84896fbfb13875ac47d85739e4b55e34f0f60a183c27077426cf839020d91e13

Resubmissions

28/11/2023, 01:30

231128-bwwabaed2v 7

28/11/2023, 01:26

231128-btz6gseb73 7

Analysis

max time kernel
25s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2023, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PrismLauncher-Windows-MSVC-Setup-8.0.exe
Size

18.1MB
MD5

64f959f2372d2fa8d6834156a9c57b5f
SHA1

256bd4ab54b5ba3b3b6694d4713e8e30353ab2e6
SHA256

84896fbfb13875ac47d85739e4b55e34f0f60a183c27077426cf839020d91e13
SHA512

11f1502b57b52bfc980ddb181295c8d3cff33cb3029be53d48ffa52039c70333bea45f2bac245ee42db932d1ecb802d9f7ebe0c421062622318fd5d967025ef2
SSDEEP

393216:zK1dO8BhfgnDojsDsn5rmoUw6gC9iCnh3Ujqa6pJu/:zQhfgDVM5J6gC9JnhkE

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4764	icacls.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Control Panel\International\Geo\Nation	prismlauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
3844	prismlauncher.exe

Loads dropped DLL 23 IoCs

pid	Process
3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe
3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe
3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe
3844	prismlauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
4800	TaskKill.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\curseforge\URL Protocol	PrismLauncher-Windows-MSVC-Setup-8.0.exe
Key created	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\curseforge\shell\open\command	PrismLauncher-Windows-MSVC-Setup-8.0.exe
Key created	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\curseforge\shell	PrismLauncher-Windows-MSVC-Setup-8.0.exe
Key created	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\curseforge\shell\open	PrismLauncher-Windows-MSVC-Setup-8.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe\" \"%1\""	PrismLauncher-Windows-MSVC-Setup-8.0.exe
Key created	\REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\curseforge	PrismLauncher-Windows-MSVC-Setup-8.0.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3844	prismlauncher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3844	prismlauncher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4800	TaskKill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3844	prismlauncher.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 4800	3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe	82
PID 3756 wrote to memory of 4800	3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe	82
PID 3756 wrote to memory of 4800	3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe	82
PID 3756 wrote to memory of 3844	3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe	85
PID 3756 wrote to memory of 3844	3756	PrismLauncher-Windows-MSVC-Setup-8.0.exe	85

C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.0.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Windows\SysWOW64\TaskKill.exe
  TaskKill /IM prismlauncher.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4800
- C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:3844
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:3364
- - C:\Program Files\Java\jdk-1.8\bin\javaw.exe
    "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:5072
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
    javaw -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:5112
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
    "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:3112
  - - C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      4⤵
      Modifies file permissions
      PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
3e8d27297f64081e53439bb723673a60

SHA1
ed039113a2a843cebbb7d67b9d3f8a38881725a2

SHA256
26b3f7c6566897eff8e1b5ccb005cef0edc01f497f600213e25832dfec19b656

SHA512
69275e68599294ea0bfe13501f2893f3dce034fb03a6a867f53f90fcb6fc735c540691a9f898b799a859027141eb85f4bbd2988ec3a3c88945216d5f8853baf5

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
3e8d27297f64081e53439bb723673a60

SHA1
ed039113a2a843cebbb7d67b9d3f8a38881725a2

SHA256
26b3f7c6566897eff8e1b5ccb005cef0edc01f497f600213e25832dfec19b656

SHA512
69275e68599294ea0bfe13501f2893f3dce034fb03a6a867f53f90fcb6fc735c540691a9f898b799a859027141eb85f4bbd2988ec3a3c88945216d5f8853baf5

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
6.0MB

MD5
46c0a1684b64081f45070d7c41b501c4

SHA1
7fe0ddde9b30c01641515126a16b6d06988aa144

SHA256
a230faeeb2bcff6e80b7a8fcfb19350a076cc2ed0fa190e16865bfa0c7e9214f

SHA512
8d29f0b15955c73e9bbb026b5b96d196a219bdd33f9579fc3d5ebc50f6757621477000b0908fe3a191ac830d7c76750db55e2d871284c5060b7e626addd340bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
6.0MB

MD5
46c0a1684b64081f45070d7c41b501c4

SHA1
7fe0ddde9b30c01641515126a16b6d06988aa144

SHA256
a230faeeb2bcff6e80b7a8fcfb19350a076cc2ed0fa190e16865bfa0c7e9214f

SHA512
8d29f0b15955c73e9bbb026b5b96d196a219bdd33f9579fc3d5ebc50f6757621477000b0908fe3a191ac830d7c76750db55e2d871284c5060b7e626addd340bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
6.0MB

MD5
46c0a1684b64081f45070d7c41b501c4

SHA1
7fe0ddde9b30c01641515126a16b6d06988aa144

SHA256
a230faeeb2bcff6e80b7a8fcfb19350a076cc2ed0fa190e16865bfa0c7e9214f

SHA512
8d29f0b15955c73e9bbb026b5b96d196a219bdd33f9579fc3d5ebc50f6757621477000b0908fe3a191ac830d7c76750db55e2d871284c5060b7e626addd340bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
6.0MB

MD5
46c0a1684b64081f45070d7c41b501c4

SHA1
7fe0ddde9b30c01641515126a16b6d06988aa144

SHA256
a230faeeb2bcff6e80b7a8fcfb19350a076cc2ed0fa190e16865bfa0c7e9214f

SHA512
8d29f0b15955c73e9bbb026b5b96d196a219bdd33f9579fc3d5ebc50f6757621477000b0908fe3a191ac830d7c76750db55e2d871284c5060b7e626addd340bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
6.0MB

MD5
46c0a1684b64081f45070d7c41b501c4

SHA1
7fe0ddde9b30c01641515126a16b6d06988aa144

SHA256
a230faeeb2bcff6e80b7a8fcfb19350a076cc2ed0fa190e16865bfa0c7e9214f

SHA512
8d29f0b15955c73e9bbb026b5b96d196a219bdd33f9579fc3d5ebc50f6757621477000b0908fe3a191ac830d7c76750db55e2d871284c5060b7e626addd340bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
851KB

MD5
8437fabf510fb31e319500774f55ce10

SHA1
677d2926708f3cf691aa523ccdac0ee6f0900d9f

SHA256
bf920ef0eaa78e7f7cb4b9d1499ada88a4180ee0df2477a39ebfde2cd14f2b56

SHA512
824e737785a6ef5e5a66be4f55f8e304e0ad41330117bb4d22d89732ba6b8e038ee993a6a6dd1aa160f02a056b83b528c47a9f4fe37b79f437c9101972eafaf9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
851KB

MD5
8437fabf510fb31e319500774f55ce10

SHA1
677d2926708f3cf691aa523ccdac0ee6f0900d9f

SHA256
bf920ef0eaa78e7f7cb4b9d1499ada88a4180ee0df2477a39ebfde2cd14f2b56

SHA512
824e737785a6ef5e5a66be4f55f8e304e0ad41330117bb4d22d89732ba6b8e038ee993a6a6dd1aa160f02a056b83b528c47a9f4fe37b79f437c9101972eafaf9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
8.5MB

MD5
3b76150f68eee497f84f3cec0c1fbd82

SHA1
73488761aad3104f1f2ff7d67318f3d70c783c5a

SHA256
42dfcd4c5fea70cd7cac2442529ab57ae09d5ad6da38cdd2cefd932f6eb5c66d

SHA512
2b4915ad7edd83360d1071794e9cd503d59da810fcc6cab0652e799c989f8965aa4bd1bf96ac12307582eacb83b3c1641e8d9ce97ed1b8f3da741b2453f1ae1e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
8.5MB

MD5
3b76150f68eee497f84f3cec0c1fbd82

SHA1
73488761aad3104f1f2ff7d67318f3d70c783c5a

SHA256
42dfcd4c5fea70cd7cac2442529ab57ae09d5ad6da38cdd2cefd932f6eb5c66d

SHA512
2b4915ad7edd83360d1071794e9cd503d59da810fcc6cab0652e799c989f8965aa4bd1bf96ac12307582eacb83b3c1641e8d9ce97ed1b8f3da741b2453f1ae1e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.4MB

MD5
7859ab5090780d2d8a3bd67d9594d9d6

SHA1
908dcb1c397d6172866d040d14e28bdcda99df30

SHA256
b7839d313a86d413c67c3f57d3adc0d277345d6c9d04b3364e3771a7bd1c8c55

SHA512
4456c2f780f8d080963855f8775e81fd3de12c17e6d8cc928381be75e8e7b32f152484f5893cbaeaaf2995b671c99fddcb03af2f09a68e5ec4eb0fcf9b5509c1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.4MB

MD5
7859ab5090780d2d8a3bd67d9594d9d6

SHA1
908dcb1c397d6172866d040d14e28bdcda99df30

SHA256
b7839d313a86d413c67c3f57d3adc0d277345d6c9d04b3364e3771a7bd1c8c55

SHA512
4456c2f780f8d080963855f8775e81fd3de12c17e6d8cc928381be75e8e7b32f152484f5893cbaeaaf2995b671c99fddcb03af2f09a68e5ec4eb0fcf9b5509c1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
374KB

MD5
365ae83f71887535ab064674277e04e3

SHA1
9d50aba7d490425d7e5507d47175de3ce354af85

SHA256
4de1a81c070c33a3e48772d7003e3a9454d69951fc4f5da8132ed7a03c84597d

SHA512
d544bb66a9426e7a6577a8041c844d19ee6aeb9bce11a073e7bd693d68a3e12fc8e24978cfc6cd5f3ffdf30265b62397f42265f71853a2f23d593cfb5829bf7c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
374KB

MD5
365ae83f71887535ab064674277e04e3

SHA1
9d50aba7d490425d7e5507d47175de3ce354af85

SHA256
4de1a81c070c33a3e48772d7003e3a9454d69951fc4f5da8132ed7a03c84597d

SHA512
d544bb66a9426e7a6577a8041c844d19ee6aeb9bce11a073e7bd693d68a3e12fc8e24978cfc6cd5f3ffdf30265b62397f42265f71853a2f23d593cfb5829bf7c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
6.2MB

MD5
373e8fc6044b19fe2857b71ebf83a3a4

SHA1
af15b5da48d07c0883170a6089976a29b1d427a9

SHA256
0f040d7f14e1a6cec10b80d9e90065c2e3b5f8f4aab7a45244dd7327a1bf1c20

SHA512
9f4a93b946d26118c313719e753a0bdc78bf075a072b74d221dcdf31163f60b92521a8bcd4f5287deea885f7cbfbfb06ae52c60fcf1e7a61ab0f2e00c2a793d3

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
6.2MB

MD5
373e8fc6044b19fe2857b71ebf83a3a4

SHA1
af15b5da48d07c0883170a6089976a29b1d427a9

SHA256
0f040d7f14e1a6cec10b80d9e90065c2e3b5f8f4aab7a45244dd7327a1bf1c20

SHA512
9f4a93b946d26118c313719e753a0bdc78bf075a072b74d221dcdf31163f60b92521a8bcd4f5287deea885f7cbfbfb06ae52c60fcf1e7a61ab0f2e00c2a793d3

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
152KB

MD5
6a20c7e176d042d849f8a8420e56dd1e

SHA1
569be8e19bd54c10846ade6f1a3e1c00bc033aad

SHA256
805c5c0bbcd384428c77719b756c90f901832c45769ee1cd6f39964baace86ad

SHA512
b0c0b73069ea4b14e4d43548b0ce4d0fff6092a96fa405f83b09ea3f0eecca372f57a4b523dc39b01e12e1815cb35f1d1216ecba7c6d441da76d3460e341bc0c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
152KB

MD5
6a20c7e176d042d849f8a8420e56dd1e

SHA1
569be8e19bd54c10846ade6f1a3e1c00bc033aad

SHA256
805c5c0bbcd384428c77719b756c90f901832c45769ee1cd6f39964baace86ad

SHA512
b0c0b73069ea4b14e4d43548b0ce4d0fff6092a96fa405f83b09ea3f0eecca372f57a4b523dc39b01e12e1815cb35f1d1216ecba7c6d441da76d3460e341bc0c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
69KB

MD5
88b03988ca27c2e3cea7d33d699eb17a

SHA1
f4c71b9e6543ef9a7b183fdec888d7b8a11fc7e7

SHA256
35e9c2f0e54aed7493e85c8a10e0a620585d04821c6dbe82b9fe48be19ff28a1

SHA512
2fd59ff2161e68351e59ce80b53c54b525981738c8d80e4af047ad3c5acd9ecf1e281ae812abcf9999ffb2c750c7f09dd98c0b5dd343905ec3af615337e1fb41

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
69KB

MD5
88b03988ca27c2e3cea7d33d699eb17a

SHA1
f4c71b9e6543ef9a7b183fdec888d7b8a11fc7e7

SHA256
35e9c2f0e54aed7493e85c8a10e0a620585d04821c6dbe82b9fe48be19ff28a1

SHA512
2fd59ff2161e68351e59ce80b53c54b525981738c8d80e4af047ad3c5acd9ecf1e281ae812abcf9999ffb2c750c7f09dd98c0b5dd343905ec3af615337e1fb41

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qgif.dll

Filesize
47KB

MD5
57e51ea5072660adb8874e8cafc62a37

SHA1
97cc9eaac24ff74c9bf2cd83ef9bec75184578f6

SHA256
b0d133e6ff9b8c14fd5857189d63abc8b75d291c56d56becc50b43591e4867a8

SHA512
74c3fbe094da578830a524c669edc7edab0bc15cf7e352f819bd35b0a47cf873d714daeaf505c0b1b45e926d85837a0129da131535140f6f8cff9f6faa4e3b13

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qgif.dll

Filesize
47KB

MD5
57e51ea5072660adb8874e8cafc62a37

SHA1
97cc9eaac24ff74c9bf2cd83ef9bec75184578f6

SHA256
b0d133e6ff9b8c14fd5857189d63abc8b75d291c56d56becc50b43591e4867a8

SHA512
74c3fbe094da578830a524c669edc7edab0bc15cf7e352f819bd35b0a47cf873d714daeaf505c0b1b45e926d85837a0129da131535140f6f8cff9f6faa4e3b13

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dll

Filesize
55KB

MD5
44dd92a8f16ad189bb44ce8c392e04a2

SHA1
4846fb107d58c62294891d45ecaa1630aa587545

SHA256
b8b59ed0443548a45925375699e5d1726bed0c49b5a007d902be7d0f10b20e15

SHA512
5991487d2d566456ef1316df3f74653406fef7a8f9fa740f3cee11f5612ea59c2313b56c12da21d891088a8cb702af1bda62f0bf055e5b42ba722949d4513649

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dll

Filesize
55KB

MD5
44dd92a8f16ad189bb44ce8c392e04a2

SHA1
4846fb107d58c62294891d45ecaa1630aa587545

SHA256
b8b59ed0443548a45925375699e5d1726bed0c49b5a007d902be7d0f10b20e15

SHA512
5991487d2d566456ef1316df3f74653406fef7a8f9fa740f3cee11f5612ea59c2313b56c12da21d891088a8cb702af1bda62f0bf055e5b42ba722949d4513649

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qico.dll

Filesize
46KB

MD5
5c455c348e79fce7d4f1100a5c9e180b

SHA1
f76fa09b8b6d3c0847181f8a89a89164c2c79ad4

SHA256
b656af82f086310502673cff15a67400f806acdb820248d19e08d3e4919d90f9

SHA512
15833c5a119ff84dd0a5447bc29c8a5a9973464ba456d50392a4c79ffe420e857c6ec65aa1b15df07c412aeb47967653adb54fdb3341de076cc9dd31811c8be4

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qico.dll

Filesize
46KB

MD5
5c455c348e79fce7d4f1100a5c9e180b

SHA1
f76fa09b8b6d3c0847181f8a89a89164c2c79ad4

SHA256
b656af82f086310502673cff15a67400f806acdb820248d19e08d3e4919d90f9

SHA512
15833c5a119ff84dd0a5447bc29c8a5a9973464ba456d50392a4c79ffe420e857c6ec65aa1b15df07c412aeb47967653adb54fdb3341de076cc9dd31811c8be4

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll

Filesize
616KB

MD5
dbad209058a24a26b4e539d65b0f2388

SHA1
51d939dfa0b22581acb502c9d523c5d646ee4044

SHA256
e98fa286c08ac33b5b1a55367bf99cef820859e2aaaa009d30d83c727defdbc8

SHA512
8c9c18504d768881b25fc1cf6b76661124986cb282b7bf056b85c1178294b0b95ab830928b713f460ff53bd2f1ef95d1af2c2fdbbdc2774ed6c0fe48c8897a34

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll

Filesize
616KB

MD5
dbad209058a24a26b4e539d65b0f2388

SHA1
51d939dfa0b22581acb502c9d523c5d646ee4044

SHA256
e98fa286c08ac33b5b1a55367bf99cef820859e2aaaa009d30d83c727defdbc8

SHA512
8c9c18504d768881b25fc1cf6b76661124986cb282b7bf056b85c1178294b0b95ab830928b713f460ff53bd2f1ef95d1af2c2fdbbdc2774ed6c0fe48c8897a34

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qsvg.dll

Filesize
39KB

MD5
d12ed3e7a46b9c2e881c0bd210d2fb1e

SHA1
6f1ed179e4c3578c8c363a62ecda5e53485850f3

SHA256
4d309228eeb7de155df1508fff39b9d4f360fa27152dcd8482280a64e397e618

SHA512
7a459de7b686f351b33b84bc6e7f1ef3bb983140d9734233914fe9ff9dfac64cee659959601712fcfa564648112f0e0364d3c8c7ab5f126a7eccae04a715bbb3

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qsvg.dll

Filesize
39KB

MD5
d12ed3e7a46b9c2e881c0bd210d2fb1e

SHA1
6f1ed179e4c3578c8c363a62ecda5e53485850f3

SHA256
4d309228eeb7de155df1508fff39b9d4f360fa27152dcd8482280a64e397e618

SHA512
7a459de7b686f351b33b84bc6e7f1ef3bb983140d9734233914fe9ff9dfac64cee659959601712fcfa564648112f0e0364d3c8c7ab5f126a7eccae04a715bbb3

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwbmp.dll

Filesize
37KB

MD5
f0aa1d8ad1b50c89ec5c5f1d7ca8d720

SHA1
f441bd65a1a02031830a85cb8822b4c9cdef7777

SHA256
d768b8d0cc22b8182c2f24406ff6b0bc5d4ee5dc5b9edfe16d2f1e8bd3fabb70

SHA512
2893597cd5299073f8da108f345423bc75de3299d70fa12485073523f2f759e166c9181405d5c90fd8fe7290012965b06c851d5452db37aa1e25f3a167536318

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwbmp.dll

Filesize
37KB

MD5
f0aa1d8ad1b50c89ec5c5f1d7ca8d720

SHA1
f441bd65a1a02031830a85cb8822b4c9cdef7777

SHA256
d768b8d0cc22b8182c2f24406ff6b0bc5d4ee5dc5b9edfe16d2f1e8bd3fabb70

SHA512
2893597cd5299073f8da108f345423bc75de3299d70fa12485073523f2f759e166c9181405d5c90fd8fe7290012965b06c851d5452db37aa1e25f3a167536318

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll

Filesize
527KB

MD5
b1afb6165e135551b7494e704bbb60d3

SHA1
7c97798a5b91cb8b3c7af8cefbce9fb86f25baf0

SHA256
e112b3c259ce143831a3ea9c21bbb7634ce46fa64f923801f4387c88fb3cc70c

SHA512
d2b04b80f71b5d3132cd7c34643734b12f8a45791bae17f40cd7f0052bab69cd724fb2c53c634e9057d01c14a52c6c8e32628acdd4e47b1d8b80e876442229a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll

Filesize
527KB

MD5
b1afb6165e135551b7494e704bbb60d3

SHA1
7c97798a5b91cb8b3c7af8cefbce9fb86f25baf0

SHA256
e112b3c259ce143831a3ea9c21bbb7634ce46fa64f923801f4387c88fb3cc70c

SHA512
d2b04b80f71b5d3132cd7c34643734b12f8a45791bae17f40cd7f0052bab69cd724fb2c53c634e9057d01c14a52c6c8e32628acdd4e47b1d8b80e876442229a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\jars\JavaCheck.jar

Filesize
1KB

MD5
2b96e0a98d55af7d8b552974528bcb28

SHA1
47bbbaef4bbfde66db7d4c58428e43fac950f11e

SHA256
6b350b222366434d20be527ca7a27c7a8b8f7692ae7d2fbfec4f120e5894022a

SHA512
5fbd76d7f281e2557092e073eee6058aaee1a9d25836cc20b233b819f511c366b6d4bae3a98c18a2a04726cb0414be9a65a11cdf0d529a8998c77166b36b3c3a

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qdirect2d.dll

Filesize
940KB

MD5
6b84eedc5462593c1fb42405b9e2f593

SHA1
d880ab5ec6d1cb804c0747c7a02e642d3580c17b

SHA256
a9033512312357c99974bd91242df33482c07e049536a8e7c24fb6c3d070de25

SHA512
e0668fb53c6e1add8d71e28e61ac5f77d9167c6ad564aeef494982cbeee661b9c40adcfd22d5810f8ae77590518b0f0867abca8b4340f05acede46d7554bd5de

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
870KB

MD5
ab99c1e6453c1da2f9c9ff9bcf29d01a

SHA1
31183561d4f418b007ed173c5874df3a4fa2ea4a

SHA256
0daee37658c29afc0702703bc477fdecb8091197c0c9c6c89d3672636cb0edbb

SHA512
8245509501166148c4e43ac79075601545af65f7c98f9560600648fda97a989dcdf94722590ba802a1eb2a62f699eecba1bf11a2587a15d24419ff91c56ae1d2

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
870KB

MD5
ab99c1e6453c1da2f9c9ff9bcf29d01a

SHA1
31183561d4f418b007ed173c5874df3a4fa2ea4a

SHA256
0daee37658c29afc0702703bc477fdecb8091197c0c9c6c89d3672636cb0edbb

SHA512
8245509501166148c4e43ac79075601545af65f7c98f9560600648fda97a989dcdf94722590ba802a1eb2a62f699eecba1bf11a2587a15d24419ff91c56ae1d2

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
9.7MB

MD5
f76f36aec1c7701f0f528dd87e5a2df8

SHA1
1eb2c7d88b1898184f813d47cb60fe6553682307

SHA256
8c79a4bf9229e4f11696a3196463b9830f66e9cac22dc9eb39eda1cb062604dc

SHA512
c2c6ded06c89a6722e4f4a8d00819b1b0ef8422890d6b793354bd98103108d177dc41327a4fe4d77f021853f5c5a02ab3a1ca2f97e3ddc55b60ae0a183a7ff45

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
9.7MB

MD5
f76f36aec1c7701f0f528dd87e5a2df8

SHA1
1eb2c7d88b1898184f813d47cb60fe6553682307

SHA256
8c79a4bf9229e4f11696a3196463b9830f66e9cac22dc9eb39eda1cb062604dc

SHA512
c2c6ded06c89a6722e4f4a8d00819b1b0ef8422890d6b793354bd98103108d177dc41327a4fe4d77f021853f5c5a02ab3a1ca2f97e3ddc55b60ae0a183a7ff45

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
9.7MB

MD5
f76f36aec1c7701f0f528dd87e5a2df8

SHA1
1eb2c7d88b1898184f813d47cb60fe6553682307

SHA256
8c79a4bf9229e4f11696a3196463b9830f66e9cac22dc9eb39eda1cb062604dc

SHA512
c2c6ded06c89a6722e4f4a8d00819b1b0ef8422890d6b793354bd98103108d177dc41327a4fe4d77f021853f5c5a02ab3a1ca2f97e3ddc55b60ae0a183a7ff45

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qt.conf

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qtlogging.ini

Filesize
509B

MD5
58967a7fcc8cd9d2bdb9b0fc24eed94d

SHA1
b09f4ed1fe53850307cf8cb8cd2767524c26335b

SHA256
ba15aee260e7ca1d48016546bab52fe30c3da264356b629739c125cd4eb3c700

SHA512
5d44670d283b8a88892fd8def2fd2f2f9222d5115b25cc4b9e2b04a7c5f004930dc0b5e2d11ae128ab844f826ba079a0f93e17d5428355bdb4d21a04ee58055a

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
140KB

MD5
136687f095ebbafeb28e4ec876efa0f1

SHA1
5a2050135bfecb2d7f2109d0aea89f29c3f24d42

SHA256
acf625d41d1a37aac76fd7b26f8d33ae6a67bc761351c8fb56f0c8a607c4770d

SHA512
b1b8c7397e9b589083276b1b68176b4965cc31f2e594a8005d1e4611e7df90b94a6f3febba822f9842ed5bf6a7b4f5acf087bdf5a0bd237ef9535a2cd269e1c7

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
140KB

MD5
136687f095ebbafeb28e4ec876efa0f1

SHA1
5a2050135bfecb2d7f2109d0aea89f29c3f24d42

SHA256
acf625d41d1a37aac76fd7b26f8d33ae6a67bc761351c8fb56f0c8a607c4770d

SHA512
b1b8c7397e9b589083276b1b68176b4965cc31f2e594a8005d1e4611e7df90b94a6f3febba822f9842ed5bf6a7b4f5acf087bdf5a0bd237ef9535a2cd269e1c7

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
228KB

MD5
6fc2cac586b67bbbc6785d92ec35dcfc

SHA1
7966459f8647183332fb854e85f3ccf182769c1d

SHA256
e7727fe4a6f12768b1de8a99cf9d4d8342843c819ff5a6b71271059416178a74

SHA512
08877c165218d7070e3ec14cb94eb96b31f42645fd752c1128d3c7da6f5ba76fc8f7dc6064568293593a76fd5004ac79bd738896dff8144936cd3aa7bdf891e9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
228KB

MD5
6fc2cac586b67bbbc6785d92ec35dcfc

SHA1
7966459f8647183332fb854e85f3ccf182769c1d

SHA256
e7727fe4a6f12768b1de8a99cf9d4d8342843c819ff5a6b71271059416178a74

SHA512
08877c165218d7070e3ec14cb94eb96b31f42645fd752c1128d3c7da6f5ba76fc8f7dc6064568293593a76fd5004ac79bd738896dff8144936cd3aa7bdf891e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg9655.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg9655.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg9655.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg9655.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg9655.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg9655.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
116B

MD5
599050e294ac8fde992d8c767f56b207

SHA1
4b5aace952315bfb1065c45ea51854c6618b3d45

SHA256
d29731b36a87d77999f2fe472e7a0c9062bd2061ce450fba20fbacf489f55ea0

SHA512
4f83c45016a1a7fe815aca1a8f21e084a2d4d7ea02c7d8557a7aa453a50c91d3151bb9b220a8796cc1a21d6fd7f765363b5a6e0a2574c290473f333b4ca8d83c

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.Tusujy

Filesize
30B

MD5
a6dc16331f06bc5831e5ddc9799284ec

SHA1
d344f83d549df8c3e2c959182ba37f8c81d885a5

SHA256
9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

SHA512
43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.lock

Filesize
66B

MD5
cf731bef474140b934c961025edfd14b

SHA1
061a652dba6ad179a90945ee9659b4f141430b56

SHA256
31dbdf6e24da6d251339327c9b2e43946ba888127d3f4845c3a707682599b549

SHA512
c28052fe3e0479426bbc6420a080c33f63e67ff0aedb31ecfe1614cff418cb9db4d7d4378e8e1b41c9f5fd0094ba484d1ce1980a7f09df58a51f1f7b1a5d561d

Download Submit
memory/3112-212-0x0000026ACDF00000-0x0000026ACDF01000-memory.dmp

Filesize
4KB

Download
memory/3364-194-0x00000207CC220000-0x00000207CD220000-memory.dmp

Filesize
16.0MB

Download
memory/3364-215-0x00000207CAA20000-0x00000207CAA21000-memory.dmp

Filesize
4KB

Download
memory/3844-109-0x0000024E83DD0000-0x0000024E83DE0000-memory.dmp

Filesize
64KB

Download
memory/3844-104-0x00007FF628D80000-0x00007FF62972E000-memory.dmp

Filesize
9.7MB

Download
memory/3844-103-0x00007FFBD3320000-0x00007FFBD394A000-memory.dmp

Filesize
6.2MB

Download
memory/5072-220-0x00000250ED8F0000-0x00000250ED8F1000-memory.dmp

Filesize
4KB

Download
memory/5112-221-0x0000027205B40000-0x0000027205B41000-memory.dmp

Filesize
4KB

Download