a7c997ba3c3e91c048f80f96f08754948428f6d3fe4001bab79c4ae09d06c5e0

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LegacyLauncher_Installer_legacy.exe
Size

112.3MB
MD5

53eea8664d54198e1989301b12f795da
SHA1

00bddca8bba387a76d6f18fc942859acf9ff5a60
SHA256

a7c997ba3c3e91c048f80f96f08754948428f6d3fe4001bab79c4ae09d06c5e0
SHA512

e05bd2e369b19b818f715a14ceb2c35b2f8409e5524d347d3093ef82667675bf719af17ab77412156aa62748aa17572d622b163bb6d187d917282f49e56ff831
SSDEEP

3145728:kNS0yY1k/bQS8yJQZI3XeKBPKi2O3hE4AGzUVeQgnFV:koqcQ+3XHD2OxEfPQQgnFV

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\International\Geo\Nation	java.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\International\Geo\Nation	java.exe

Executes dropped EXE 7 IoCs

pid	Process
2680	LegacyLauncher_Installer_legacy.tmp
924	TL.exe
1796	javaw.exe
2072	java.exe
2800	TL.exe
2708	javaw.exe
2156	java.exe

Loads dropped DLL 64 IoCs

pid	Process
2164	LegacyLauncher_Installer_legacy.exe
2680	LegacyLauncher_Installer_legacy.tmp
2680	LegacyLauncher_Installer_legacy.tmp
2680	LegacyLauncher_Installer_legacy.tmp
2680	LegacyLauncher_Installer_legacy.tmp
924	TL.exe
924	TL.exe
924	TL.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
1796	javaw.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LegacyLauncher_Installer_legacy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LegacyLauncher_Installer_legacy.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TL.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2680	LegacyLauncher_Installer_legacy.tmp
2680	LegacyLauncher_Installer_legacy.tmp

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeBackupPrivilege	2072	java.exe
Token: SeBackupPrivilege	2072	java.exe
Token: SeSecurityPrivilege	2072	java.exe
Token: SeDebugPrivilege	2072	java.exe
Token: SeBackupPrivilege	2156	java.exe
Token: SeBackupPrivilege	2156	java.exe
Token: SeSecurityPrivilege	2156	java.exe
Token: SeDebugPrivilege	2156	java.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2680	LegacyLauncher_Installer_legacy.tmp

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2072	java.exe
2072	java.exe
2072	java.exe
2072	java.exe
2156	java.exe
2156	java.exe
2156	java.exe
2156	java.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2164 wrote to memory of 2680	2164	LegacyLauncher_Installer_legacy.exe	31
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 2680 wrote to memory of 924	2680	LegacyLauncher_Installer_legacy.tmp	33
PID 924 wrote to memory of 1796	924	TL.exe	34
PID 924 wrote to memory of 1796	924	TL.exe	34
PID 924 wrote to memory of 1796	924	TL.exe	34
PID 924 wrote to memory of 1796	924	TL.exe	34
PID 1796 wrote to memory of 2072	1796	javaw.exe	35
PID 1796 wrote to memory of 2072	1796	javaw.exe	35
PID 1796 wrote to memory of 2072	1796	javaw.exe	35
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2072 wrote to memory of 2800	2072	java.exe	38
PID 2800 wrote to memory of 2708	2800	TL.exe	39
PID 2800 wrote to memory of 2708	2800	TL.exe	39
PID 2800 wrote to memory of 2708	2800	TL.exe	39
PID 2800 wrote to memory of 2708	2800	TL.exe	39
PID 2708 wrote to memory of 2156	2708	javaw.exe	40
PID 2708 wrote to memory of 2156	2708	javaw.exe	40
PID 2708 wrote to memory of 2156	2708	javaw.exe	40

C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe
"C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\is-V18PR.tmp\LegacyLauncher_Installer_legacy.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-V18PR.tmp\LegacyLauncher_Installer_legacy.tmp" /SL5="$50154,115841256,1202688,C:\Users\Admin\AppData\Local\Temp\LegacyLauncher_Installer_legacy.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\TL.exe
    "C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\TL.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:924
  - - C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\javaw.exe
      "C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\javaw.exe" -Xmx128m -Dtlauncher.bootstrap.restartExec=TL.exe -jar "C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\launcher\bootstrap.jar"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious use of WriteProcessMemory
      PID:1796
    - - C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\java.exe
        
        C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\java.exe -Xmx128m -Dfile.encoding=UTF-8 -Dtlauncher.systemCharset=windows-1252 -Dtlauncher.logFolder=C:\Users\Admin\AppData\Roaming\.tlauncher\logs --add-exports java.desktop/sun.awt=javafx.swing -Dtlauncher.bootstrap.restartExec=TL.exe -classpath C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\launcher\bootstrap.jar ru.turikhay.tlauncher.bootstrap.Bootstrap --packageMode windows --targetJar launcher/launcher.jar --targetLibFolder launcher/libraries -- --settings tl.properties
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2072
      - C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\TL.exe
        
        TL.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2800
        
        C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\javaw.exe
        
        "C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\javaw.exe" -Xmx128m -Dtlauncher.bootstrap.restartExec=TL.exe -jar "C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\launcher\bootstrap.jar"
        7⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious use of WriteProcessMemory
        
        PID:2708
        
        C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\java.exe
        
        C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\java.exe -Xmx128m -Dfile.encoding=UTF-8 -Dtlauncher.systemCharset=windows-1252 -Dtlauncher.logFolder=C:\Users\Admin\AppData\Roaming\.tlauncher\logs --add-exports java.desktop/sun.awt=javafx.swing -Dtlauncher.bootstrap.restartExec=TL.exe -classpath C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\launcher\bootstrap.jar ru.turikhay.tlauncher.bootstrap.Bootstrap --packageMode windows --targetJar launcher/launcher.jar --targetLibFolder launcher/libraries -- --settings tl.properties
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Checks processor information in registry
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna15527755601350691992.dll

Filesize
248KB

MD5
34d12b1e2af72d9bb267bbc8c0d53e4a

SHA1
d9ed8776645f6b4f52df16132450863c47ea92d7

SHA256
13b2cac3f50368ab97fa2e3b0d0d2cb612f68449d5bbd6de187fc85ee4469d03

SHA512
c0a063477cf63a8b647ea721842968b506d70ea22c586a412707d7293b46c218b6a510f34b7dbedd3ed29a9d4b5dc5c6a1995403d65884b17348a9545e580a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\tlauncher13905997041693933807.tmp

Filesize
9.2MB

MD5
b48fa1cd2b0f7b9119b89872f221e7b3

SHA1
b849df06ba8411ffdcbf06f99ae873216c6b0b41

SHA256
c7fc0234715124f93c999ab01bfaf3d147f316dc9ee104038ea67fe47255338f

SHA512
92863e149298edf96df43179923bae3d26491c044990dc98d001fc1455437568908838e972a8ed6db92fd5003fce52fbd0cfbfcec06856e62e195d73e85966ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tlauncher14914369575484916919.tmp

Filesize
5.2MB

MD5
e7ca0f51d9c775df07d2a6c21176934b

SHA1
9d013979a2ead1aea14e9a5d73e7034c4b9c6bd0

SHA256
3f547190960bfacc27106abe0c733c26abb61b90993493b37ec48805d8af6f0c

SHA512
1ccfdb13feb2e51dc9aaf7565715d1c40f93e73e79ac2fa35a2b6f55136b180701209c33f8efd6c60be29e6539ccf2032d78605b32d0e6336e3b7bc08c41dff1

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy.properties.tmp

Filesize
96B

MD5
e56182d97333aba544804f8eae04e9dc

SHA1
9fdfdbb8b8c4948372fb0cbc1eb0d0d996a91ee4

SHA256
2488bb1b918920a4f8b091a5de99243d3b13bbe712482878fa25a0cc0586dde2

SHA512
04f3d57c34adb856afefc8c488e3098ef6570dafa2c63d3f24bface5e3d2b4c5dc687906be1490734bd103292b2fe04125c87d46b9c870dd7b37df5f660ff3f7

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\java.dll

Filesize
140KB

MD5
0fe24d48daeb2dbd44c5971545ff4387

SHA1
e43792d276ba212ad84cfbef6d6b5405fc4b76c0

SHA256
86b0f15814202f36fbcb4d220bb37445aec6c03d5473744ab4f567670c142adb

SHA512
e9fd5c87832063a040acc77043d88fae198b7d1d664142144b24954305b2191051bcdca1bd0ad067dc80ef3c9b4cb45f2fc9be1a2c4087407ce883c8c9fd96ca

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\legal\java.compiler\is-5VCVM.tmp

Filesize
49B

MD5
19c9d1d2aad61ce9cb8fb7f20ef1ca98

SHA1
2db86ab706d9b73feeb51a904be03b63bee92baf

SHA256
ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

SHA512
7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\legal\java.compiler\is-71UEQ.tmp

Filesize
44B

MD5
7caf4cdbb99569deb047c20f1aad47c4

SHA1
24e7497426d27fe3c17774242883ccbed8f54b4d

SHA256
b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

SHA512
a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\legal\java.compiler\is-8304M.tmp

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\launcher\bootstrap.jar

Filesize
9.2MB

MD5
45e7627b8542f033fc67ac7fb6d22537

SHA1
e6149d3d7d34f1ba3d8214e66433ce7dd25fb0bb

SHA256
df2d2516e905cdc87a68ec456f881664a5b158ba810934251d7b70a740679588

SHA512
a573ce983c6c93ef53459bffe16b9d442ca1906e58064e53444f74573f43ea2e62c7516823a3eb0f17fc3beadf6dc4fb4ba9b0094b6ef7f02c26d97e0f579f48

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\tl.properties

Filesize
33B

MD5
d51ea22e55089cabbd364622b7bbf48c

SHA1
248e9a020adb095108ce10ded2297ee4026002d4

SHA256
cfdc0a6c68f1eecee2f30eaca09037cee55686ae0ced791d6ae823b0dcb283fb

SHA512
c120a865cce8fc06bd0416865ef495a1718eb04603ce25b9d34d76fb141d09cc148f92fe93036926dc1904e6639971ff92f4424b37a5c4a2945106324f3ee0fd

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\tl.properties

Filesize
1KB

MD5
92983c5b1dc543f6dab27e4559b96466

SHA1
68ec226951877b22ea225283de6b4b7f9f7a3949

SHA256
bb6dc9ee8e6fe79e0d38d543461329776f1b2bc3709dca133b748539f2b04938

SHA512
781f5a20bea52d83d256bc9969c0a8e05320aaa2b05a0f6001b73030859ff4571b94f75a67553b8061229fdc8738ca42f7439218de704e81705f2e93ee8424d0

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\tl.properties.tmp

Filesize
1KB

MD5
b824d9cb3b965f73d2d67e082b7930ff

SHA1
9b0209882f5bdc4845249086e90ebfe7931f778b

SHA256
f9c8be8d5506f137c244cc777d280b7d3e3c15c496215706301c4f9518260cfb

SHA512
8c29efae80e56f5fb605076cb825e438c8a4f9c23555abbec32e243d43f4c813bd1c97001a27db9ac11c738fbb6e3bbeda4e4460a7d6a3af4e4c029a2a1600c8

Download Submit
\Users\Admin\AppData\Local\Temp\is-V18PR.tmp\LegacyLauncher_Installer_legacy.tmp

Filesize
3.4MB

MD5
07b96c2d1823a0a548832c1062799d85

SHA1
65a35826b0e6d93700256fd8a4710cc039bd7b8d

SHA256
c5ba29e4c82fca9adfcd3a6b60b3bf786abe7178928f80cb60eca3564e35b3de

SHA512
abf2ba63976bd6622f3a1cda816c8f2267b59c079d6092ff60e7f52be893a993e3b457a174092c74056628e9694fa9efc8d823d14b4d658a9eb59c622d992f65

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\TL.exe

Filesize
399KB

MD5
96c64d11cf26ebd227ad754b62d480ae

SHA1
cb40090b892c34feb8ceb995a0d0b90ecfe54acf

SHA256
2b11f487e853e952dc677071202cbe25d6800ccaf3f93a3232c5eed715a1c033

SHA512
0be0c2b657ba8814112a9ea075e1ec6c6a0fb965c7308ba24e40b98ec90e9e60afbe09328c0f6c3aa27b54762bf880dfec4aee5f20d24c3b644288e0be311d5f

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b59d773b0848785a76baba82d3f775fa

SHA1
1b8dcd7f0e2ab0ba9ba302aa4e9c4bfa8da74a82

SHA256
0dc1f695befddb8ee52a308801410f2f1d115fc70668131075c2dbcfa0b6f9a0

SHA512
cbd52ed8a7471187d74367aa03bf097d9eac3e0d6dc64baf835744a09da0b050537ea6092dcb8b1e0365427e7f27315be2145c6f853ef936755ad07ef17d4a26

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
4c9bf992ae40c7460a029b1046a7fb5e

SHA1
79e13947af1d603c964cce3b225306cadff4058b

SHA256
18655793b4d489f769327e3c8710aced6b763c7873b6a8dc5ae6f28d228647f4

SHA512
c36d455ac79a73758f6090977c204764a88e929e8eaa7ce27a9c9920451c014e84ae98beb447e8345a8fa186b8c668b076c0ed27047a0e23ad2eeaf2cbc3a8d8

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
9d8e7a90dd0d54b7ccde435b977ee46d

SHA1
15cd12089c63f4147648856b16193cf014e6764f

SHA256
dc570708327c4c8419d4cced2a162d7ca112a168301134dd1fb5e2040eee45b6

SHA512
339fe195602355bce26a2526613a212271e7f8c7518d591b9e3c795c154d93b29b8c524b2c3678c799d0ea0101eabea918564e49def0b915af0619e975f1c34b

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
20KB

MD5
d399c926466f044f183faa723ba59120

SHA1
a9534b4910888d70eefba6fcc3376f2549cb4a05

SHA256
19b018be16afe143fb107ef1dd5b8e6c6cb45966806eb3d31ec09ff0dc2b70d1

SHA512
fc55f4cfe7c6c63e0720971d920c5c6ead4db74a671f7bb8dc830aa87cb54459a62e974456875bdfda449d82a0acb368e3b6c2cc20c32b1b407e8de7cc532057

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-core-synch-l1-2-0.dll

Filesize
20KB

MD5
da5d400ade0d2288b17dcc11ed339e25

SHA1
f4a340079477a2c91e091968fe2d252cb01eeae2

SHA256
69dd52caffe1ea6e0900fb9604a57a87618f8468dc68cbb2a9bcefd1265f3f49

SHA512
3bfa3b4f93a0a68e1c0ac17c74c91c0a01b779961af4811756223fd1f47a86ce1f3ebd7ee4190a2edb84a50b1b444318965cad3a74d1ed4acfa014d0f5bbe34a

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-core-timezone-l1-1-0.dll

Filesize
20KB

MD5
ea5f768b9a1664884ae4ae62cec90678

SHA1
ae08e80431da7f4e8f1e5457c255cc360ef1cac0

SHA256
24f4530debf2161e0d0256f923b836aeccc3278a6ff2c9400e415600276b5a6d

SHA512
411db31e994ebbc69971972e45d6e51186d8f8790e8c67660b6a846e48a5a5c53a113916a5a15d14c33d8c88037d7f252135e699cb526c4bb3b5abd2e2dfee7c

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-convert-l1-1-0.dll

Filesize
24KB

MD5
cf95a8f66313283f046ba9e6e5cdbba4

SHA1
b25c686fcc6729a88a8776cdb75ff21cbceb1c5d

SHA256
2ccb01b62188ddc051a582c128bf880608111c602534e487ec09a7cf67c22d17

SHA512
59f5901e513aceeeb819c73c5b9fe2504e80af28df54db19775d7c0e0481f14c21ce38e6db207672cc10facfdd217638829af2d3f0f85a0a413d10e3a81dae9c

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-environment-l1-1-0.dll

Filesize
20KB

MD5
71407c52ff12b113cc0498fdd42db8dc

SHA1
f0c6a3c1308177b090b2a94fee90156e1df6bb9b

SHA256
5a2ae5b270c1eaf467878e7f5dbdc689b71914bdf30293d7d46c01d9dd11bdd4

SHA512
b9bb29d76a144c10b234835b6006637c84103abeb8f5db19991f3ab2baaabe3ea3fc1a87132263d097addd01afcad08e77c9834dccd4c6723b3ca204f50aac1e

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
bbbf361746440219a3f7933ced5234bb

SHA1
1e3ededaa28e41f51e903c2ca66e7bd048fbaee7

SHA256
42a99227775e85ca8c197811a86aad0e2af496bd21623e4c9a2dd747571c8990

SHA512
f6681875bc02903676cd3ea3303920202c563a1a6e82dd687ed9bd0fafe92c9abba4a6df3e9c93f2bb0da9dccf0abb4543b6a5e5f0c92fa06e809b30b84085aa

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
20KB

MD5
bacc491eb1dee4786ade841e7b480cd8

SHA1
84cb8f770cdf873415403edf48e625514aecad02

SHA256
43c80120970be1efed3ea60bf7aa37b46fcce946b94fb11ca6e3ffff2f16bb29

SHA512
7832912f38cd6ba145af57548c2a1d4da3bed9392a0ab3a0faffe18fab40087e1d74676e2af004627a37f7e079b9146dccf7aaa04e360a88443196fede4ccadc

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
20KB

MD5
fb992bbb73e0127c70d075f81e52aaf9

SHA1
e9d326d436e2e55c521261ad9a5b73d2e998f644

SHA256
6011ece89f4833dcb4cefb02ea366b828725205eae6f25ab704b76fd9e5d86eb

SHA512
f568898a660c3850998b71a854fb5b8ffee59f02ebe7bc8c12ad9bc68f5472a0c812cf0a8ebc096fcc462e941a86a2a46619d4f03030e7ab69a0e4a9e7b1e0b6

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
0936c89e36a8bac313de187e50c61078

SHA1
7f0e64a66301e1926fa9acdc36ad728958ce6d78

SHA256
5ba8f9c2842990ccdb447fc6d22023103b03f5387f341d3375809f060b5bb4ef

SHA512
a72fcadc55d12c97770f1222bb3b605b7d58157f6f55814d900fe0f1b5ff8075f84914c7ac66d4b0e59ef41c01504a35c391bfb182e2e9019d152037ef4ec20f

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
24KB

MD5
01380df01b9e61fc241f82f8fb984c2d

SHA1
18f92390b292af0db8aaa7c7e6f6aa24463f9b84

SHA256
698fa887c5b994375c9271222e21d0d4c74810e73d377ad898927549fb69dcb3

SHA512
743d45fae759d8ff3ef862ffa70584696824b86991f262ddc897f6f469fbb4264cf7da3fe001f33c6305523753d37a7a64874c5010cc7fe63252c53cd96b06f0

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
a3f3ffcde3dd59cc94fb7dba16715671

SHA1
bbf272dab014d4cde1a57831a2daf4fde03b4884

SHA256
c1541ed4dc6879a136bf532393f7cefd3c48ad371d2ed9965e7cbd44c87a1137

SHA512
0e323b44b4ed7959c5f6409e565707e6e402382c950d2a0fc18d18f56ab588a49a260c99ecbda1bdb3778be131fb71b1b1158d852981e2e86d0b989b05496e02

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
535d1195f493f7d92fe9007258494ebc

SHA1
1bf95ec546a6c1a8832d9002b7cd01265a1bbdad

SHA256
4429b8e6707645fb503ebc3bd50ce2a84f559b6a2ed778196835808bdfec2f48

SHA512
cd47f34032fc59a89dd286115db2cc2d1918f6ecc069fa37d2295126876fc5c931d6272892fb22db5eff1f810de818e64e6140617786a4d3fb153fd80c107468

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
ed44b4aac3c881a9bc524d15ae3f3944

SHA1
a87983d6c714aac9242bb60037864139863b1848

SHA256
f3e6f692cec86adb3985b929345c731469777aeaeb088e3ce070957df481f924

SHA512
25513c666f228365ce7e092782a92fb7eb144f6b3293f896b08317c36323006ba10f4133bbfdadd2576053c1d6ac0e28cc3ad5798b92eec34fc8fa36e8d83047

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
20KB

MD5
e79464524fbc2c266da52d0a903d85d3

SHA1
6bad715617992277751a8ddfc180ba291ba75d59

SHA256
6c78d4aba91877c5bb33e545b6a69a818f377e07ff62e791b804fa5b4d2bcf02

SHA512
def71789e238ecd3b2d68dbd204acc62537ad39ce50a5bf09f320fc8cacc1b3f561822784d006ab2145eab5ab7be3f74c1c773fbe814efa040a1dbb3ffa6744e

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\javaw.exe

Filesize
46KB

MD5
d5b6b6976511114000dfaea05c8a9c8a

SHA1
122df7bfbc5b058242e0c18fee9d9bc6489d512c

SHA256
3850d4f443b2a97014a1dcb94db893f0b3396201a8573aa4c4b967ff61528ac6

SHA512
cebaee71e2813670534c18a8363a127c6f8ca759b86262d3e69f6d2ee180ed0fc34bfcde63bf1fd3e91088f09c5950cac22be4cb5d875f2901a7b323ebe2f739

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\jimage.dll

Filesize
30KB

MD5
36eaca4b8c0e14921e79a47f91f3a3b3

SHA1
ffdf367e09a2d365de26527b53bf04758b7bfd76

SHA256
8e8903cc2231f28e682df62ec7623fabfa6a2112bcd14cee6f79e6924239b75f

SHA512
32d20959585aea57554f74baa36ea0dd54d47aa9f055cea39182267d70034d99a2d7aa3e8935dcdb2ea32c6b03c0485132404cd9717593e16f7a0ae5b7bda748

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\jli.dll

Filesize
83KB

MD5
e9c6f790d97a491dc6dba58605d0a48f

SHA1
8d39cf612880ab33b4c247997649e12035783c2f

SHA256
d6eae7c72044fdd83eea7ae2c36dfa163b6093df19e360f980980334b14ff934

SHA512
a47c38871f08d47ac4b0e59f8a01dc9865dc730afceb66337f046a28a0e90c34700cffe00dc85be2294713fb507d3d89ab0142797beb490b6394575cde1b2091

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\msvcp140.dll

Filesize
552KB

MD5
cb75d6437418afe1a7b52acf75730ff1

SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56

SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\server\jvm.dll

Filesize
12.1MB

MD5
be9c05daabf6ee77db5564b5ebcf7f4c

SHA1
96d487233a3f47f3441679470359c1528658b064

SHA256
064a55423c55802d3ae7147c4f33d30d79d9b7f4f339c99fcb30c8759d0f8268

SHA512
e082b3bc5bdb332bf4281e3ff52cfea6e5b176cbf2a466c7826c6ffd386a326ec469ac1aa410bd6696b0d4f7bf36d174363ecea7df21285bca4ce6484722b3d7

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\ucrtbase.dll

Filesize
1.1MB

MD5
b0397bb83c9d579224e464eebf40a090

SHA1
81efdfe57225dfe581aafb930347535f08f2f4ce

SHA256
d2ebd8719455ae4634d00fd0d0eb0c3ad75054fee4ff545346a1524e5d7e3a66

SHA512
e72a4378ed93cfb3da60d69af8103a0dcb9a69a86ee42f004db29771b00a606fbc9cbc37f3daa155d1d5fe85f82c87ca9898a39c7274462fcf5c4420f0581ab3

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\vcruntime140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
\Users\Admin\AppData\Roaming\.tlauncher\legacy\Minecraft\jre\bin\vcruntime140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
memory/924-865-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2072-975-0x0000000017EA0000-0x0000000017EAA000-memory.dmp

Filesize
40KB

Download
memory/2072-1077-0x0000000017EA0000-0x0000000017EA2000-memory.dmp

Filesize
8KB

Download
memory/2072-976-0x0000000017EA0000-0x0000000017EAA000-memory.dmp

Filesize
40KB

Download
memory/2156-1177-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2156-1119-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2156-1118-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2156-1178-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2164-0-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2164-949-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2164-219-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2164-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2680-233-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download
memory/2680-948-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download
memory/2680-222-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download
memory/2680-8-0x0000000000400000-0x0000000000776000-memory.dmp

Filesize
3.5MB

Download
memory/2800-1061-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download