Analysis
-
max time kernel
115s -
max time network
174s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24/09/2024, 16:35
Static task
static1
Behavioral task
behavioral1
Sample
TLauncher-Installer-1.5.2.exe
Resource
win7-20240903-en
General
-
Target
TLauncher-Installer-1.5.2.exe
-
Size
24.1MB
-
MD5
bf7c6b903ee4acb62a91c2c46d773f88
-
SHA1
68a5e851745b2c0620cc3a54797f5a440f849df1
-
SHA256
31109bf139e93350f2adf5aceb87184ad8dacebf3ad31190451f44768a9f6725
-
SHA512
7d3f82ec46c26fab2270181e7fcb6dc683ce66053dee1bff150960bb8416d0db28c37a324fbfa1bb0a7f424047dfac2f3d32deafc00f99c335e312bc38452e64
-
SSDEEP
786432:TKQdii3bJZM9irrKJBH5lFRqkd4zUcjc+orlG:TKULMQPKJBZlCkOQcrorl
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 7 IoCs
pid Process 2728 irsetup.exe 2000 BrowserInstaller.exe 2448 irsetup.exe 2632 jre-windows.exe 2692 jre-windows.exe 1812 installer.exe 2704 javaw.exe -
Loads dropped DLL 64 IoCs
pid Process 2592 TLauncher-Installer-1.5.2.exe 2592 TLauncher-Installer-1.5.2.exe 2592 TLauncher-Installer-1.5.2.exe 2592 TLauncher-Installer-1.5.2.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2000 BrowserInstaller.exe 2000 BrowserInstaller.exe 2000 BrowserInstaller.exe 2000 BrowserInstaller.exe 2448 irsetup.exe 2448 irsetup.exe 2448 irsetup.exe 2728 irsetup.exe 2632 jre-windows.exe 1252 Process not Found 1252 Process not Found 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2172 MsiExec.exe 2264 msiexec.exe 1812 installer.exe 1812 installer.exe 1812 installer.exe 844 Process not Found 844 Process not Found 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe 2704 javaw.exe -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 2652 icacls.exe -
Blocklisted process makes network request 1 IoCs
flow pid Process 28 2264 msiexec.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Q: msiexec.exe -
Installs/modifies Browser Helper Object 2 TTPs 6 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" installer.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\system32\WindowsAccessBridge-64.dll installer.exe File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll installer.exe -
resource yara_rule behavioral1/files/0x0007000000018b4d-3.dat upx behavioral1/memory/2592-6-0x0000000003020000-0x0000000003409000-memory.dmp upx behavioral1/memory/2728-18-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-693-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-788-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/files/0x000300000001d8f1-843.dat upx behavioral1/memory/2448-845-0x0000000001170000-0x0000000001559000-memory.dmp upx behavioral1/memory/2728-855-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2448-918-0x0000000001170000-0x0000000001559000-memory.dmp upx behavioral1/memory/2728-925-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-1660-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-1678-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-1680-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-1811-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-2575-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-2807-0x0000000000D50000-0x0000000001139000-memory.dmp upx behavioral1/memory/2728-3801-0x0000000000D50000-0x0000000001139000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\security\java.security msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\meta-index msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\logging.properties msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\eula.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\keytool.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa javaw.exe File created C:\Program Files\Java\jre-1.8\bin\npt.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\klist.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\servertool.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md msiexec.exe File created C:\Program Files\Java\jre-1.8\release msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\javaws.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\jfr.jar msiexec.exe File created C:\Program Files\Java\jre-1.8\README.txt msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\pack200.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\t2k.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\hprof.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\javaws.jar msiexec.exe File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\bin\jli.dll msiexec.exe File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc msiexec.exe -
Drops file in Windows directory 17 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI5D63.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI62F5.tmp msiexec.exe File opened for modification C:\Windows\Installer\f7955dd.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6267.tmp msiexec.exe File created C:\Windows\Installer\f7955e0.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI6E20.tmp msiexec.exe File created C:\Windows\Installer\f7955dd.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI5F97.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI60B1.tmp msiexec.exe File created C:\Windows\Installer\f7955e2.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI5BFB.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI5E6D.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI61AB.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI63FF.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSI676A.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI68A3.tmp msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TLauncher-Installer-1.5.2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language irsetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BrowserInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language irsetup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msiexec.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msiexec.exe -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" installer.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main irsetup.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main jre-windows.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_21" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBC}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0314-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_314" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0207-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0053-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0131-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0324-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_324" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0356-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0062-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0095-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0102-ABCDEFFEDCBB}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0111-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0248-ABCDEFFEDCBC}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0200-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0187-ABCDEFFEDCBC} installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0258-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0408-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0146-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0194-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_194" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0350-ABCDEFFEDCBA}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_20" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_01" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0117-ABCDEFFEDCBB}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0213-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_213" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0183-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_183" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0203-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0402-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_402" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0169-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_169" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0341-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_65" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0213-ABCDEFFEDCBB}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0147-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0184-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_23" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}\InprocServer32 installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0274-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_274" installer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0394-ABCDEFFEDCBA}\InprocServer32 installer.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0113-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_113" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0368-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0050-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0163-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_163" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_44" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_06" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}\InprocServer32 installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}\INPROCSERVER32 installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_12" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_48" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_75" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBC} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0027-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_32" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0091-ABCDEFFEDCBC}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0141-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0070-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0163-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0087-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_01" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0278-ABCDEFFEDCBA} installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0294-ABCDEFFEDCBB}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0188-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBB}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0073-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0054-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_54" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0126-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_126" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0114-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_58" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0006-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_06" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0204-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0197-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0202-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\INPROCSERVER32 installer.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 irsetup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde irsetup.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2448 irsetup.exe 2448 irsetup.exe 2264 msiexec.exe 2264 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2692 jre-windows.exe Token: SeIncreaseQuotaPrivilege 2692 jre-windows.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeSecurityPrivilege 2264 msiexec.exe Token: SeCreateTokenPrivilege 2692 jre-windows.exe Token: SeAssignPrimaryTokenPrivilege 2692 jre-windows.exe Token: SeLockMemoryPrivilege 2692 jre-windows.exe Token: SeIncreaseQuotaPrivilege 2692 jre-windows.exe Token: SeMachineAccountPrivilege 2692 jre-windows.exe Token: SeTcbPrivilege 2692 jre-windows.exe Token: SeSecurityPrivilege 2692 jre-windows.exe Token: SeTakeOwnershipPrivilege 2692 jre-windows.exe Token: SeLoadDriverPrivilege 2692 jre-windows.exe Token: SeSystemProfilePrivilege 2692 jre-windows.exe Token: SeSystemtimePrivilege 2692 jre-windows.exe Token: SeProfSingleProcessPrivilege 2692 jre-windows.exe Token: SeIncBasePriorityPrivilege 2692 jre-windows.exe Token: SeCreatePagefilePrivilege 2692 jre-windows.exe Token: SeCreatePermanentPrivilege 2692 jre-windows.exe Token: SeBackupPrivilege 2692 jre-windows.exe Token: SeRestorePrivilege 2692 jre-windows.exe Token: SeShutdownPrivilege 2692 jre-windows.exe Token: SeDebugPrivilege 2692 jre-windows.exe Token: SeAuditPrivilege 2692 jre-windows.exe Token: SeSystemEnvironmentPrivilege 2692 jre-windows.exe Token: SeChangeNotifyPrivilege 2692 jre-windows.exe Token: SeRemoteShutdownPrivilege 2692 jre-windows.exe Token: SeUndockPrivilege 2692 jre-windows.exe Token: SeSyncAgentPrivilege 2692 jre-windows.exe Token: SeEnableDelegationPrivilege 2692 jre-windows.exe Token: SeManageVolumePrivilege 2692 jre-windows.exe Token: SeImpersonatePrivilege 2692 jre-windows.exe Token: SeCreateGlobalPrivilege 2692 jre-windows.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe Token: SeRestorePrivilege 2264 msiexec.exe Token: SeTakeOwnershipPrivilege 2264 msiexec.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2728 irsetup.exe 2448 irsetup.exe 2448 irsetup.exe 2692 jre-windows.exe 2692 jre-windows.exe 2692 jre-windows.exe 2692 jre-windows.exe -
Suspicious use of WriteProcessMemory 39 IoCs
description pid Process procid_target PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2592 wrote to memory of 2728 2592 TLauncher-Installer-1.5.2.exe 29 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2728 wrote to memory of 2000 2728 irsetup.exe 31 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2000 wrote to memory of 2448 2000 BrowserInstaller.exe 32 PID 2728 wrote to memory of 2632 2728 irsetup.exe 35 PID 2728 wrote to memory of 2632 2728 irsetup.exe 35 PID 2728 wrote to memory of 2632 2728 irsetup.exe 35 PID 2728 wrote to memory of 2632 2728 irsetup.exe 35 PID 2632 wrote to memory of 2692 2632 jre-windows.exe 36 PID 2632 wrote to memory of 2692 2632 jre-windows.exe 36 PID 2632 wrote to memory of 2692 2632 jre-windows.exe 36 PID 2264 wrote to memory of 2172 2264 msiexec.exe 39 PID 2264 wrote to memory of 2172 2264 msiexec.exe 39 PID 2264 wrote to memory of 2172 2264 msiexec.exe 39 PID 2264 wrote to memory of 2172 2264 msiexec.exe 39 PID 2264 wrote to memory of 2172 2264 msiexec.exe 39 PID 2264 wrote to memory of 1812 2264 msiexec.exe 40 PID 2264 wrote to memory of 1812 2264 msiexec.exe 40 PID 2264 wrote to memory of 1812 2264 msiexec.exe 40 PID 1812 wrote to memory of 2704 1812 installer.exe 41 PID 1812 wrote to memory of 2704 1812 installer.exe 41 PID 1812 wrote to memory of 2704 1812 installer.exe 41
Processes
-
C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.2.exe"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.2.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.5.2.exe" "__IRCT:3" "__IRTSS:25260951" "__IRSID:S-1-5-21-457978338-2990298471-2379561640-1000"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1709878" "__IRSID:S-1-5-21-457978338-2990298471-2379561640-1000"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2448
-
-
-
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\jds259596505.tmp\jre-windows.exe"C:\Users\Admin\AppData\Local\Temp\jds259596505.tmp\jre-windows.exe" "STATIC=1"4⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2692 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus5⤵PID:3020
-
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 305⤵PID:2208
-
-
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"3⤵PID:2660
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"4⤵PID:3104
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Windows\system32\MsiExec.exeC:\Windows\system32\MsiExec.exe -Embedding B627C1CF1754D0A00FA5A7C4438D0E382⤵
- Loads dropped DLL
PID:2172
-
-
C:\Program Files\Java\jre-1.8\installer.exe"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}2⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2704
-
-
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup3⤵PID:2544
-
-
C:\Program Files\Java\jre-1.8\bin\javaws.exe"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent3⤵PID:568
-
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵PID:1604
-
-
-
C:\Program Files\Java\jre-1.8\bin\javaws.exe"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent3⤵PID:2452
-
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵PID:2160
-
-
-
-
C:\Windows\system32\MsiExec.exeC:\Windows\system32\MsiExec.exe -Embedding A71AA40E24F927C9BA819AF442ADB248 M Global\MSI00002⤵PID:3012
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding DC9131633298D73AF3F57456DF126B812⤵PID:1156
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 891C34DEB1935E578047BF499681FD15 M Global\MSI00002⤵PID:2932
-
-
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"1⤵PID:1052
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"2⤵PID:940
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:2652
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
962KB
MD53db59eaa0880f52c2bfaf14f70cda26f
SHA1e451c0ebeccb97e3c18f8b8a5ad6b55ff064c9a5
SHA2564e9e5b365eae3e7615ad7a5f45317843e221b75d9bb9d0ccd21a1696e1d72821
SHA512aab49d3b29e4bd0456abb7952ff33ee7f7f3daf1a216fd9a825e7e1fc7df176959907753dd3737c3d1e0ad6a7113f9354a35c4302a4f43a157477e2c25c29840
-
Filesize
7KB
MD571ca615ba88c1c72df9b165f9eec1f4f
SHA1cf458b178cd5547e85da4ee2fda403097a0ae066
SHA256c115442351dce4ef3e7a8a8ec9a9e40372c90f59f10f6fdeb971e757cc3070cc
SHA512cc64796fb68e4393a6bf39542f47a3dfe2a43cef818ea351ad07741ee52b7f91eb543ddcbed1d36a2654a8e80d2f361a6288c0982580a0f7503e44ad8d08206e
-
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk
Filesize197B
MD5b5e1de7d05841796c6d96dfe5b8b338c
SHA1c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d
-
Filesize
177B
MD56684bd30905590fb5053b97bfce355bc
SHA141f6b2b3d719bc36743037ae2896c3d5674e8af7
SHA256aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20
SHA5121748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644
-
Filesize
173B
MD5625bd85c8b8661c2d42626fc892ee663
SHA186c29abb8b229f2d982df62119a23976a15996d9
SHA25663c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a
SHA51207708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD5b4ad493c69fe5464fced9ffc402f66fd
SHA16ec9d3b8520f7a1cf520e46f17fc32df062be3a1
SHA2569c8afb3ffd5c711cc0e5fb3e7013ae28787b3c6cb660c42affe17b209579324c
SHA512649e34ebe653e03cd9687423b5163428ac7e2e0f15ff3787f645ca5af283f3ffd93d0bc58c247aec64f17a486f16635e5d4561072768994a307883b490c0561c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa7552efe2578119d80f89e389cacbd4
SHA18e534a03b8faf85dc16f5a6a9f609bba3dde3f02
SHA2567972eb55216396a422989fa97acf9ac4146995184ab4de106b06055b6d496cfd
SHA512fffd06dd7a024a98f00b115ba4ec90ef370ce444215b8c2ed0da4eb59d40cc36819496a31b64dfb5306c0c4e05c0eefeaeb2f8fce1303d674100e9480b0ae852
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c1ce0f736e0694900fc80e3e75deb18
SHA1e67919f0e822ddd5ffc364b0d70a1e3b3bd22129
SHA256512a384c1b7badeab50f0937e738e857d2a06c4ddcd28321323ba99f148b7c7b
SHA512044d7b352ff4cbc7541400205b2217565fb7ab33b6d66dec9cf87773209bc52877216629b1e4b1178a52a9d0f2d17ddd0afc7d8d108fe6767a86ede6e41e5441
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b025672747da760288c38a018f11d5b
SHA18ca5939500100a3fd5f4504e17f532d08900ac86
SHA2560eda6d0aee60b79d0a5ff758347ae62244e503337579c8c855ac45ffca7a05df
SHA5128d9cc69b5d7c3d4d49f614b3c2d66dba4a22ab67fbf92a7792577145e378ba467b0ea6adf2c4193c491b1ed9eb29f4ad02e340725a4eab2f35b0d8746fb251d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD5fcd3c947feee620b76ce9bd901d01646
SHA148cb8fa189ed24f6ca944c7176d0743f77bcc560
SHA256d1bdb8991d933cde482f22d23fd9e3f76790867a2c9d353e98e498720e35bb72
SHA51268c5bd136cff3f0f920b41465ff4186023d163841b95e2b07cb00b99254cde5c186f6d47b6b275409f53a022b20e05e0c4245fe452a4bbca4250980d0c01e483
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\l10n[1]
Filesize4KB
MD51fd5111b757493a27e697d57b351bb56
SHA19ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711
SHA25685bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f
SHA51280f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\masthead_fill[1]
Filesize1KB
MD591a7b390315635f033459904671c196d
SHA1b996e96492a01e1b26eb62c17212e19f22b865f3
SHA256155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00
SHA512b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\host[1]
Filesize1KB
MD5a752a4469ac0d91dd2cb1b766ba157de
SHA1724ae6b6d6063306cc53b6ad07be6f88eaffbab3
SHA2561e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3
SHA512abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\layout[1]
Filesize2KB
MD5cc86b13a186fa96dfc6480a8024d2275
SHA1d892a7f06dc12a0f2996cc094e0730fe14caf51a
SHA256fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058
SHA5120e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\masthead_left[1]
Filesize4KB
MD5b663555027df2f807752987f002e52e7
SHA1aef83d89f9c712a1cbf6f1cd98869822b73d08a6
SHA2560ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879
SHA512b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQU8S4LJ\common[1]
Filesize1KB
MD5f5bb484d82e7842a602337e34d11a8f6
SHA109ea1dee4b7c969771e97991c8f5826de637716f
SHA256219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a
SHA512a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\rtutils[1]
Filesize244B
MD5c0a4cebb2c15be8262bf11de37606e07
SHA1cafc2ccb797df31eecd3ae7abd396567de8e736d
SHA2567da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1
SHA512cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\runtime[1]
Filesize42KB
MD55d4657b90d2e41960ebe061c1fd494b8
SHA171eca85088ccbd042cb861c98bccb4c7dec9d09d
SHA25693a647b1f2cadcbdb0fe9c46b82b2b4baf7685167de05933811549145c584ee0
SHA512237738c0a6cb25efe29effc9c3637245e3e2397207ed51e67bae5a1b54749f88e090de524f7868d964debbb29a920a68205ccbd2dfceed4a1f3cd72d08b16fa3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
116KB
MD5e043a9cb014d641a56f50f9d9ac9a1b9
SHA161dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA2569dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA5124ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f
-
Filesize
1.6MB
MD5199e6e6533c509fb9c02a6971bd8abda
SHA1b95e5ef6c4c5a15781e1046c9a86d7035f1df26d
SHA2564257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8
SHA51234d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579
-
Filesize
12KB
MD53adf5e8387c828f62f12d2dd59349d63
SHA1bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA2561d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be
-
Filesize
206B
MD5e05876a818319a4c70cc2c866caea6c3
SHA1e27c39f87fb04e68c50313919367f1479d418ee1
SHA25625a2007f1cdefb6461bc35cdee517498572a5c18614b2d60b9222d64c402ab02
SHA51258bd266dc7f5face87cb59b0f6ffb2a56dda1846e74bfe6abff994f986a0bd6032c6e08b5650aff32c92fcf7f8ab2fdf3874bcf3692ee5b76a297111197265aa
-
Filesize
43KB
MD5caa1679cdd9d12b5b556dcbd052a66a2
SHA11b3429513a5d6f63fa372fa76136edd59d01ad65
SHA256dbe2426ac4dd762853be5269ab5d15fc67ef00626929b836dee0d4f56639179b
SHA512ac58a68070806d3e5f736eb4fb2ff2d33eaa9264a3bce203a1b3e43b6a0cf899d5f76b5f87fd693496f99802a1483a3ae7314589ae1cfc52d87133404e34be3b
-
Filesize
644B
MD57c30c405d19c2fe417687a3c9407d1fc
SHA162849d28e4b524dbdebc4ad2ea4646bdc6a0bed8
SHA2562ae465c65379fbb48a7129eb14d5039383e2506b07eeeb4616670a8db71b8eba
SHA51260b3efcc81290bfbe7147bf2447b66bc20cabc45982916aec180c17a5e5ed08cceb740dc8ffe47fcb51f06217635b4abc922422a691693f81de73db6b62782da
-
Filesize
40KB
MD555a998b77aa4894e34a1bd8594316b7f
SHA1f7f710a7723d9b3d339dd744c7eca83d1a0e1b78
SHA256619772c984fa29dbead3a0441086c748de6c2a577f389fdc92b22764855b98db
SHA5127052932a369873219795693ecf0797cfae944e10074d26e6f1e3e59cee5b9dc13bc6102dfab8b89a177d264e9a0169c3c63d4babfff3e480d3e88474fc5aacc7
-
Filesize
12KB
MD5f35117734829b05cfceaa7e39b2b61fb
SHA1342ae5f530dce669fedaca053bd15b47e755adc2
SHA2569c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA5121805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471
-
Filesize
12KB
MD5f5d6a81635291e408332cc01c565068f
SHA172fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA2564c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA51233333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a
-
Filesize
1.8MB
MD55c9fb63e5ba2c15c3755ebbef52cabd2
SHA179ce7b10a602140b89eafdec4f944accd92e3660
SHA25654ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7
SHA512262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584
-
Filesize
438B
MD58a28c899eb9a0e38337aec03dc0bd343
SHA18e38d9c3ceeca47e3b4247712f1f1ede72e03efd
SHA256a7f18df02aa59a98cabb04a85fee8e62b0a806a3c340b3811a8c3b5a94d2208e
SHA5120524dfb937827dc4fe78dddf8b8b4f08715bd690f926a3e9361887d5860e6b550c54fd71580d876bedca189c8bb09295c11e27b49da958bb0713ad274e9a4fcd
-
Filesize
151KB
MD5c2be5f72a6cb93af45f70fcd786149a6
SHA191a3250d829e7019c7b96dc2886f1d961169a87f
SHA256f616ad0cc12e4c8c01b1af5dd208aae46a5fdb1b02e8a192dfe84283e1161ca6
SHA512522b82e48fc4d6c94236f6598352ef198500ef83f2b8d890dd14901173b35d179c567e9540908a9bf145f2492043fa6848182634ee4c58956418884449f223bb
-
Filesize
1.2MB
MD507552732fa64db456300880d52e81b2f
SHA19a653ea405f5f26ec0c2d9a0bc9bcb11ba010efc
SHA25694bc1aa272183daf13f24594493eea40e02cb9861c76f9de3711c139f5315226
SHA51247e97e300330ec1523f4af6e87b9866fae2e90cd9b59fc4d02e53e29b223691f980daf1f221f5286dbc1a9a9ddf6e01e7a597c5cf763710c51d84c8d5bac60b0
-
Filesize
1KB
MD5b6affd732707d965be3d2889c7d0c09e
SHA1b90f18aab25bcba9b96baff7289d4b7d81e9157b
SHA256b27142ae868367f47568cfefdd6c1c94a6076e9157d8b09eb175e887a937b627
SHA5124b7ef29b14a227e7ffa44a1fe940bff3b0f892b464693e2ef1b29aa59ec05735a957d678bdd0abfc2b01d5e0fa6345d646c166ba43005cd787260ed308ae8886
-
Filesize
3KB
MD5aa72dfeea0d666f50e7b2a3db9ae1344
SHA14976f961929c87d57775487f7eb261cba6f6cceb
SHA2564898711f0b6a75985e9e7ea854cd871b0f278e1515fbcabc1b29f7a1fd24bdfd
SHA51216d88dc2918f9d6482f6ff893bfa53b3c88d86dbf5401378431415e6045bce5f9c3ae67b5f3dcdb724263adf9bf9b1ae9c8b166ca1e2763fb6ca5ec6214a91d9
-
Filesize
4KB
MD5d7ec5f84cc0f5898725992d5377b2307
SHA180870b5364330f70213aebea2eafa50a4531ab39
SHA256e669cd7ec2b7f4a2869c7b71eb111e73dc8b5a4f65e0879b409f78189aadc7b1
SHA512b10ba93bffd83319e191031a178628106a3823be84ecc03dcb292005e8b611ce3e3d5b0d77a29ebb5e00225c4d747d8b1b17d23dc0f6374462f66c6874299354
-
Filesize
23KB
MD5372b032780ae5d7ce5c2e44eb60682b7
SHA14edb3074fc09cf473c8c984fe3eb697511c826a9
SHA256967a6ac3e7f57c2003d50e463f42a7bb3dd8f2e36ab26edbb50c50ad883f6537
SHA51258b0e50a7742fee3cc6c0355e24887aed1ad21494829a014a18dc86ff688d80f499ddee94e80cc1460bf5d8141b076f5654dc675e3a9d4c3669af21fe69177a4
-
Filesize
752B
MD5e6ab5d300fb7cf8427fbe3bc79c54ba9
SHA1b7f4f94bd762fbcbe3faf438bf9b87aff2b46cc9
SHA25651173e79fc53f027364218643e482afef30c4bad397d68e17109f45ffa106b17
SHA51203868e5807607bb265bb98036003094cb7c3d777840f85832925eaaf2ea2b29e8b71b1e7a19e6bc72dd9e593f8cd062b7b5bbead6a1939825b78999c368208c6
-
Filesize
9.1MB
MD53fd8ea8955585f1867dfe40bcebe4f6a
SHA1e79885c300af3111f15e56544d4dab7f5187dab0
SHA2564a57d4e4de95e922353d327b318ef70de5431d57254f23487af9a87a2bd5d346
SHA51242d8f094eb5b534303e90534d0bad4e4de9f72d002fffb75b7d905d7f921fc12a15451671b71017de9ffb00c5d21e34909b34e4b3e13ca6897d6971ba969c029
-
Filesize
45KB
MD58d3ab0397e7ba9efa2846eeef91fadb9
SHA1b4cf2276b49eea398f235eb31ee2a4cf0164ddcc
SHA2565c27f4cc28f3b669cb5451a8409cd4e29e33602e88069c3cd1d8c665817a6d86
SHA51231823f9228b0a2fd92f53ac9bfee6d7bd7875728a5fd460185a94be61d1b2561191a8045da0c0ced531584db6adb2ef3cb9e012ea45eba0ef12418a04036829e
-
Filesize
22KB
MD56e040558ab4d86db9d6b58aa116f65c6
SHA1fce17cede4b509099f1a52c3ac4e047253377619
SHA256388b06a9890ad0d80aa3620e5d5853cb467d3d5a7ea7b200897efa6b6153b49d
SHA512a5e77e570b0759424142e2badb76951201af795f38f753820a7474929618cb851559f041d46e3a71494bd10c35a99e9169a17768c4948d1aa037fa94e6edd06e
-
Filesize
41KB
MD5d3131c8c7da096272bcc268678e15220
SHA1a9b29220df37778dba60c01106dfd273fe39747c
SHA256f0302843a75c970983da062efda4ab15b543d7eab9144397e0f5ab79b2afe7e5
SHA512b97032c7dd764d0aa7821cc71e75119dcf8caf546f573cd34b4e9f014bba4e4a875b3d92810cdb8eeacf1329b0bc869ab82f12fb8a5f8dbae2c96eff780449c5
-
Filesize
475B
MD5acb28002101f619758b078ea59ae43af
SHA1bb4ba45f34d4322373024314b5f907ad3c4df951
SHA256883cdd488bcf9430a0a528ab243749a0d8bcc1b76ea07baacad156c58ada374c
SHA5126d7493216dc1ac3b576ad7c294756d68678394de15f60039e81cc53ab6804fb616620aa37218b16afb2a5ec3175e1cd914fa2c0ce9ca8ac2f0539d641b23d2ef
-
Filesize
368B
MD52caa7c010df8b7f1dae4000801f13e10
SHA1c550373cdf64262baea708ec3c975ff5067db357
SHA2561625e6fe0ae1521dae012445b1c7f83f5c453e343371b4336f4437da03a00b61
SHA512b5defb1bac181070a9e93e6fddce5efebd391e91d7f180dafe1d2ed8e8761463ab18e4d601c30ba2dc1116e97ac4576a93c0c085a22a433df2a18fc43ea15eb0
-
Filesize
3KB
MD5d4199e27ccc0b2079abb220700518e6d
SHA18f99587ab291c8e38d26bd82d79c69291ffaa5e9
SHA25609bfcc5ebc0791e8cb633cd49e315ce472a70e28187146fabdd0e3aec3d45da5
SHA5120278ad7e78cc0ec3529368293d958c8cc810de0f281cadf63a1f2632cae04b2d1eff0758e0f8daa9b6ceb642cfec0553973c378763372801a85d585a2466ece5
-
Filesize
3KB
MD53a22afca76aa6c73e4809c192f36040d
SHA1fa520c0852fc3b6c74affc76d18bec1e1e21f0f4
SHA2565d52cdb1e50c78a0de86eadb9d1b163d744d6e7d34d75442e4271e56cedb69b8
SHA5127c88cc3c9312d212eb3866b87fc0d4c08646bead68a2a326841460793cee886a8a71989d9da1c9ccbf75f5cc314bac11afbec29d0fd459b97855afdc66af36c1
-
Filesize
4KB
MD51309abb4d7695b135de1bccb3d0383bd
SHA16435990c33f357ecdad2f72f11da62a766c4abd8
SHA256d705428077945f54aea3cb29ccf04123369634444a578cd9f01ab1b947d454c3
SHA51205440cbc9f24a56083a4ad63b42cc02b782c46abecdf4b23de9f7d6f8f66b196bcc9fa21920575ba1899735bd2bf398166151e95d2a802288d637ae4ec2ec83a
-
Filesize
23KB
MD54e71e5812d3e701f777d0208f8bd888c
SHA1cb74ae5e46ace31b881937bd934272c984baabc1
SHA25683d3045f65179a8e25e0a2da95fc0a0e0094a188f009ac880b31001d8c86fe0c
SHA5128771e79bf8138728a6e4369aa6bfcfd13063e6ab483da02b58febde82ea9bfd60a948f240a6293c768074fdaab75baf2f2ea0ed8ce5da99808d6eb172bc76957
-
Filesize
1KB
MD5f8192050d23a8dd3ea03dca65786aedf
SHA1533e3e633851803f25a40e36edba5cef658f2f2e
SHA256ab482b2f5c4bed5ee770c8ee1307fd68af9e6b7328aa978aa40e06c9aa12ba50
SHA512812905115f581ee4173665ba990fa026ff83ae132a1fd3570113d18b800e5ba12147c23da179915c143a3878b02c9f42d8715e92b11310be60b4a2750ee6a57d
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\dependencies.json
Filesize17KB
MD56d566646f2f374692a6a8b76ff23f59e
SHA143025f5b97daa38aeec3407cc20bf60740a319db
SHA256b700139641a3d5493cb28c9ce00408f70e4e48083c80ed5693c6ae840ee93dd9
SHA5120e949c4f50656bdbe4bd2ff47661ac62c942b5744d316242e68306bb751bcfe778037ebbcbcd31188125cc88cc243a497fbea6ccf96701668555df5a35586e34
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.9289\resources.json
Filesize18KB
MD5f24f4282f4dbdc650884bd55033d7df3
SHA15c1aeb01a17701d7b35dd3454b4088dcd82f396d
SHA2565690815ca9ad02021f49c1df8fd360a1ac29ef3781c15cb074a064b8669d12a2
SHA5129d02cad4043de8c09498ed629c5d0c7763f8f4c35166919879acfb3670961e2b943234d0e721cd6b28485af477905437ec4743b41b2dbf8622d7831b0a62801e
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json
Filesize3KB
MD5aba7fce4661d0d6ea8c40eb63f4718b0
SHA10fefed36b06f8a784736dbd504450b1574ada129
SHA256551d3edbcbea195bc37a1ad887a21452131c132123d1a643be43411932403fee
SHA5126fee54c2a174743342165846811e39c32eca318b424d1f8a138951cd1c5b0a9c033e5490921b943b84bf47197ede9bbf9c052292295032413abc54c8d63e806d
-
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json
Filesize3KB
MD5e2cbea0a8a22b79e63558273dded5e6c
SHA1bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA25610d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a
-
Filesize
1.0MB
MD5d7390d55b7462787b910a8db0744c1e0
SHA1b0c70c3ec91d92d51d52d4f205b5a261027ba80c
SHA2564a2f7d9d33e4ad643bf72722587f2b268d92dab3bb1d9bc56af316672e34728a
SHA51264f3837dd6099561ce9be97d6fae0b11f3f6cc08281f1a3266d5a6f3ca8baf13bbd780735ef62b449b577d62d086f942b48519671226c60f0e1480f9dbdde434
-
Filesize
1.7MB
MD5dabd469bae99f6f2ada08cd2dd3139c3
SHA16714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA25689acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA5129c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915
-
Filesize
97KB
MD5da1d0cd400e0b6ad6415fd4d90f69666
SHA1de9083d2902906cacf57259cf581b1466400b799
SHA2567a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a
-
Filesize
1.2MB
MD59f2cbab656781156f02719d178f03397
SHA176314dae18fe0a180741092dd6d92e2e482d7189
SHA256d598a49b789c47ca2187a42b24ac9b00d16021865110649bc5b5022742f6856f
SHA51230480de042c8ef4c09da126a3bfd00aee794bbc0ecedf153542dd9395a74378e1a65d3df51ee877be1e875ff8f86bcb4988fa067aac4f7b35098bb9c896e8d47
-
Filesize
325KB
MD5c333af59fa9f0b12d1cd9f6bba111e3a
SHA166ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA5122f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4
-
Filesize
953KB
MD564a261a6056e5d2396e3eb6651134bee
SHA132a34baf051b514f12b3e3733f70e608083500f9
SHA25615c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0
SHA512d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8