f0dbf35b026acb481bb42d8fc6155d952c521792ebc1bdd52e3152342a317f92

Resubmissions

08-06-2023 01:35

230608-bzn1eaad78 7

08-06-2023 01:32

230608-byardsad58 7

Analysis

max time kernel
80s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2023 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PrismLauncher-Windows-MSVC-Setup-6.3.exe
Size

15.5MB
MD5

cdafdb2c5d1671ec3953b32172ccdb80
SHA1

06ca76295dd916a1f12a9f34a088426450a643ce
SHA256

f0dbf35b026acb481bb42d8fc6155d952c521792ebc1bdd52e3152342a317f92
SHA512

4a09c540a3c831453af56613c2a8272a4c15d661f0e3c8343488c2606e7c594783e888ae2d5521a12a0736f6bb922a74751f1f36fd25a24281e59528e10c96fa
SSDEEP

196608:LCiFgS9OWiVxhbStnh3nDohlG3fxkIIdfwbdo0ctmVwKyZCGdYcpH84aPsX0Twfu:LbgYohEhqk3ARw0moC6bNFX/DX+DtGJS

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	prismlauncher.exe

Executes dropped EXE 1 IoCs

pid	Process
3060	prismlauncher.exe

Loads dropped DLL 12 IoCs

pid	Process
4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe
4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe
4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe
3060	prismlauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
4276	TaskKill.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe -I \"%1\""	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.zip	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\DefaultIcon	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe -I \"%1\""	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.zip\OpenWithList\prismlauncher.exe = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.zip\OpenWithProgids	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations\.zip = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\shell\open	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\FriendlyAppName = "Minecraft Modpack"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\Capabilities\ApplicationDescription = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\shell\open\command	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\Capabilities	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\shell\open\ = "Minecraft Modpack"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\shell\open\command	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack\OpenWithList	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe,0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.zip\OpenWithProgids\PrismLauncher.App = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack\OpenWithProgids\PrismLauncher.App = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\shell	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\shell\open	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack\ = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack\OpenWithList\prismlauncher.exe = "0"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\shell	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.zip\OpenWithList	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\ = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\PrismLauncher.App\shell\ = "open"	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack\PrismLauncher.App_backup	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\.mrpack\OpenWithProgids	PrismLauncher-Windows-MSVC-Setup-6.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations\.mrpack = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-6.3.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3060	prismlauncher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3060	prismlauncher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4276	TaskKill.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 4276	4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe	85
PID 4652 wrote to memory of 4276	4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe	85
PID 4652 wrote to memory of 4276	4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe	85
PID 4652 wrote to memory of 3060	4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe	94
PID 4652 wrote to memory of 3060	4652	PrismLauncher-Windows-MSVC-Setup-6.3.exe	94

C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-6.3.exe
"C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-6.3.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\SysWOW64\TaskKill.exe
  TaskKill /IM prismlauncher.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4276
- C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  PID:3060
- - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:1820
- - C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:1904
- - C:\ProgramData\Oracle\Java\javapath\javaw.exe
    javaw -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:2344
- - C:\ProgramData\Oracle\Java\javapath\javaw.exe
    C:\ProgramData\Oracle\Java\javapath\javaw.exe -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:2248

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
5.4MB

MD5
f153f00ed37064b392bb36dff59e67d8

SHA1
a6ca85c8fdfad202d2148cd046d56020b780820f

SHA256
eaf9f64363f25524deda5e12bb0b5efcdc2477611c8b936507486bfb4627f373

SHA512
a7d09e1790e9d9a0971d6056be7efa8c574107fd5bde7e08732138605c0c8aa15c8cf68b67a3320a9fbfe5e5965d22b2858e36d8aeef0a9a2efb4dfe1f5981fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
5.4MB

MD5
f153f00ed37064b392bb36dff59e67d8

SHA1
a6ca85c8fdfad202d2148cd046d56020b780820f

SHA256
eaf9f64363f25524deda5e12bb0b5efcdc2477611c8b936507486bfb4627f373

SHA512
a7d09e1790e9d9a0971d6056be7efa8c574107fd5bde7e08732138605c0c8aa15c8cf68b67a3320a9fbfe5e5965d22b2858e36d8aeef0a9a2efb4dfe1f5981fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
816KB

MD5
845d73d30e593fa45ff7756eed99ada7

SHA1
d5b42c11f2140c86c5b6ea31cfa2f07b1ccedaec

SHA256
7863b24f046efa36fea0923eb32070c80c93dc89802b7ed8b472f1b8f8fd9fca

SHA512
2a0a5e0c7aec919bf026008b959b2c1d1924b3da385d12fd8bbc4e7923697284124544aab3c188e4296d9e8bf0946fc8fcfc91aaa3cb4c1c42231842864315ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
816KB

MD5
845d73d30e593fa45ff7756eed99ada7

SHA1
d5b42c11f2140c86c5b6ea31cfa2f07b1ccedaec

SHA256
7863b24f046efa36fea0923eb32070c80c93dc89802b7ed8b472f1b8f8fd9fca

SHA512
2a0a5e0c7aec919bf026008b959b2c1d1924b3da385d12fd8bbc4e7923697284124544aab3c188e4296d9e8bf0946fc8fcfc91aaa3cb4c1c42231842864315ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
7.3MB

MD5
d9d28c74bf6331296ba2dfcf2b9c95f6

SHA1
9f966b77751e2681916f165f348e1b598c71bd8e

SHA256
97e9cbc396e54fcba316c3b8f0383ec526159ae70bb63f7ebdd9ffc0f511c143

SHA512
554dba9b59d5ea6043a4cce9fe74b87f7cbd0dc341b6df78f2f5e3778e6a35f05cb03a9ff84d91753e4685936b74bcac550c4fc87f9fc671b73507d47b924592

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
7.3MB

MD5
d9d28c74bf6331296ba2dfcf2b9c95f6

SHA1
9f966b77751e2681916f165f348e1b598c71bd8e

SHA256
97e9cbc396e54fcba316c3b8f0383ec526159ae70bb63f7ebdd9ffc0f511c143

SHA512
554dba9b59d5ea6043a4cce9fe74b87f7cbd0dc341b6df78f2f5e3778e6a35f05cb03a9ff84d91753e4685936b74bcac550c4fc87f9fc671b73507d47b924592

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.3MB

MD5
86103cc463c0f96c296cd81fb35574a7

SHA1
4af5098476fda9f866309d1a75256d3a0d589a51

SHA256
c203bc6a09ba5e9b6c272109f61a1a04d8531796a33e59015cc08bf2c07880fe

SHA512
e3d3db3b896c100844ea1de50313b1244f1cf16e00196cf571a22245c6eeed3adcdf226dee0a4eeb122c0a7ce4d9c1259bab742fcede328933513563c8631adb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.3MB

MD5
86103cc463c0f96c296cd81fb35574a7

SHA1
4af5098476fda9f866309d1a75256d3a0d589a51

SHA256
c203bc6a09ba5e9b6c272109f61a1a04d8531796a33e59015cc08bf2c07880fe

SHA512
e3d3db3b896c100844ea1de50313b1244f1cf16e00196cf571a22245c6eeed3adcdf226dee0a4eeb122c0a7ce4d9c1259bab742fcede328933513563c8631adb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
350KB

MD5
e98e4d70d5bd9f743d71018177c8f347

SHA1
79969a1673a3baf7d218b56b095d64cea9ebc80b

SHA256
1decbd3d2cb252e4fb23ec966b7bd5fdc63cc0b1c51f4537afc480fe4e0bb2c2

SHA512
5c476f4c436e91b62e519d31d4f1a42c337da43233a610e6a86b5c8ff8814f949f8b5e5eafdc569f82eb4f96dd9f89adb15a4288d92127a059ba6008b544db80

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
350KB

MD5
e98e4d70d5bd9f743d71018177c8f347

SHA1
79969a1673a3baf7d218b56b095d64cea9ebc80b

SHA256
1decbd3d2cb252e4fb23ec966b7bd5fdc63cc0b1c51f4537afc480fe4e0bb2c2

SHA512
5c476f4c436e91b62e519d31d4f1a42c337da43233a610e6a86b5c8ff8814f949f8b5e5eafdc569f82eb4f96dd9f89adb15a4288d92127a059ba6008b544db80

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
5.8MB

MD5
fdc4fc0eaa7a6cfc8712a1c65f7592ad

SHA1
f43f709d373a70f3b3a895d08114f0dcdab79db0

SHA256
31336c26f42b274187dc473da01e4e1c1f0f2a6250313eb4822656d94b420264

SHA512
25cc93a6eac7a73fdeaa61ee874fd5f1998a8574255ecb57bbef8d72743eee47862468d714117f62493431e49720951c2fc00988f6a9888687f8425d73599094

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
5.8MB

MD5
fdc4fc0eaa7a6cfc8712a1c65f7592ad

SHA1
f43f709d373a70f3b3a895d08114f0dcdab79db0

SHA256
31336c26f42b274187dc473da01e4e1c1f0f2a6250313eb4822656d94b420264

SHA512
25cc93a6eac7a73fdeaa61ee874fd5f1998a8574255ecb57bbef8d72743eee47862468d714117f62493431e49720951c2fc00988f6a9888687f8425d73599094

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
133KB

MD5
5fceb2eaac6f25a75108a7a9ce8b57b6

SHA1
a31fec965e023b73764e2fce92ad9093ed6f7d65

SHA256
2d623a1fb8901ecc24107be17636c76f41607192b411b4e57bcdbae6ca515a1a

SHA512
49bc1c81a8e634c51d4303c6d28bab774391e74ce96af51e7a14b06767ff0d40594cdd7f72e01c1025b80dba1b28597fef53c6d80fea2c434ef636db2a57d161

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
133KB

MD5
5fceb2eaac6f25a75108a7a9ce8b57b6

SHA1
a31fec965e023b73764e2fce92ad9093ed6f7d65

SHA256
2d623a1fb8901ecc24107be17636c76f41607192b411b4e57bcdbae6ca515a1a

SHA512
49bc1c81a8e634c51d4303c6d28bab774391e74ce96af51e7a14b06767ff0d40594cdd7f72e01c1025b80dba1b28597fef53c6d80fea2c434ef636db2a57d161

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
63KB

MD5
dcb4d3f7d20a7ac5d1abe2bbf642409f

SHA1
4affe079dba43d280a04c9c522a5cfab75e52a15

SHA256
c80ad0e9a105fd610aedcd2d6f8edeb249e2874c683cf0c97a47e3cc24762b91

SHA512
ac3853a81bac87cea8fbdaf78667f8a5597727f7d6b1c9735eaa0cb414acfdb5f8c8bb7f31095838463a32ad06b2dfe965f3679ae0dd879f96429fbaebf333ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
63KB

MD5
dcb4d3f7d20a7ac5d1abe2bbf642409f

SHA1
4affe079dba43d280a04c9c522a5cfab75e52a15

SHA256
c80ad0e9a105fd610aedcd2d6f8edeb249e2874c683cf0c97a47e3cc24762b91

SHA512
ac3853a81bac87cea8fbdaf78667f8a5597727f7d6b1c9735eaa0cb414acfdb5f8c8bb7f31095838463a32ad06b2dfe965f3679ae0dd879f96429fbaebf333ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\jars\JavaCheck.jar

Filesize
1KB

MD5
ebca95af1795431d077af0eefe59a7fe

SHA1
d108b038abd93342c4a4ff656e7cb9b66ac26b53

SHA256
3030eb718cb2d7edc68d426d46f21e1af2a2cdd5443de5dfc5020650b52e7601

SHA512
82db76377acecec4b1b012f1ba83fe234bbc33f2d6b8c9ad97c9631a3df989d64fa0cb111e8db59af5114d620921e4ece38303091c72cc6bdf0226f935822319

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qdirect2d.dll

Filesize
883KB

MD5
2dc372bec7d15f0e0e6e45930865a7c0

SHA1
cf70323914d0f246c3953855dbe2e8a5ff51e4fc

SHA256
1fbfa3632fd292ccb3ab72566d934dfafc3d99308115c60ff7441aa5e905cd84

SHA512
d313178dc461f401ad849f2ee5c2b103e81d62742105df89170bf3ec8da100da704515bd668c93617083880a0915e1b2a0e76ed8aff6a6516be705e18932406e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
811KB

MD5
c375f728acfcce8456b3bda4c5837976

SHA1
7de1c3476c043a58c41428b7f838cc6ab2017857

SHA256
a3bd204581461478282555b3c46b13c8d6779469a1b209b45765dbc7947a564a

SHA512
b739588b0adbf1e3f107709953bf68660fe7f33c9fc8d7fbf5d738483e5eca3076de92574789e21e858bd70a3f1bd1c108ca754fed08046185949a85ef38cb2a

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
811KB

MD5
c375f728acfcce8456b3bda4c5837976

SHA1
7de1c3476c043a58c41428b7f838cc6ab2017857

SHA256
a3bd204581461478282555b3c46b13c8d6779469a1b209b45765dbc7947a564a

SHA512
b739588b0adbf1e3f107709953bf68660fe7f33c9fc8d7fbf5d738483e5eca3076de92574789e21e858bd70a3f1bd1c108ca754fed08046185949a85ef38cb2a

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
7.7MB

MD5
6eee4fe0679ff858adfd4de9b3bb1892

SHA1
c536cfb7d4025cc4971389e9bddc3bfb06920ab4

SHA256
071d3b45a03c20867cc2bf1f8d4576cd8bfb76655531a09a296229d8b32a285b

SHA512
2a24a94a5ca4b93d964de894847a270af094fe7ff6d28d3ee7b3d947fd956706a8a69057f5d0af743024d8eb14f0e04ef8e3116128ccace5a09bcb99867fe32e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
7.7MB

MD5
6eee4fe0679ff858adfd4de9b3bb1892

SHA1
c536cfb7d4025cc4971389e9bddc3bfb06920ab4

SHA256
071d3b45a03c20867cc2bf1f8d4576cd8bfb76655531a09a296229d8b32a285b

SHA512
2a24a94a5ca4b93d964de894847a270af094fe7ff6d28d3ee7b3d947fd956706a8a69057f5d0af743024d8eb14f0e04ef8e3116128ccace5a09bcb99867fe32e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
7.7MB

MD5
6eee4fe0679ff858adfd4de9b3bb1892

SHA1
c536cfb7d4025cc4971389e9bddc3bfb06920ab4

SHA256
071d3b45a03c20867cc2bf1f8d4576cd8bfb76655531a09a296229d8b32a285b

SHA512
2a24a94a5ca4b93d964de894847a270af094fe7ff6d28d3ee7b3d947fd956706a8a69057f5d0af743024d8eb14f0e04ef8e3116128ccace5a09bcb99867fe32e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qt.conf

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
150KB

MD5
b1e8f9b4f67602d2af400f97123cd67e

SHA1
fb84d95ac7629dee1ab6a6235aa10f0033d606fc

SHA256
1e826a5e7dc86022a17f72980f9c9eadb0b6fb439cda43e4af5a1d3b208e91eb

SHA512
60cc251e076498396d84ffc9a3e0c742bf241d8be877a090e336f2ee7d8d96aaeda8b7527139ec7e0f523e25ab675269925484a145e8caeb9c6d92ea6f75b4fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
150KB

MD5
b1e8f9b4f67602d2af400f97123cd67e

SHA1
fb84d95ac7629dee1ab6a6235aa10f0033d606fc

SHA256
1e826a5e7dc86022a17f72980f9c9eadb0b6fb439cda43e4af5a1d3b208e91eb

SHA512
60cc251e076498396d84ffc9a3e0c742bf241d8be877a090e336f2ee7d8d96aaeda8b7527139ec7e0f523e25ab675269925484a145e8caeb9c6d92ea6f75b4fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
213KB

MD5
4c28ee5e48080b3c3a5ba7f23cd00f60

SHA1
1416663464ddc4e85f993759683fcc6e6c3652f3

SHA256
cd3c48a739d9ffa9e5a4568e023c64c51aecc55777ab41b5a9ef4d6e19b644f9

SHA512
9c2c786f6db9b40d958086f25a579dbe5a0292a19ada6847db6138e43a0f493cb228fc2ee61527deed87197fa3e647e22d65818adda7f8566d64eb27c76d2b2f

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
213KB

MD5
4c28ee5e48080b3c3a5ba7f23cd00f60

SHA1
1416663464ddc4e85f993759683fcc6e6c3652f3

SHA256
cd3c48a739d9ffa9e5a4568e023c64c51aecc55777ab41b5a9ef4d6e19b644f9

SHA512
9c2c786f6db9b40d958086f25a579dbe5a0292a19ada6847db6138e43a0f493cb228fc2ee61527deed87197fa3e647e22d65818adda7f8566d64eb27c76d2b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz6D56.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
memory/3060-229-0x00007FF675EE0000-0x00007FF6766A3000-memory.dmp

Filesize
7.8MB

Download
memory/3060-245-0x000001B509390000-0x000001B5093A0000-memory.dmp

Filesize
64KB

Download
memory/3060-228-0x00007FFC18040000-0x00007FFC18605000-memory.dmp

Filesize
5.8MB

Download
memory/3060-276-0x000001B509390000-0x000001B5093A0000-memory.dmp

Filesize
64KB

Download