f0dbf35b026acb481bb42d8fc6155d952c521792ebc1bdd52e3152342a317f92

Analysis

max time kernel
665s
max time network
867s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
16/02/2023, 18:43 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PrismLauncher-Windows-MSVC-Setup-6.3.exe
Size

15.5MB
MD5

cdafdb2c5d1671ec3953b32172ccdb80
SHA1

06ca76295dd916a1f12a9f34a088426450a643ce
SHA256

f0dbf35b026acb481bb42d8fc6155d952c521792ebc1bdd52e3152342a317f92
SHA512

4a09c540a3c831453af56613c2a8272a4c15d661f0e3c8343488c2606e7c594783e888ae2d5521a12a0736f6bb922a74751f1f36fd25a24281e59528e10c96fa
SSDEEP

196608:LCiFgS9OWiVxhbStnh3nDohlG3fxkIIdfwbdo0ctmVwKyZCGdYcpH84aPsX0Twfu:LbgYohEhqk3ARw0moC6bNFX/DX+DtGJS

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Control Panel\International\Geo\Nation	prismlauncher.exe

Executes dropped EXE 2 IoCs

pid	Process
3536	prismlauncher.exe
1660	prismlauncher.exe

Loads dropped DLL 30 IoCs

pid	Process
2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe
2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe
2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
3536	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe
1660	prismlauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
4984	TaskKill.exe

Modifies registry class 34 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\shell\open\command	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\shell\open\command	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe -I \"%1\""	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\Capabilities	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack\ = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\DefaultIcon	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe,0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack\OpenWithList	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\shell\open\ = "Minecraft Modpack"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.zip	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.zip\OpenWithProgids	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack\OpenWithList\prismlauncher.exe = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.zip\OpenWithList\prismlauncher.exe = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack\PrismLauncher.App_backup	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\shell\ = "open"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\shell	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\shell\open	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\FriendlyAppName = "Minecraft Modpack"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.zip\OpenWithProgids\PrismLauncher.App = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations\.zip = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\ = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\shell\open	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe -I \"%1\""	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack\OpenWithProgids	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.mrpack\OpenWithProgids\PrismLauncher.App = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\PrismLauncher.App\shell	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\Capabilities\ApplicationDescription = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\.zip\OpenWithList	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations\.mrpack = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-6.3.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3536	prismlauncher.exe
1660	prismlauncher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3536	prismlauncher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4984	TaskKill.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 4984	2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe	66
PID 2568 wrote to memory of 4984	2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe	66
PID 2568 wrote to memory of 4984	2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe	66
PID 2568 wrote to memory of 3536	2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe	71
PID 2568 wrote to memory of 3536	2568	PrismLauncher-Windows-MSVC-Setup-6.3.exe	71
PID 3536 wrote to memory of 4676	3536	prismlauncher.exe	74
PID 3536 wrote to memory of 4676	3536	prismlauncher.exe	74
PID 3536 wrote to memory of 4592	3536	prismlauncher.exe	75
PID 3536 wrote to memory of 4592	3536	prismlauncher.exe	75
PID 3536 wrote to memory of 4460	3536	prismlauncher.exe	76
PID 3536 wrote to memory of 4460	3536	prismlauncher.exe	76
PID 3536 wrote to memory of 4608	3536	prismlauncher.exe	77
PID 3536 wrote to memory of 4608	3536	prismlauncher.exe	77
PID 3536 wrote to memory of 2456	3536	prismlauncher.exe	80
PID 3536 wrote to memory of 2456	3536	prismlauncher.exe	80

C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-6.3.exe
"C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-6.3.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\SysWOW64\TaskKill.exe
  TaskKill /IM prismlauncher.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4984
- C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:4676
- - C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:4592
- - C:\ProgramData\Oracle\Java\javapath\javaw.exe
    javaw -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:4460
- - C:\ProgramData\Oracle\Java\javapath\javaw.exe
    C:\ProgramData\Oracle\Java\javapath\javaw.exe -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:4608
- - C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -Xms512m -Xmx2730m -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:2456

C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
PID:1660

Network

DNS

i18n.prismlauncher.org

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

i18n.prismlauncher.org

IN A

Response

i18n.prismlauncher.org

IN CNAME

placeholdermc.github.io

placeholdermc.github.io

IN A

185.199.108.153

placeholdermc.github.io

IN A

185.199.109.153

placeholdermc.github.io

IN A

185.199.110.153

placeholdermc.github.io

IN A

185.199.111.153
GET

https://i18n.prismlauncher.org/index_v2.json

prismlauncher.exe

Remote address:

185.199.108.153:443

Request

GET /index_v2.json HTTP/2.0
host: i18n.prismlauncher.org
user-agent: PrismLauncher/6.3
accept-encoding: gzip, deflate
accept-language: es-ES,en,*

Response

HTTP/2.0 200

server: GitHub.com
content-type: application/json; charset=utf-8
last-modified: Wed, 15 Feb 2023 06:04:37 GMT
access-control-allow-origin: *
etag: W/"63ec75f5-498c"
expires: Wed, 15 Feb 2023 06:16:56 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: HIT
x-github-request-id: 70E6:CCAE:92780F:98C835:63EC7755
accept-ranges: bytes
date: Thu, 16 Feb 2023 18:44:50 GMT
via: 1.1 varnish
age: 209
x-served-by: cache-ams21038-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1676573090.231966,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: dfb033a382bdb817e21fcfaa0e1045f3a9aea509
content-length: 3457
GET

https://i18n.prismlauncher.org/6d866c6c458698bfd444788446b19293de50b712.class

prismlauncher.exe

Remote address:

185.199.108.153:443

Request

GET /6d866c6c458698bfd444788446b19293de50b712.class HTTP/2.0
host: i18n.prismlauncher.org
user-agent: PrismLauncher/6.3
accept-encoding: gzip, deflate
accept-language: es-ES,en,*

Response

HTTP/2.0 200

server: GitHub.com
content-type: application/java-vm
last-modified: Wed, 15 Feb 2023 06:04:37 GMT
access-control-allow-origin: *
etag: "63ec75f5-37444"
expires: Thu, 16 Feb 2023 18:54:51 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: E826:FDC3:3365BD:34DC64:63EE79A3
accept-ranges: bytes
date: Thu, 16 Feb 2023 18:44:51 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-ams21038-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1676573091.174574,VS0,VE114
vary: Accept-Encoding
x-fastly-request-id: 43ea0b1ca629e48a7cf7736b9ba3ec490de32fd3
content-length: 226372
GET

https://i18n.prismlauncher.org/6d866c6c458698bfd444788446b19293de50b712.class

prismlauncher.exe

Remote address:

185.199.108.153:443

Request

GET /6d866c6c458698bfd444788446b19293de50b712.class HTTP/2.0
host: i18n.prismlauncher.org
if-modified-since: Wed, 15 Feb 2023 06:04:37 GMT
if-none-match: "63ec75f5-37444"
user-agent: PrismLauncher/6.3
accept-encoding: gzip, deflate
accept-language: es-ES,en,*

Response

HTTP/2.0 304

date: Thu, 16 Feb 2023 18:44:51 GMT
via: 1.1 varnish
cache-control: max-age=600
etag: "63ec75f5-37444"
expires: Thu, 16 Feb 2023 18:54:51 GMT
age: 0
x-served-by: cache-ams21038-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1676573092.596806,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 98387bd9228ced42d37c13f7d5e7fcdbff9f06ad
GET

https://i18n.prismlauncher.org/28e0cecec23f7bd9eb5ace4d8d11ec0ad94e811e.class

prismlauncher.exe

Remote address:

185.199.108.153:443

Request

GET /28e0cecec23f7bd9eb5ace4d8d11ec0ad94e811e.class HTTP/2.0
host: i18n.prismlauncher.org
user-agent: PrismLauncher/6.3
accept-encoding: gzip, deflate
accept-language: es-ES,en,*

Response

HTTP/2.0 200

server: GitHub.com
content-type: application/java-vm
last-modified: Wed, 15 Feb 2023 06:04:37 GMT
access-control-allow-origin: *
etag: "63ec75f5-9aa6"
expires: Thu, 16 Feb 2023 18:55:12 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 8054:BB53:35B517:372CE2:63EE79B8
accept-ranges: bytes
date: Thu, 16 Feb 2023 18:45:12 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-ams21038-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1676573112.159137,VS0,VE109
vary: Accept-Encoding
x-fastly-request-id: 27c02062ea2377f4f576bc932355812946b907db
content-length: 39590
GET

https://i18n.prismlauncher.org/7d8fda78f953c6fc474dd2345b533793cfff9209.class

prismlauncher.exe

Remote address:

185.199.108.153:443

Request

GET /7d8fda78f953c6fc474dd2345b533793cfff9209.class HTTP/2.0
host: i18n.prismlauncher.org
user-agent: PrismLauncher/6.3
accept-encoding: gzip, deflate
accept-language: es-ES,en,*

Response

HTTP/2.0 200

server: GitHub.com
content-type: application/java-vm
last-modified: Wed, 15 Feb 2023 06:04:37 GMT
access-control-allow-origin: *
etag: "63ec75f5-24d8e"
expires: Thu, 16 Feb 2023 18:55:13 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 22CA:7842:32F9B2:346F2E:63EE79B9
accept-ranges: bytes
date: Thu, 16 Feb 2023 18:45:13 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-ams21038-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1676573113.054214,VS0,VE100
vary: Accept-Encoding
x-fastly-request-id: 032acf47cab40882795c622e5a96f825903b2630
content-length: 150926
DNS

prismlauncher.org

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

prismlauncher.org

IN A

Response

prismlauncher.org

IN A

52.74.166.77

prismlauncher.org

IN A

34.124.149.177
DNS

meta.prismlauncher.org

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

meta.prismlauncher.org

IN A

Response

meta.prismlauncher.org

IN CNAME

placeholdermc.github.io

placeholdermc.github.io

IN A

185.199.108.153

placeholdermc.github.io

IN A

185.199.109.153

placeholdermc.github.io

IN A

185.199.110.153

placeholdermc.github.io

IN A

185.199.111.153
GET

https://meta.prismlauncher.org/v1/net.minecraft/index.json

prismlauncher.exe

Remote address:

185.199.108.153:443

Request

GET /v1/net.minecraft/index.json HTTP/2.0
host: meta.prismlauncher.org
user-agent: PrismLauncher/6.3
accept-encoding: gzip, deflate
accept-language: es-ES,en,*

Response

HTTP/2.0 200

server: GitHub.com
content-type: application/json; charset=utf-8
x-origin-cache: HIT
last-modified: Wed, 15 Feb 2023 17:01:52 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"63ed1000-511cd"
expires: Wed, 15 Feb 2023 17:17:14 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: HIT
x-github-request-id: 1204:3608:DC2B4D:E4C80F:63ED1190
accept-ranges: bytes
date: Thu, 16 Feb 2023 18:46:58 GMT
via: 1.1 varnish
age: 539
x-served-by: cache-ams21060-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1676573218.070133,VS0,VE2
vary: Accept-Encoding
x-fastly-request-id: 19c6ca918ab4757608b8420bb36b77cd5aae7db9
content-length: 41658
DNS

download.nodecdn.net

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

download.nodecdn.net

IN A

Response

download.nodecdn.net

IN A

104.22.69.118

download.nodecdn.net

IN A

104.22.68.118

download.nodecdn.net

IN A

172.67.11.201
DNS

x2.c.lencr.org

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.52.55.67
GET

http://x2.c.lencr.org/

prismlauncher.exe

Remote address:

23.52.55.67:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Mon, 13 Jun 2022 17:00:00 GMT
ETag: "62a76d10-12c"
Cache-Control: max-age=3600
Expires: Thu, 16 Feb 2023 19:47:00 GMT
Date: Thu, 16 Feb 2023 18:47:00 GMT
Content-Length: 300
Connection: keep-alive
DNS

e1.o.lencr.org

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

e1.o.lencr.org

IN A

Response

e1.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

88.221.25.176

a1887.dscq.akamai.net

IN A

84.53.175.9
GET

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNQecPgflB4rAvd%2FKeuk%2FA%2Bhw%3D%3D

prismlauncher.exe

Remote address:

88.221.25.176:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNQecPgflB4rAvd%2FKeuk%2FA%2Bhw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "38F852E9784C2BFFF4518048CAE904E7D20C55D9D3A4088C9BB04A5CA2D8C903"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6408
Expires: Thu, 16 Feb 2023 20:33:48 GMT
Date: Thu, 16 Feb 2023 18:47:00 GMT
Connection: keep-alive
DNS

api.curseforge.com

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

api.curseforge.com

IN A

Response

api.curseforge.com

IN CNAME

d2tbmgre3xsgj3.cloudfront.net

d2tbmgre3xsgj3.cloudfront.net

IN A

18.65.39.120

d2tbmgre3xsgj3.cloudfront.net

IN A

18.65.39.68

d2tbmgre3xsgj3.cloudfront.net

IN A

18.65.39.55

d2tbmgre3xsgj3.cloudfront.net

IN A

18.65.39.104
DNS

media.forgecdn.net

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

media.forgecdn.net

IN A

Response

media.forgecdn.net

IN A

108.156.60.95

media.forgecdn.net

IN A

108.156.60.66

media.forgecdn.net

IN A

108.156.60.26

media.forgecdn.net

IN A

108.156.60.10
DNS

edge.forgecdn.net

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

edge.forgecdn.net

IN A

Response

edge.forgecdn.net

IN A

52.7.197.204

edge.forgecdn.net

IN A

34.198.224.174

edge.forgecdn.net

IN A

34.234.105.70
DNS

mediafilez.forgecdn.net

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

mediafilez.forgecdn.net

IN A

Response

mediafilez.forgecdn.net

IN A

99.86.159.23

mediafilez.forgecdn.net

IN A

99.86.159.25

mediafilez.forgecdn.net

IN A

99.86.159.47

mediafilez.forgecdn.net

IN A

99.86.159.119
DNS

api.modrinth.com

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

api.modrinth.com

IN A

Response

api.modrinth.com

IN A

104.18.22.35

api.modrinth.com

IN A

104.18.23.35
DNS

edge.forgecdn.net

prismlauncher.exe

Remote address:

8.8.8.8:53

Request

edge.forgecdn.net

IN A

Response

edge.forgecdn.net

IN A

34.234.105.70

edge.forgecdn.net

IN A

34.198.224.174

edge.forgecdn.net

IN A

52.7.197.204

104.208.16.88:443

322 B
7
185.199.108.153:443

https://i18n.prismlauncher.org/7d8fda78f953c6fc474dd2345b533793cfff9209.class

tls, http2

prismlauncher.exe

9.0kB
442.0kB
179
338

HTTP Request

GET https://i18n.prismlauncher.org/index_v2.json

HTTP Response

200

HTTP Request

GET https://i18n.prismlauncher.org/6d866c6c458698bfd444788446b19293de50b712.class

HTTP Response

200

HTTP Request

GET https://i18n.prismlauncher.org/6d866c6c458698bfd444788446b19293de50b712.class

HTTP Response

304

HTTP Request

GET https://i18n.prismlauncher.org/28e0cecec23f7bd9eb5ace4d8d11ec0ad94e811e.class

HTTP Response

200

HTTP Request

GET https://i18n.prismlauncher.org/7d8fda78f953c6fc474dd2345b533793cfff9209.class

HTTP Response

200
52.74.166.77:443

prismlauncher.org

tls, https

prismlauncher.exe

1.5kB
25.3kB
23
33
185.199.108.153:443

https://meta.prismlauncher.org/v1/net.minecraft/index.json

tls, http2

prismlauncher.exe

2.4kB
50.1kB
42
45

HTTP Request

GET https://meta.prismlauncher.org/v1/net.minecraft/index.json

HTTP Response

200
104.22.69.118:443

download.nodecdn.net

tls, https

prismlauncher.exe

155.9kB
8.2MB
3105
5860
23.52.55.67:80

http://x2.c.lencr.org/

http

prismlauncher.exe

391 B
761 B
6
4

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
88.221.25.176:80

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNQecPgflB4rAvd%2FKeuk%2FA%2Bhw%3D%3D

http

prismlauncher.exe

571 B
954 B
7
5

HTTP Request

GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNQecPgflB4rAvd%2FKeuk%2FA%2Bhw%3D%3D

HTTP Response

200
18.65.39.120:443

api.curseforge.com

tls, https

prismlauncher.exe

8.6kB
147.7kB
78
131
108.156.60.95:443

media.forgecdn.net

tls, https

prismlauncher.exe

61.0kB
3.3MB
1257
2357
52.7.197.204:443

edge.forgecdn.net

tls, https

prismlauncher.exe

1.1kB
6.8kB
13
16
99.86.159.23:443

mediafilez.forgecdn.net

tls, https

prismlauncher.exe

7.6MB
333.7MB
143016
238727
104.18.22.35:443

api.modrinth.com

tls, https

prismlauncher.exe

1.5kB
5.1kB
18
22
34.234.105.70:443

edge.forgecdn.net

tls, https

prismlauncher.exe

35.6kB
49.3kB
278
307

8.8.8.8:53

i18n.prismlauncher.org

dns

prismlauncher.exe

68 B
169 B
1
1

DNS Request

i18n.prismlauncher.org

DNS Response

185.199.108.153

185.199.109.153

185.199.110.153

185.199.111.153
8.8.8.8:53

prismlauncher.org

dns

prismlauncher.exe

63 B
95 B
1
1

DNS Request

prismlauncher.org

DNS Response

52.74.166.77

34.124.149.177
8.8.8.8:53

meta.prismlauncher.org

dns

prismlauncher.exe

68 B
169 B
1
1

DNS Request

meta.prismlauncher.org

DNS Response

185.199.108.153

185.199.109.153

185.199.110.153

185.199.111.153
8.8.8.8:53

download.nodecdn.net

dns

prismlauncher.exe

66 B
114 B
1
1

DNS Request

download.nodecdn.net

DNS Response

104.22.69.118

104.22.68.118

172.67.11.201
8.8.8.8:53

x2.c.lencr.org

dns

prismlauncher.exe

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

23.52.55.67
8.8.8.8:53

e1.o.lencr.org

dns

prismlauncher.exe

60 B
159 B
1
1

DNS Request

e1.o.lencr.org

DNS Response

88.221.25.176

84.53.175.9
8.8.8.8:53

api.curseforge.com

dns

prismlauncher.exe

64 B
171 B
1
1

DNS Request

api.curseforge.com

DNS Response

18.65.39.120

18.65.39.68

18.65.39.55

18.65.39.104
8.8.8.8:53

media.forgecdn.net

dns

prismlauncher.exe

64 B
128 B
1
1

DNS Request

media.forgecdn.net

DNS Response

108.156.60.95

108.156.60.66

108.156.60.26

108.156.60.10
8.8.8.8:53

edge.forgecdn.net

dns

prismlauncher.exe

63 B
111 B
1
1

DNS Request

edge.forgecdn.net

DNS Response

52.7.197.204

34.198.224.174

34.234.105.70
8.8.8.8:53

mediafilez.forgecdn.net

dns

prismlauncher.exe

69 B
133 B
1
1

DNS Request

mediafilez.forgecdn.net

DNS Response

99.86.159.23

99.86.159.25

99.86.159.47

99.86.159.119
8.8.8.8:53

api.modrinth.com

dns

prismlauncher.exe

62 B
94 B
1
1

DNS Request

api.modrinth.com

DNS Response

104.18.22.35

104.18.23.35
8.8.8.8:53

edge.forgecdn.net

dns

prismlauncher.exe

63 B
111 B
1
1

DNS Request

edge.forgecdn.net

DNS Response

34.234.105.70

34.198.224.174

52.7.197.204

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
9d11ff36976eea8e3bf4559bcf43428c

SHA1
0d0620533c62c88a38bea9d771d4e511176af940

SHA256
02d95936b2a3f6c5cd50c16775f5be0ebe282f1eab20dc7a465755306fe4c531

SHA512
ea56409071dea0d6789368d8a0fc91fccfbcb4f750695bef2e25004eec6031699f2ce1a05d6ff5eb6a2e279c35f61d1e3e400a041ab926a5f0ad76c857d01ee8

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
5.4MB

MD5
f153f00ed37064b392bb36dff59e67d8

SHA1
a6ca85c8fdfad202d2148cd046d56020b780820f

SHA256
eaf9f64363f25524deda5e12bb0b5efcdc2477611c8b936507486bfb4627f373

SHA512
a7d09e1790e9d9a0971d6056be7efa8c574107fd5bde7e08732138605c0c8aa15c8cf68b67a3320a9fbfe5e5965d22b2858e36d8aeef0a9a2efb4dfe1f5981fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
816KB

MD5
845d73d30e593fa45ff7756eed99ada7

SHA1
d5b42c11f2140c86c5b6ea31cfa2f07b1ccedaec

SHA256
7863b24f046efa36fea0923eb32070c80c93dc89802b7ed8b472f1b8f8fd9fca

SHA512
2a0a5e0c7aec919bf026008b959b2c1d1924b3da385d12fd8bbc4e7923697284124544aab3c188e4296d9e8bf0946fc8fcfc91aaa3cb4c1c42231842864315ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
7.3MB

MD5
d9d28c74bf6331296ba2dfcf2b9c95f6

SHA1
9f966b77751e2681916f165f348e1b598c71bd8e

SHA256
97e9cbc396e54fcba316c3b8f0383ec526159ae70bb63f7ebdd9ffc0f511c143

SHA512
554dba9b59d5ea6043a4cce9fe74b87f7cbd0dc341b6df78f2f5e3778e6a35f05cb03a9ff84d91753e4685936b74bcac550c4fc87f9fc671b73507d47b924592

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.3MB

MD5
86103cc463c0f96c296cd81fb35574a7

SHA1
4af5098476fda9f866309d1a75256d3a0d589a51

SHA256
c203bc6a09ba5e9b6c272109f61a1a04d8531796a33e59015cc08bf2c07880fe

SHA512
e3d3db3b896c100844ea1de50313b1244f1cf16e00196cf571a22245c6eeed3adcdf226dee0a4eeb122c0a7ce4d9c1259bab742fcede328933513563c8631adb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
350KB

MD5
e98e4d70d5bd9f743d71018177c8f347

SHA1
79969a1673a3baf7d218b56b095d64cea9ebc80b

SHA256
1decbd3d2cb252e4fb23ec966b7bd5fdc63cc0b1c51f4537afc480fe4e0bb2c2

SHA512
5c476f4c436e91b62e519d31d4f1a42c337da43233a610e6a86b5c8ff8814f949f8b5e5eafdc569f82eb4f96dd9f89adb15a4288d92127a059ba6008b544db80

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
5.8MB

MD5
fdc4fc0eaa7a6cfc8712a1c65f7592ad

SHA1
f43f709d373a70f3b3a895d08114f0dcdab79db0

SHA256
31336c26f42b274187dc473da01e4e1c1f0f2a6250313eb4822656d94b420264

SHA512
25cc93a6eac7a73fdeaa61ee874fd5f1998a8574255ecb57bbef8d72743eee47862468d714117f62493431e49720951c2fc00988f6a9888687f8425d73599094

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
133KB

MD5
5fceb2eaac6f25a75108a7a9ce8b57b6

SHA1
a31fec965e023b73764e2fce92ad9093ed6f7d65

SHA256
2d623a1fb8901ecc24107be17636c76f41607192b411b4e57bcdbae6ca515a1a

SHA512
49bc1c81a8e634c51d4303c6d28bab774391e74ce96af51e7a14b06767ff0d40594cdd7f72e01c1025b80dba1b28597fef53c6d80fea2c434ef636db2a57d161

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
63KB

MD5
dcb4d3f7d20a7ac5d1abe2bbf642409f

SHA1
4affe079dba43d280a04c9c522a5cfab75e52a15

SHA256
c80ad0e9a105fd610aedcd2d6f8edeb249e2874c683cf0c97a47e3cc24762b91

SHA512
ac3853a81bac87cea8fbdaf78667f8a5597727f7d6b1c9735eaa0cb414acfdb5f8c8bb7f31095838463a32ad06b2dfe965f3679ae0dd879f96429fbaebf333ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qgif.dll

Filesize
47KB

MD5
46fe09d3af8e91736cca00353110f36b

SHA1
cdccbd1345ea475da4180fecc40c0e361ad087a2

SHA256
3b2016888f46a462d28151f55aa33b257c4d03db743643d6be88ef89f3c60e7a

SHA512
11f9c6f73df9c28d08b3779b0cc73cc5c674bb963538b5e2274ad4a5a0db71455e2e6780985a69ded8ecc749d4eab4fa3bc4628330bc5d28ee101f5b8f388510

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dll

Filesize
54KB

MD5
33faa872193f8d99c4c65b2f051a9abe

SHA1
2f50e5c72af81f7d20a7f08d39b2cd48b37868e7

SHA256
cd860f2e942cec27384218de5b1f870a9b87230fecadf3e2308e9b859a42618f

SHA512
28cf2cd22adb25fe253a345fdb9e01fc1e509d0e7747ae6bfb47d1e79eb093edb54859b9c5d9155472d34e3202c20ba72517ca5aeb7cd72e88007a3c275b4334

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qico.dll

Filesize
46KB

MD5
cbc9f4b95ca22ee0b2efd80faaf6da98

SHA1
2559fba7b428e7d50683d0b3bf8d1227c71c7bb5

SHA256
2e31f42740cd488d216bfb03b40e891726cefff294d18a27c0519174bb8abee1

SHA512
c5a0a0456837059c0fc6f4a0b32616c8ada05fca8c0069d72b9a144347b46c04aa64467f129efe53ce5108d2644f02772afae5b25958a5cb5653e6dd039c5599

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll

Filesize
445KB

MD5
1435a55a3217c023a3d13e00474305b8

SHA1
a4637c1c094c8d54f0b6b7bf1a9a191c0a3130f3

SHA256
3c76e4e125beb9786e50fd2f287d14a916ff4b725b7c0ba1792b70d8b73f98bb

SHA512
b81b4c1bae5867a23412708da354998e8475f8e061354126ee2487151342d8d800d9d6cdc3033d84a6b5ca7d804f1db62e26de2da7e21a6f00ce5f13787e8591

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qsvg.dll

Filesize
40KB

MD5
85a90e8d1d751365db1d0cd06719ca65

SHA1
193dc21f95416f8c9827f6c419cd1841995b684d

SHA256
e7278e6f32f38be291416ac94812d6062d95ab1edddc4f2f8ef0d3d717d77b37

SHA512
ab9b8c893790d13fc4fcf5747b966c7d8e501a83cfb3499829f5ae82babc41b429cd794ab5998db0d23f7d41c2da84b8acc00e7942dfe1f55ab562ade7bdf3c9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwbmp.dll

Filesize
36KB

MD5
031b2537474c8a406ec91464057a7a70

SHA1
89650b7077fcd16b50061eba52f57f20d09fcc37

SHA256
f88f16332532b26ec3dd73ff348bee36e3719a0cee7b9048c6101edba6f02a2d

SHA512
fa493cf1e0e61c6163c6c4df278acebee9b9d28fbc0348c12c7149482a81ac2008a1b7e3e3aec44f74898c91f21fa7bfe748ddca161396e39cb0b57a1ead636a

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll

Filesize
518KB

MD5
99d0009d3581b7e491f686b1e2a86b8c

SHA1
84d6d78fe1bcdcb2588f8f012133eedc784b5654

SHA256
5c0c9b0f63a52fd9830c35ad0ea7b8eadd98706a2e773717a2c0273cdba9be9b

SHA512
3bdba00b4acaf4b2fdc36d0d977f6422ee8880ff1517e30000750171eb73ac696c5e74a7b48169f4bbfbda5dc2693502307010be49cc6fb5f903fc811952851c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\jars\JavaCheck.jar

Filesize
1KB

MD5
ebca95af1795431d077af0eefe59a7fe

SHA1
d108b038abd93342c4a4ff656e7cb9b66ac26b53

SHA256
3030eb718cb2d7edc68d426d46f21e1af2a2cdd5443de5dfc5020650b52e7601

SHA512
82db76377acecec4b1b012f1ba83fe234bbc33f2d6b8c9ad97c9631a3df989d64fa0cb111e8db59af5114d620921e4ece38303091c72cc6bdf0226f935822319

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qdirect2d.dll

Filesize
883KB

MD5
2dc372bec7d15f0e0e6e45930865a7c0

SHA1
cf70323914d0f246c3953855dbe2e8a5ff51e4fc

SHA256
1fbfa3632fd292ccb3ab72566d934dfafc3d99308115c60ff7441aa5e905cd84

SHA512
d313178dc461f401ad849f2ee5c2b103e81d62742105df89170bf3ec8da100da704515bd668c93617083880a0915e1b2a0e76ed8aff6a6516be705e18932406e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
811KB

MD5
c375f728acfcce8456b3bda4c5837976

SHA1
7de1c3476c043a58c41428b7f838cc6ab2017857

SHA256
a3bd204581461478282555b3c46b13c8d6779469a1b209b45765dbc7947a564a

SHA512
b739588b0adbf1e3f107709953bf68660fe7f33c9fc8d7fbf5d738483e5eca3076de92574789e21e858bd70a3f1bd1c108ca754fed08046185949a85ef38cb2a

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
7.7MB

MD5
6eee4fe0679ff858adfd4de9b3bb1892

SHA1
c536cfb7d4025cc4971389e9bddc3bfb06920ab4

SHA256
071d3b45a03c20867cc2bf1f8d4576cd8bfb76655531a09a296229d8b32a285b

SHA512
2a24a94a5ca4b93d964de894847a270af094fe7ff6d28d3ee7b3d947fd956706a8a69057f5d0af743024d8eb14f0e04ef8e3116128ccace5a09bcb99867fe32e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
7.7MB

MD5
6eee4fe0679ff858adfd4de9b3bb1892

SHA1
c536cfb7d4025cc4971389e9bddc3bfb06920ab4

SHA256
071d3b45a03c20867cc2bf1f8d4576cd8bfb76655531a09a296229d8b32a285b

SHA512
2a24a94a5ca4b93d964de894847a270af094fe7ff6d28d3ee7b3d947fd956706a8a69057f5d0af743024d8eb14f0e04ef8e3116128ccace5a09bcb99867fe32e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
7.7MB

MD5
6eee4fe0679ff858adfd4de9b3bb1892

SHA1
c536cfb7d4025cc4971389e9bddc3bfb06920ab4

SHA256
071d3b45a03c20867cc2bf1f8d4576cd8bfb76655531a09a296229d8b32a285b

SHA512
2a24a94a5ca4b93d964de894847a270af094fe7ff6d28d3ee7b3d947fd956706a8a69057f5d0af743024d8eb14f0e04ef8e3116128ccace5a09bcb99867fe32e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qt.conf

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
150KB

MD5
b1e8f9b4f67602d2af400f97123cd67e

SHA1
fb84d95ac7629dee1ab6a6235aa10f0033d606fc

SHA256
1e826a5e7dc86022a17f72980f9c9eadb0b6fb439cda43e4af5a1d3b208e91eb

SHA512
60cc251e076498396d84ffc9a3e0c742bf241d8be877a090e336f2ee7d8d96aaeda8b7527139ec7e0f523e25ab675269925484a145e8caeb9c6d92ea6f75b4fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
213KB

MD5
4c28ee5e48080b3c3a5ba7f23cd00f60

SHA1
1416663464ddc4e85f993759683fcc6e6c3652f3

SHA256
cd3c48a739d9ffa9e5a4568e023c64c51aecc55777ab41b5a9ef4d6e19b644f9

SHA512
9c2c786f6db9b40d958086f25a579dbe5a0292a19ada6847db6138e43a0f493cb228fc2ee61527deed87197fa3e647e22d65818adda7f8566d64eb27c76d2b2f

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
5.4MB

MD5
f153f00ed37064b392bb36dff59e67d8

SHA1
a6ca85c8fdfad202d2148cd046d56020b780820f

SHA256
eaf9f64363f25524deda5e12bb0b5efcdc2477611c8b936507486bfb4627f373

SHA512
a7d09e1790e9d9a0971d6056be7efa8c574107fd5bde7e08732138605c0c8aa15c8cf68b67a3320a9fbfe5e5965d22b2858e36d8aeef0a9a2efb4dfe1f5981fa

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
5.4MB

MD5
f153f00ed37064b392bb36dff59e67d8

SHA1
a6ca85c8fdfad202d2148cd046d56020b780820f

SHA256
eaf9f64363f25524deda5e12bb0b5efcdc2477611c8b936507486bfb4627f373

SHA512
a7d09e1790e9d9a0971d6056be7efa8c574107fd5bde7e08732138605c0c8aa15c8cf68b67a3320a9fbfe5e5965d22b2858e36d8aeef0a9a2efb4dfe1f5981fa

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
816KB

MD5
845d73d30e593fa45ff7756eed99ada7

SHA1
d5b42c11f2140c86c5b6ea31cfa2f07b1ccedaec

SHA256
7863b24f046efa36fea0923eb32070c80c93dc89802b7ed8b472f1b8f8fd9fca

SHA512
2a0a5e0c7aec919bf026008b959b2c1d1924b3da385d12fd8bbc4e7923697284124544aab3c188e4296d9e8bf0946fc8fcfc91aaa3cb4c1c42231842864315ae

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
816KB

MD5
845d73d30e593fa45ff7756eed99ada7

SHA1
d5b42c11f2140c86c5b6ea31cfa2f07b1ccedaec

SHA256
7863b24f046efa36fea0923eb32070c80c93dc89802b7ed8b472f1b8f8fd9fca

SHA512
2a0a5e0c7aec919bf026008b959b2c1d1924b3da385d12fd8bbc4e7923697284124544aab3c188e4296d9e8bf0946fc8fcfc91aaa3cb4c1c42231842864315ae

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
7.3MB

MD5
d9d28c74bf6331296ba2dfcf2b9c95f6

SHA1
9f966b77751e2681916f165f348e1b598c71bd8e

SHA256
97e9cbc396e54fcba316c3b8f0383ec526159ae70bb63f7ebdd9ffc0f511c143

SHA512
554dba9b59d5ea6043a4cce9fe74b87f7cbd0dc341b6df78f2f5e3778e6a35f05cb03a9ff84d91753e4685936b74bcac550c4fc87f9fc671b73507d47b924592

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
7.3MB

MD5
d9d28c74bf6331296ba2dfcf2b9c95f6

SHA1
9f966b77751e2681916f165f348e1b598c71bd8e

SHA256
97e9cbc396e54fcba316c3b8f0383ec526159ae70bb63f7ebdd9ffc0f511c143

SHA512
554dba9b59d5ea6043a4cce9fe74b87f7cbd0dc341b6df78f2f5e3778e6a35f05cb03a9ff84d91753e4685936b74bcac550c4fc87f9fc671b73507d47b924592

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
7.3MB

MD5
d9d28c74bf6331296ba2dfcf2b9c95f6

SHA1
9f966b77751e2681916f165f348e1b598c71bd8e

SHA256
97e9cbc396e54fcba316c3b8f0383ec526159ae70bb63f7ebdd9ffc0f511c143

SHA512
554dba9b59d5ea6043a4cce9fe74b87f7cbd0dc341b6df78f2f5e3778e6a35f05cb03a9ff84d91753e4685936b74bcac550c4fc87f9fc671b73507d47b924592

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.3MB

MD5
86103cc463c0f96c296cd81fb35574a7

SHA1
4af5098476fda9f866309d1a75256d3a0d589a51

SHA256
c203bc6a09ba5e9b6c272109f61a1a04d8531796a33e59015cc08bf2c07880fe

SHA512
e3d3db3b896c100844ea1de50313b1244f1cf16e00196cf571a22245c6eeed3adcdf226dee0a4eeb122c0a7ce4d9c1259bab742fcede328933513563c8631adb

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.3MB

MD5
86103cc463c0f96c296cd81fb35574a7

SHA1
4af5098476fda9f866309d1a75256d3a0d589a51

SHA256
c203bc6a09ba5e9b6c272109f61a1a04d8531796a33e59015cc08bf2c07880fe

SHA512
e3d3db3b896c100844ea1de50313b1244f1cf16e00196cf571a22245c6eeed3adcdf226dee0a4eeb122c0a7ce4d9c1259bab742fcede328933513563c8631adb

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
350KB

MD5
e98e4d70d5bd9f743d71018177c8f347

SHA1
79969a1673a3baf7d218b56b095d64cea9ebc80b

SHA256
1decbd3d2cb252e4fb23ec966b7bd5fdc63cc0b1c51f4537afc480fe4e0bb2c2

SHA512
5c476f4c436e91b62e519d31d4f1a42c337da43233a610e6a86b5c8ff8814f949f8b5e5eafdc569f82eb4f96dd9f89adb15a4288d92127a059ba6008b544db80

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
5.8MB

MD5
fdc4fc0eaa7a6cfc8712a1c65f7592ad

SHA1
f43f709d373a70f3b3a895d08114f0dcdab79db0

SHA256
31336c26f42b274187dc473da01e4e1c1f0f2a6250313eb4822656d94b420264

SHA512
25cc93a6eac7a73fdeaa61ee874fd5f1998a8574255ecb57bbef8d72743eee47862468d714117f62493431e49720951c2fc00988f6a9888687f8425d73599094

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
5.8MB

MD5
fdc4fc0eaa7a6cfc8712a1c65f7592ad

SHA1
f43f709d373a70f3b3a895d08114f0dcdab79db0

SHA256
31336c26f42b274187dc473da01e4e1c1f0f2a6250313eb4822656d94b420264

SHA512
25cc93a6eac7a73fdeaa61ee874fd5f1998a8574255ecb57bbef8d72743eee47862468d714117f62493431e49720951c2fc00988f6a9888687f8425d73599094

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
133KB

MD5
5fceb2eaac6f25a75108a7a9ce8b57b6

SHA1
a31fec965e023b73764e2fce92ad9093ed6f7d65

SHA256
2d623a1fb8901ecc24107be17636c76f41607192b411b4e57bcdbae6ca515a1a

SHA512
49bc1c81a8e634c51d4303c6d28bab774391e74ce96af51e7a14b06767ff0d40594cdd7f72e01c1025b80dba1b28597fef53c6d80fea2c434ef636db2a57d161

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
133KB

MD5
5fceb2eaac6f25a75108a7a9ce8b57b6

SHA1
a31fec965e023b73764e2fce92ad9093ed6f7d65

SHA256
2d623a1fb8901ecc24107be17636c76f41607192b411b4e57bcdbae6ca515a1a

SHA512
49bc1c81a8e634c51d4303c6d28bab774391e74ce96af51e7a14b06767ff0d40594cdd7f72e01c1025b80dba1b28597fef53c6d80fea2c434ef636db2a57d161

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
63KB

MD5
dcb4d3f7d20a7ac5d1abe2bbf642409f

SHA1
4affe079dba43d280a04c9c522a5cfab75e52a15

SHA256
c80ad0e9a105fd610aedcd2d6f8edeb249e2874c683cf0c97a47e3cc24762b91

SHA512
ac3853a81bac87cea8fbdaf78667f8a5597727f7d6b1c9735eaa0cb414acfdb5f8c8bb7f31095838463a32ad06b2dfe965f3679ae0dd879f96429fbaebf333ee

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qgif.dll

Filesize
47KB

MD5
46fe09d3af8e91736cca00353110f36b

SHA1
cdccbd1345ea475da4180fecc40c0e361ad087a2

SHA256
3b2016888f46a462d28151f55aa33b257c4d03db743643d6be88ef89f3c60e7a

SHA512
11f9c6f73df9c28d08b3779b0cc73cc5c674bb963538b5e2274ad4a5a0db71455e2e6780985a69ded8ecc749d4eab4fa3bc4628330bc5d28ee101f5b8f388510

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dll

Filesize
54KB

MD5
33faa872193f8d99c4c65b2f051a9abe

SHA1
2f50e5c72af81f7d20a7f08d39b2cd48b37868e7

SHA256
cd860f2e942cec27384218de5b1f870a9b87230fecadf3e2308e9b859a42618f

SHA512
28cf2cd22adb25fe253a345fdb9e01fc1e509d0e7747ae6bfb47d1e79eb093edb54859b9c5d9155472d34e3202c20ba72517ca5aeb7cd72e88007a3c275b4334

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qico.dll

Filesize
46KB

MD5
cbc9f4b95ca22ee0b2efd80faaf6da98

SHA1
2559fba7b428e7d50683d0b3bf8d1227c71c7bb5

SHA256
2e31f42740cd488d216bfb03b40e891726cefff294d18a27c0519174bb8abee1

SHA512
c5a0a0456837059c0fc6f4a0b32616c8ada05fca8c0069d72b9a144347b46c04aa64467f129efe53ce5108d2644f02772afae5b25958a5cb5653e6dd039c5599

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll

Filesize
445KB

MD5
1435a55a3217c023a3d13e00474305b8

SHA1
a4637c1c094c8d54f0b6b7bf1a9a191c0a3130f3

SHA256
3c76e4e125beb9786e50fd2f287d14a916ff4b725b7c0ba1792b70d8b73f98bb

SHA512
b81b4c1bae5867a23412708da354998e8475f8e061354126ee2487151342d8d800d9d6cdc3033d84a6b5ca7d804f1db62e26de2da7e21a6f00ce5f13787e8591

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qsvg.dll

Filesize
40KB

MD5
85a90e8d1d751365db1d0cd06719ca65

SHA1
193dc21f95416f8c9827f6c419cd1841995b684d

SHA256
e7278e6f32f38be291416ac94812d6062d95ab1edddc4f2f8ef0d3d717d77b37

SHA512
ab9b8c893790d13fc4fcf5747b966c7d8e501a83cfb3499829f5ae82babc41b429cd794ab5998db0d23f7d41c2da84b8acc00e7942dfe1f55ab562ade7bdf3c9

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwbmp.dll

Filesize
36KB

MD5
031b2537474c8a406ec91464057a7a70

SHA1
89650b7077fcd16b50061eba52f57f20d09fcc37

SHA256
f88f16332532b26ec3dd73ff348bee36e3719a0cee7b9048c6101edba6f02a2d

SHA512
fa493cf1e0e61c6163c6c4df278acebee9b9d28fbc0348c12c7149482a81ac2008a1b7e3e3aec44f74898c91f21fa7bfe748ddca161396e39cb0b57a1ead636a

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll

Filesize
518KB

MD5
99d0009d3581b7e491f686b1e2a86b8c

SHA1
84d6d78fe1bcdcb2588f8f012133eedc784b5654

SHA256
5c0c9b0f63a52fd9830c35ad0ea7b8eadd98706a2e773717a2c0273cdba9be9b

SHA512
3bdba00b4acaf4b2fdc36d0d977f6422ee8880ff1517e30000750171eb73ac696c5e74a7b48169f4bbfbda5dc2693502307010be49cc6fb5f903fc811952851c

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
811KB

MD5
c375f728acfcce8456b3bda4c5837976

SHA1
7de1c3476c043a58c41428b7f838cc6ab2017857

SHA256
a3bd204581461478282555b3c46b13c8d6779469a1b209b45765dbc7947a564a

SHA512
b739588b0adbf1e3f107709953bf68660fe7f33c9fc8d7fbf5d738483e5eca3076de92574789e21e858bd70a3f1bd1c108ca754fed08046185949a85ef38cb2a

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
811KB

MD5
c375f728acfcce8456b3bda4c5837976

SHA1
7de1c3476c043a58c41428b7f838cc6ab2017857

SHA256
a3bd204581461478282555b3c46b13c8d6779469a1b209b45765dbc7947a564a

SHA512
b739588b0adbf1e3f107709953bf68660fe7f33c9fc8d7fbf5d738483e5eca3076de92574789e21e858bd70a3f1bd1c108ca754fed08046185949a85ef38cb2a

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
150KB

MD5
b1e8f9b4f67602d2af400f97123cd67e

SHA1
fb84d95ac7629dee1ab6a6235aa10f0033d606fc

SHA256
1e826a5e7dc86022a17f72980f9c9eadb0b6fb439cda43e4af5a1d3b208e91eb

SHA512
60cc251e076498396d84ffc9a3e0c742bf241d8be877a090e336f2ee7d8d96aaeda8b7527139ec7e0f523e25ab675269925484a145e8caeb9c6d92ea6f75b4fb

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
150KB

MD5
b1e8f9b4f67602d2af400f97123cd67e

SHA1
fb84d95ac7629dee1ab6a6235aa10f0033d606fc

SHA256
1e826a5e7dc86022a17f72980f9c9eadb0b6fb439cda43e4af5a1d3b208e91eb

SHA512
60cc251e076498396d84ffc9a3e0c742bf241d8be877a090e336f2ee7d8d96aaeda8b7527139ec7e0f523e25ab675269925484a145e8caeb9c6d92ea6f75b4fb

Download Submit
\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
213KB

MD5
4c28ee5e48080b3c3a5ba7f23cd00f60

SHA1
1416663464ddc4e85f993759683fcc6e6c3652f3

SHA256
cd3c48a739d9ffa9e5a4568e023c64c51aecc55777ab41b5a9ef4d6e19b644f9

SHA512
9c2c786f6db9b40d958086f25a579dbe5a0292a19ada6847db6138e43a0f493cb228fc2ee61527deed87197fa3e647e22d65818adda7f8566d64eb27c76d2b2f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj78CF.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsj78CF.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsj78CF.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
memory/1660-336-0x0000016E1C690000-0x0000016E1C6A0000-memory.dmp

Filesize
64KB

Download
memory/2456-350-0x0000000003170000-0x0000000004170000-memory.dmp

Filesize
16.0MB

Download
memory/2456-347-0x0000000003170000-0x0000000004170000-memory.dmp

Filesize
16.0MB

Download
memory/2568-182-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-136-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-177-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-174-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-179-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-180-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-173-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-116-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-117-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-118-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-171-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-172-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-170-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-169-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-168-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-167-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-166-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-165-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-164-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-163-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-162-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-161-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-160-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-159-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-158-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-157-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-156-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-155-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-154-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-127-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-135-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-139-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-119-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-141-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-143-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-120-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-121-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-145-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-122-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-123-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-125-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-147-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-149-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-152-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-126-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-153-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-151-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-150-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-148-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-146-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-144-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-142-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-140-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-138-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-137-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-176-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-134-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-133-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-132-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-131-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-130-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-128-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-129-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2568-124-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/3536-266-0x000001B096700000-0x000001B09678E000-memory.dmp

Filesize
568KB

Download
memory/3536-263-0x000001B096700000-0x000001B09678E000-memory.dmp

Filesize
568KB

Download
memory/4592-304-0x0000000002B90000-0x0000000003B90000-memory.dmp

Filesize
16.0MB

Download
memory/4592-348-0x0000000002B90000-0x0000000003B90000-memory.dmp

Filesize
16.0MB

Download
memory/4608-339-0x0000000003270000-0x0000000004270000-memory.dmp

Filesize
16.0MB

Download
memory/4608-349-0x0000000003270000-0x0000000004270000-memory.dmp

Filesize
16.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.