac7e2e0f15ff3787f645ca5af283f3ffd93d0bc58c247aec64f17a486f16635e5d4561072768994a307883b490c0561c

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                      Filesize

                                      342B

                                      MD5

                                      aa7552efe2578119d80f89e389cacbd4

                                      SHA1

                                      8e534a03b8faf85dc16f5a6a9f609bba3dde3f02

                                      SHA256

                                      7972eb55216396a422989fa97acf9ac4146995184ab4de106b06055b6d496cfd

                                      SHA512

                                      fffd06dd7a024a98f00b115ba4ec90ef370ce444215b8c2ed0da4eb59d40cc36819496a31b64dfb5306c0c4e05c0eefeaeb2f8fce1303d674100e9480b0ae852

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                      Filesize

                                      342B

                                      MD5

                                      1c1ce0f736e0694900fc80e3e75deb18

                                      SHA1

                                      e67919f0e822ddd5ffc364b0d70a1e3b3bd22129

                                      SHA256

                                      512a384c1b7badeab50f0937e738e857d2a06c4ddcd28321323ba99f148b7c7b

                                      SHA512

                                      044d7b352ff4cbc7541400205b2217565fb7ab33b6d66dec9cf87773209bc52877216629b1e4b1178a52a9d0f2d17ddd0afc7d8d108fe6767a86ede6e41e5441

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                      Filesize

                                      342B

                                      MD5

                                      1b025672747da760288c38a018f11d5b

                                      SHA1

                                      8ca5939500100a3fd5f4504e17f532d08900ac86

                                      SHA256

                                      0eda6d0aee60b79d0a5ff758347ae62244e503337579c8c855ac45ffca7a05df

                                      SHA512

                                      8d9cc69b5d7c3d4d49f614b3c2d66dba4a22ab67fbf92a7792577145e378ba467b0ea6adf2c4193c491b1ed9eb29f4ad02e340725a4eab2f35b0d8746fb251d8

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                      Filesize

                                      400B

                                      MD5

                                      fcd3c947feee620b76ce9bd901d01646

                                      SHA1

                                      48cb8fa189ed24f6ca944c7176d0743f77bcc560

                                      SHA256

                                      d1bdb8991d933cde482f22d23fd9e3f76790867a2c9d353e98e498720e35bb72

                                      SHA512

                                      68c5bd136cff3f0f920b41465ff4186023d163841b95e2b07cb00b99254cde5c186f6d47b6b275409f53a022b20e05e0c4245fe452a4bbca4250980d0c01e483

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\l10n[1]

                                      Filesize

                                      4KB

                                      MD5

                                      1fd5111b757493a27e697d57b351bb56

                                      SHA1

                                      9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711

                                      SHA256

                                      85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f

                                      SHA512

                                      80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\masthead_fill[1]

                                      Filesize

                                      1KB

                                      MD5

                                      91a7b390315635f033459904671c196d

                                      SHA1

                                      b996e96492a01e1b26eb62c17212e19f22b865f3

                                      SHA256

                                      155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00

                                      SHA512

                                      b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\host[1]

                                      Filesize

                                      1KB

                                      MD5

                                      a752a4469ac0d91dd2cb1b766ba157de

                                      SHA1

                                      724ae6b6d6063306cc53b6ad07be6f88eaffbab3

                                      SHA256

                                      1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3

                                      SHA512

                                      abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\layout[1]

                                      Filesize

                                      2KB

                                      MD5

                                      cc86b13a186fa96dfc6480a8024d2275

                                      SHA1

                                      d892a7f06dc12a0f2996cc094e0730fe14caf51a

                                      SHA256

                                      fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058

                                      SHA512

                                      0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\masthead_left[1]

                                      Filesize

                                      4KB

                                      MD5

                                      b663555027df2f807752987f002e52e7

                                      SHA1

                                      aef83d89f9c712a1cbf6f1cd98869822b73d08a6

                                      SHA256

                                      0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879

                                      SHA512

                                      b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQU8S4LJ\common[1]

                                      Filesize

                                      1KB

                                      MD5

                                      f5bb484d82e7842a602337e34d11a8f6

                                      SHA1

                                      09ea1dee4b7c969771e97991c8f5826de637716f

                                      SHA256

                                      219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a

                                      SHA512

                                      a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\rtutils[1]

                                      Filesize

                                      244B

                                      MD5

                                      c0a4cebb2c15be8262bf11de37606e07

                                      SHA1

                                      cafc2ccb797df31eecd3ae7abd396567de8e736d

                                      SHA256

                                      7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1

                                      SHA512

                                      cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\runtime[1]

                                      Filesize

                                      42KB

                                      MD5

                                      5d4657b90d2e41960ebe061c1fd494b8

                                      SHA1

                                      71eca85088ccbd042cb861c98bccb4c7dec9d09d

                                      SHA256

                                      93a647b1f2cadcbdb0fe9c46b82b2b4baf7685167de05933811549145c584ee0

                                      SHA512

                                      237738c0a6cb25efe29effc9c3637245e3e2397207ed51e67bae5a1b54749f88e090de524f7868d964debbb29a920a68205ccbd2dfceed4a1f3cd72d08b16fa3

                                    • C:\Users\Admin\AppData\Local\Temp\Cab2A9C.tmp

                                      Filesize

                                      70KB

                                      MD5

                                      49aebf8cbd62d92ac215b2923fb1b9f5

                                      SHA1

                                      1723be06719828dda65ad804298d0431f6aff976

                                      SHA256

                                      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                      SHA512

                                      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                    • C:\Users\Admin\AppData\Local\Temp\Tar2ADE.tmp

                                      Filesize

                                      181KB

                                      MD5

                                      4ea6026cf93ec6338144661bf1202cd1

                                      SHA1

                                      a1dec9044f750ad887935a01430bf49322fbdcb7

                                      SHA256

                                      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                      SHA512

                                      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

                                      Filesize

                                      116KB

                                      MD5

                                      e043a9cb014d641a56f50f9d9ac9a1b9

                                      SHA1

                                      61dc6aed3d0d1f3b8afe3d161410848c565247ed

                                      SHA256

                                      9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

                                      SHA512

                                      4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

                                      Filesize

                                      1.6MB

                                      MD5

                                      199e6e6533c509fb9c02a6971bd8abda

                                      SHA1

                                      b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

                                      SHA256

                                      4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

                                      SHA512

                                      34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

                                      Filesize

                                      12KB

                                      MD5

                                      3adf5e8387c828f62f12d2dd59349d63

                                      SHA1

                                      bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a

                                      SHA256

                                      1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0

                                      SHA512

                                      e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG10.PNG

                                      Filesize

                                      206B

                                      MD5

                                      e05876a818319a4c70cc2c866caea6c3

                                      SHA1

                                      e27c39f87fb04e68c50313919367f1479d418ee1

                                      SHA256

                                      25a2007f1cdefb6461bc35cdee517498572a5c18614b2d60b9222d64c402ab02

                                      SHA512

                                      58bd266dc7f5face87cb59b0f6ffb2a56dda1846e74bfe6abff994f986a0bd6032c6e08b5650aff32c92fcf7f8ab2fdf3874bcf3692ee5b76a297111197265aa

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

                                      Filesize

                                      43KB

                                      MD5

                                      caa1679cdd9d12b5b556dcbd052a66a2

                                      SHA1

                                      1b3429513a5d6f63fa372fa76136edd59d01ad65

                                      SHA256

                                      dbe2426ac4dd762853be5269ab5d15fc67ef00626929b836dee0d4f56639179b

                                      SHA512

                                      ac58a68070806d3e5f736eb4fb2ff2d33eaa9264a3bce203a1b3e43b6a0cf899d5f76b5f87fd693496f99802a1483a3ae7314589ae1cfc52d87133404e34be3b

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG16.PNG

                                      Filesize

                                      644B

                                      MD5

                                      7c30c405d19c2fe417687a3c9407d1fc

                                      SHA1

                                      62849d28e4b524dbdebc4ad2ea4646bdc6a0bed8

                                      SHA256

                                      2ae465c65379fbb48a7129eb14d5039383e2506b07eeeb4616670a8db71b8eba

                                      SHA512

                                      60b3efcc81290bfbe7147bf2447b66bc20cabc45982916aec180c17a5e5ed08cceb740dc8ffe47fcb51f06217635b4abc922422a691693f81de73db6b62782da

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG18.PNG

                                      Filesize

                                      40KB

                                      MD5

                                      55a998b77aa4894e34a1bd8594316b7f

                                      SHA1

                                      f7f710a7723d9b3d339dd744c7eca83d1a0e1b78

                                      SHA256

                                      619772c984fa29dbead3a0441086c748de6c2a577f389fdc92b22764855b98db

                                      SHA512

                                      7052932a369873219795693ecf0797cfae944e10074d26e6f1e3e59cee5b9dc13bc6102dfab8b89a177d264e9a0169c3c63d4babfff3e480d3e88474fc5aacc7

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

                                      Filesize

                                      12KB

                                      MD5

                                      f35117734829b05cfceaa7e39b2b61fb

                                      SHA1

                                      342ae5f530dce669fedaca053bd15b47e755adc2

                                      SHA256

                                      9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3

                                      SHA512

                                      1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

                                      Filesize

                                      12KB

                                      MD5

                                      f5d6a81635291e408332cc01c565068f

                                      SHA1

                                      72fa5c8111e95cc7c5e97a09d1376f0619be111b

                                      SHA256

                                      4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26

                                      SHA512

                                      33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

                                      Filesize

                                      1.8MB

                                      MD5

                                      5c9fb63e5ba2c15c3755ebbef52cabd2

                                      SHA1

                                      79ce7b10a602140b89eafdec4f944accd92e3660

                                      SHA256

                                      54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

                                      SHA512

                                      262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

                                      Filesize

                                      438B

                                      MD5

                                      8a28c899eb9a0e38337aec03dc0bd343

                                      SHA1

                                      8e38d9c3ceeca47e3b4247712f1f1ede72e03efd

                                      SHA256

                                      a7f18df02aa59a98cabb04a85fee8e62b0a806a3c340b3811a8c3b5a94d2208e

                                      SHA512

                                      0524dfb937827dc4fe78dddf8b8b4f08715bd690f926a3e9361887d5860e6b550c54fd71580d876bedca189c8bb09295c11e27b49da958bb0713ad274e9a4fcd

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

                                      Filesize

                                      151KB

                                      MD5

                                      c2be5f72a6cb93af45f70fcd786149a6

                                      SHA1

                                      91a3250d829e7019c7b96dc2886f1d961169a87f

                                      SHA256

                                      f616ad0cc12e4c8c01b1af5dd208aae46a5fdb1b02e8a192dfe84283e1161ca6

                                      SHA512

                                      522b82e48fc4d6c94236f6598352ef198500ef83f2b8d890dd14901173b35d179c567e9540908a9bf145f2492043fa6848182634ee4c58956418884449f223bb

                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      07552732fa64db456300880d52e81b2f

                                      SHA1

                                      9a653ea405f5f26ec0c2d9a0bc9bcb11ba010efc

                                      SHA256

                                      94bc1aa272183daf13f24594493eea40e02cb9861c76f9de3711c139f5315226

                                      SHA512

                                      47e97e300330ec1523f4af6e87b9866fae2e90cd9b59fc4d02e53e29b223691f980daf1f221f5286dbc1a9a9ddf6e01e7a597c5cf763710c51d84c8d5bac60b0

                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                      Filesize

                                      1KB

                                      MD5

                                      b6affd732707d965be3d2889c7d0c09e

                                      SHA1

                                      b90f18aab25bcba9b96baff7289d4b7d81e9157b

                                      SHA256

                                      b27142ae868367f47568cfefdd6c1c94a6076e9157d8b09eb175e887a937b627

                                      SHA512

                                      4b7ef29b14a227e7ffa44a1fe940bff3b0f892b464693e2ef1b29aa59ec05735a957d678bdd0abfc2b01d5e0fa6345d646c166ba43005cd787260ed308ae8886

                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                      Filesize

                                      3KB

                                      MD5

                                      aa72dfeea0d666f50e7b2a3db9ae1344

                                      SHA1

                                      4976f961929c87d57775487f7eb261cba6f6cceb

                                      SHA256

                                      4898711f0b6a75985e9e7ea854cd871b0f278e1515fbcabc1b29f7a1fd24bdfd

                                      SHA512

                                      16d88dc2918f9d6482f6ff893bfa53b3c88d86dbf5401378431415e6045bce5f9c3ae67b5f3dcdb724263adf9bf9b1ae9c8b166ca1e2763fb6ca5ec6214a91d9

                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                      Filesize

                                      4KB

                                      MD5

                                      d7ec5f84cc0f5898725992d5377b2307

                                      SHA1

                                      80870b5364330f70213aebea2eafa50a4531ab39

                                      SHA256

                                      e669cd7ec2b7f4a2869c7b71eb111e73dc8b5a4f65e0879b409f78189aadc7b1

                                      SHA512

                                      b10ba93bffd83319e191031a178628106a3823be84ecc03dcb292005e8b611ce3e3d5b0d77a29ebb5e00225c4d747d8b1b17d23dc0f6374462f66c6874299354

                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                      Filesize

                                      23KB

                                      MD5

                                      372b032780ae5d7ce5c2e44eb60682b7

                                      SHA1

                                      4edb3074fc09cf473c8c984fe3eb697511c826a9

                                      SHA256

                                      967a6ac3e7f57c2003d50e463f42a7bb3dd8f2e36ab26edbb50c50ad883f6537

                                      SHA512

                                      58b0e50a7742fee3cc6c0355e24887aed1ad21494829a014a18dc86ff688d80f499ddee94e80cc1460bf5d8141b076f5654dc675e3a9d4c3669af21fe69177a4

                                    • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

                                      Filesize

                                      752B

                                      MD5

                                      e6ab5d300fb7cf8427fbe3bc79c54ba9

                                      SHA1

                                      b7f4f94bd762fbcbe3faf438bf9b87aff2b46cc9

                                      SHA256

                                      51173e79fc53f027364218643e482afef30c4bad397d68e17109f45ffa106b17

                                      SHA512

                                      03868e5807607bb265bb98036003094cb7c3d777840f85832925eaaf2ea2b29e8b71b1e7a19e6bc72dd9e593f8cd062b7b5bbead6a1939825b78999c368208c6

                                    • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

                                      Filesize

                                      9.1MB

                                      MD5

                                      3fd8ea8955585f1867dfe40bcebe4f6a

                                      SHA1

                                      e79885c300af3111f15e56544d4dab7f5187dab0

                                      SHA256

                                      4a57d4e4de95e922353d327b318ef70de5431d57254f23487af9a87a2bd5d346

                                      SHA512

                                      42d8f094eb5b534303e90534d0bad4e4de9f72d002fffb75b7d905d7f921fc12a15451671b71017de9ffb00c5d21e34909b34e4b3e13ca6897d6971ba969c029

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

                                      Filesize

                                      45KB

                                      MD5

                                      8d3ab0397e7ba9efa2846eeef91fadb9

                                      SHA1

                                      b4cf2276b49eea398f235eb31ee2a4cf0164ddcc

                                      SHA256

                                      5c27f4cc28f3b669cb5451a8409cd4e29e33602e88069c3cd1d8c665817a6d86

                                      SHA512

                                      31823f9228b0a2fd92f53ac9bfee6d7bd7875728a5fd460185a94be61d1b2561191a8045da0c0ced531584db6adb2ef3cb9e012ea45eba0ef12418a04036829e

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG12.PNG

                                      Filesize

                                      22KB

                                      MD5

                                      6e040558ab4d86db9d6b58aa116f65c6

                                      SHA1

                                      fce17cede4b509099f1a52c3ac4e047253377619

                                      SHA256

                                      388b06a9890ad0d80aa3620e5d5853cb467d3d5a7ea7b200897efa6b6153b49d

                                      SHA512

                                      a5e77e570b0759424142e2badb76951201af795f38f753820a7474929618cb851559f041d46e3a71494bd10c35a99e9169a17768c4948d1aa037fa94e6edd06e

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG14.PNG

                                      Filesize

                                      41KB

                                      MD5

                                      d3131c8c7da096272bcc268678e15220

                                      SHA1

                                      a9b29220df37778dba60c01106dfd273fe39747c

                                      SHA256

                                      f0302843a75c970983da062efda4ab15b543d7eab9144397e0f5ab79b2afe7e5

                                      SHA512

                                      b97032c7dd764d0aa7821cc71e75119dcf8caf546f573cd34b4e9f014bba4e4a875b3d92810cdb8eeacf1329b0bc869ab82f12fb8a5f8dbae2c96eff780449c5

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

                                      Filesize

                                      475B

                                      MD5

                                      acb28002101f619758b078ea59ae43af

                                      SHA1

                                      bb4ba45f34d4322373024314b5f907ad3c4df951

                                      SHA256

                                      883cdd488bcf9430a0a528ab243749a0d8bcc1b76ea07baacad156c58ada374c

                                      SHA512

                                      6d7493216dc1ac3b576ad7c294756d68678394de15f60039e81cc53ab6804fb616620aa37218b16afb2a5ec3175e1cd914fa2c0ce9ca8ac2f0539d641b23d2ef

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

                                      Filesize

                                      368B

                                      MD5

                                      2caa7c010df8b7f1dae4000801f13e10

                                      SHA1

                                      c550373cdf64262baea708ec3c975ff5067db357

                                      SHA256

                                      1625e6fe0ae1521dae012445b1c7f83f5c453e343371b4336f4437da03a00b61

                                      SHA512

                                      b5defb1bac181070a9e93e6fddce5efebd391e91d7f180dafe1d2ed8e8761463ab18e4d601c30ba2dc1116e97ac4576a93c0c085a22a433df2a18fc43ea15eb0

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                      Filesize

                                      3KB

                                      MD5

                                      d4199e27ccc0b2079abb220700518e6d

                                      SHA1

                                      8f99587ab291c8e38d26bd82d79c69291ffaa5e9

                                      SHA256

                                      09bfcc5ebc0791e8cb633cd49e315ce472a70e28187146fabdd0e3aec3d45da5

                                      SHA512

                                      0278ad7e78cc0ec3529368293d958c8cc810de0f281cadf63a1f2632cae04b2d1eff0758e0f8daa9b6ceb642cfec0553973c378763372801a85d585a2466ece5

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                      Filesize

                                      3KB

                                      MD5

                                      3a22afca76aa6c73e4809c192f36040d

                                      SHA1

                                      fa520c0852fc3b6c74affc76d18bec1e1e21f0f4

                                      SHA256

                                      5d52cdb1e50c78a0de86eadb9d1b163d744d6e7d34d75442e4271e56cedb69b8

                                      SHA512

                                      7c88cc3c9312d212eb3866b87fc0d4c08646bead68a2a326841460793cee886a8a71989d9da1c9ccbf75f5cc314bac11afbec29d0fd459b97855afdc66af36c1

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                      Filesize

                                      4KB

                                      MD5

                                      1309abb4d7695b135de1bccb3d0383bd

                                      SHA1

                                      6435990c33f357ecdad2f72f11da62a766c4abd8

                                      SHA256

                                      d705428077945f54aea3cb29ccf04123369634444a578cd9f01ab1b947d454c3

                                      SHA512

                                      05440cbc9f24a56083a4ad63b42cc02b782c46abecdf4b23de9f7d6f8f66b196bcc9fa21920575ba1899735bd2bf398166151e95d2a802288d637ae4ec2ec83a

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                      Filesize

                                      23KB

                                      MD5

                                      4e71e5812d3e701f777d0208f8bd888c

                                      SHA1

                                      cb74ae5e46ace31b881937bd934272c984baabc1

                                      SHA256

                                      83d3045f65179a8e25e0a2da95fc0a0e0094a188f009ac880b31001d8c86fe0c

                                      SHA512

                                      8771e79bf8138728a6e4369aa6bfcfd13063e6ab483da02b58febde82ea9bfd60a948f240a6293c768074fdaab75baf2f2ea0ed8ce5da99808d6eb172bc76957

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                      Filesize

                                      1KB

                                      MD5

                                      f8192050d23a8dd3ea03dca65786aedf

                                      SHA1

                                      533e3e633851803f25a40e36edba5cef658f2f2e

                                      SHA256

                                      ab482b2f5c4bed5ee770c8ee1307fd68af9e6b7328aa978aa40e06c9aa12ba50

                                      SHA512

                                      812905115f581ee4173665ba990fa026ff83ae132a1fd3570113d18b800e5ba12147c23da179915c143a3878b02c9f42d8715e92b11310be60b4a2750ee6a57d

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\dependencies.json

                                      Filesize

                                      17KB

                                      MD5

                                      6d566646f2f374692a6a8b76ff23f59e

                                      SHA1

                                      43025f5b97daa38aeec3407cc20bf60740a319db

                                      SHA256

                                      b700139641a3d5493cb28c9ce00408f70e4e48083c80ed5693c6ae840ee93dd9

                                      SHA512

                                      0e949c4f50656bdbe4bd2ff47661ac62c942b5744d316242e68306bb751bcfe778037ebbcbcd31188125cc88cc243a497fbea6ccf96701668555df5a35586e34

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\resources.json

                                      Filesize

                                      18KB

                                      MD5

                                      f24f4282f4dbdc650884bd55033d7df3

                                      SHA1

                                      5c1aeb01a17701d7b35dd3454b4088dcd82f396d

                                      SHA256

                                      5690815ca9ad02021f49c1df8fd360a1ac29ef3781c15cb074a064b8669d12a2

                                      SHA512

                                      9d02cad4043de8c09498ed629c5d0c7763f8f4c35166919879acfb3670961e2b943234d0e721cd6b28485af477905437ec4743b41b2dbf8622d7831b0a62801e

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

                                      Filesize

                                      3KB

                                      MD5

                                      aba7fce4661d0d6ea8c40eb63f4718b0

                                      SHA1

                                      0fefed36b06f8a784736dbd504450b1574ada129

                                      SHA256

                                      551d3edbcbea195bc37a1ad887a21452131c132123d1a643be43411932403fee

                                      SHA512

                                      6fee54c2a174743342165846811e39c32eca318b424d1f8a138951cd1c5b0a9c033e5490921b943b84bf47197ede9bbf9c052292295032413abc54c8d63e806d

                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

                                      Filesize

                                      3KB

                                      MD5

                                      e2cbea0a8a22b79e63558273dded5e6c

                                      SHA1

                                      bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61

                                      SHA256

                                      10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007

                                      SHA512

                                      a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

                                    • C:\Windows\Installer\f7955e3.msi

                                      Filesize

                                      1.0MB

                                      MD5

                                      d7390d55b7462787b910a8db0744c1e0

                                      SHA1

                                      b0c70c3ec91d92d51d52d4f205b5a261027ba80c

                                      SHA256

                                      4a2f7d9d33e4ad643bf72722587f2b268d92dab3bb1d9bc56af316672e34728a

                                      SHA512

                                      64f3837dd6099561ce9be97d6fae0b11f3f6cc08281f1a3266d5a6f3ca8baf13bbd780735ef62b449b577d62d086f942b48519671226c60f0e1480f9dbdde434

                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

                                      Filesize

                                      1.7MB

                                      MD5

                                      dabd469bae99f6f2ada08cd2dd3139c3

                                      SHA1

                                      6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

                                      SHA256

                                      89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

                                      SHA512

                                      9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

                                      Filesize

                                      97KB

                                      MD5

                                      da1d0cd400e0b6ad6415fd4d90f69666

                                      SHA1

                                      de9083d2902906cacf57259cf581b1466400b799

                                      SHA256

                                      7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                                      SHA512

                                      f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      9f2cbab656781156f02719d178f03397

                                      SHA1

                                      76314dae18fe0a180741092dd6d92e2e482d7189

                                      SHA256

                                      d598a49b789c47ca2187a42b24ac9b00d16021865110649bc5b5022742f6856f

                                      SHA512

                                      30480de042c8ef4c09da126a3bfd00aee794bbc0ecedf153542dd9395a74378e1a65d3df51ee877be1e875ff8f86bcb4988fa067aac4f7b35098bb9c896e8d47

                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

                                      Filesize

                                      325KB

                                      MD5

                                      c333af59fa9f0b12d1cd9f6bba111e3a

                                      SHA1

                                      66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

                                      SHA256

                                      fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

                                      SHA512

                                      2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

                                    • \Windows\Installer\MSI5BFB.tmp

                                      Filesize

                                      953KB

                                      MD5

                                      64a261a6056e5d2396e3eb6651134bee

                                      SHA1

                                      32a34baf051b514f12b3e3733f70e608083500f9

                                      SHA256

                                      15c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0

                                      SHA512

                                      d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8

                                    • memory/940-3042-0x0000000000160000-0x000000000016A000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/940-3041-0x0000000000160000-0x000000000016A000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/940-4115-0x0000000000160000-0x000000000016A000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/940-4116-0x0000000000160000-0x000000000016A000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/1604-2613-0x0000000001F20000-0x0000000001F21000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1604-2639-0x0000000001F20000-0x0000000001F21000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1604-2609-0x0000000001F20000-0x0000000001F21000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1604-2591-0x0000000001F20000-0x0000000001F21000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1604-2604-0x0000000001F20000-0x0000000001F21000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2000-841-0x0000000002C70000-0x0000000003059000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2000-842-0x0000000002C70000-0x0000000003059000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2000-920-0x0000000002C70000-0x0000000003059000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2000-840-0x0000000002C70000-0x0000000003059000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2160-2698-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2160-2653-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2160-2666-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2160-2669-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2208-2914-0x0000000000110000-0x0000000000111000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2448-845-0x0000000001170000-0x0000000001559000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2448-918-0x0000000001170000-0x0000000001559000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2592-6-0x0000000003020000-0x0000000003409000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2592-15-0x0000000003020000-0x0000000003409000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2592-692-0x0000000003020000-0x0000000003409000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2692-2764-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

                                      Filesize

                                      64KB

                                    • memory/2704-2418-0x00000000005A0000-0x00000000005A1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2728-919-0x0000000003800000-0x0000000003810000-memory.dmp

                                      Filesize

                                      64KB

                                    • memory/2728-789-0x0000000010000000-0x0000000010051000-memory.dmp

                                      Filesize

                                      324KB

                                    • memory/2728-1811-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-1678-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-1660-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-1661-0x0000000010000000-0x0000000010051000-memory.dmp

                                      Filesize

                                      324KB

                                    • memory/2728-925-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-2575-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-2807-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-855-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-1679-0x0000000010000000-0x0000000010051000-memory.dmp

                                      Filesize

                                      324KB

                                    • memory/2728-808-0x0000000003800000-0x0000000003810000-memory.dmp

                                      Filesize

                                      64KB

                                    • memory/2728-788-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-1812-0x0000000010000000-0x0000000010051000-memory.dmp

                                      Filesize

                                      324KB

                                    • memory/2728-695-0x0000000010000000-0x0000000010051000-memory.dmp

                                      Filesize

                                      324KB

                                    • memory/2728-693-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-3801-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-1680-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/2728-687-0x0000000000AD0000-0x0000000000AD3000-memory.dmp

                                      Filesize

                                      12KB

                                    • memory/2728-685-0x0000000010000000-0x0000000010051000-memory.dmp

                                      Filesize

                                      324KB

                                    • memory/2728-18-0x0000000000D50000-0x0000000001139000-memory.dmp

                                      Filesize

                                      3.9MB

                                    • memory/3020-2897-0x0000000000410000-0x0000000000411000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3020-2902-0x0000000000410000-0x0000000000411000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3104-4028-0x0000000001CC0000-0x0000000001CCA000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/3104-4027-0x0000000001CC0000-0x0000000001CCA000-memory.dmp

                                      Filesize

                                      40KB