538c188e33755f4fdfc5635bcb89a911f511df6b058cc0a832dd7ce30eb42cf2

Analysis

max time kernel
1799s
max time network
1749s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
23/02/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NeoWare v1.3.zip
Size

29.4MB
MD5

827e035ca61e2578fba244028d1db1f5
SHA1

3fb3c5c760fa0556a02f990ac9afad9f6faf6321
SHA256

538c188e33755f4fdfc5635bcb89a911f511df6b058cc0a832dd7ce30eb42cf2
SHA512

acb11a3db12d166abec01c9810dbf13f291b749728712f41c2b438a0239123affdf626ef05fb0cc0c4220b05d366c7bf14cc9937ce1c20fb39749b4a7ef9f39e
SSDEEP

393216:taXzBUN/qE7TBkxtUjFPY57X/qKCTqrvAwEX9OpgFeUc5tO6I0hBTTueFGz3KCq+:t8u7KxtUyh/GyEX95oX5DBpGzxqeFIa

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Control Panel\International\Geo\Nation	prismlauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Control Panel\International\Geo\Nation	prismlauncher.exe

Executes dropped EXE 7 IoCs

pid	Process
1408	prismlauncher.exe
1172	javaw.exe
588	javaw.exe
1568	javaw.exe
2780	javaw.exe
4448	prismlauncher.exe
2624	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
3108	MsiExec.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1172	javaw.exe
1172	javaw.exe
1408	prismlauncher.exe
1172	javaw.exe
1172	javaw.exe
1172	javaw.exe
1172	javaw.exe
588	javaw.exe
588	javaw.exe
588	javaw.exe
588	javaw.exe
588	javaw.exe
588	javaw.exe
1568	javaw.exe
1568	javaw.exe
1568	javaw.exe
1568	javaw.exe
1568	javaw.exe
1568	javaw.exe
2780	javaw.exe
2780	javaw.exe
2780	javaw.exe
2780	javaw.exe
2780	javaw.exe
2780	javaw.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
2624	javaw.exe
2624	javaw.exe
2624	javaw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
192	1200	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
136	raw.githubusercontent.com
137	raw.githubusercontent.com
138	raw.githubusercontent.com
139	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\jaas_nt.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-file-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-crt-math-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\symbols\dll\jvm.pdb	javaw.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-crt-conio-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\sunmscapi.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\unpack200.exe	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\msvcp140.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\rmid.exe	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\freetype.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\jfr\default.jfc	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\fontmanager.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\verify.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\sspi_bridge.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\ext\jaccess.jar	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\psfont.properties.ja	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\jsdt.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\ucrtbase.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\resources.jar	msiexec.exe
File opened for modification	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\dll\jvm.pdb	javaw.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\ext\cldrdata.jar	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\psfontj2d.properties	msiexec.exe
File opened for modification	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\jvm.pdb	javaw.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-debug-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-string-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\security\policy\limited\local_policy.jar	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\cmm\GRAY.pf	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\THIRD_PARTY_README	msiexec.exe
File opened for modification	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\calendars.properties	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\j2pkcs11.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\accessibility.properties	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\jsoundds.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\ktab.exe	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-handle-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\jawt.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\hprof.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\jsound.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\sound.properties	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-console-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\security\cacerts	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\w2k_lsa_auth.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\npt.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\j2pcsc.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\images\cursors\cursors.properties	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-localization-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\hijrah-config-umalqura.properties	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\server\Xusage.txt	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\nio.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\management\jmxremote.access	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\api-ms-win-core-libraryloader-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\NOTICE	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\charsets.jar	msiexec.exe
File opened for modification	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\server\jvm.pdb	javaw.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\images\cursors\win32_MoveDrop32x32.gif	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\vcruntime140.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\ext\sunjce_provider.jar	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\cmm\LINEAR_RGB.pf	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\lcms.dll	msiexec.exe
File created	C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\ext\nashorn.jar	msiexec.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{57FD9F55-A554-4B23-82CC-7780202BE277}	msiexec.exe
File created	C:\Windows\Installer\e5b0a8c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC22.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFEC.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\{57FD9F55-A554-4B23-82CC-7780202BE277}\logo.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{57FD9F55-A554-4B23-82CC-7780202BE277}\logo.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0a8c.msi	msiexec.exe
File created	C:\Windows\Installer\e5b0a8e.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	prismlauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\55F9DF75455A32B428CC770802B22E77\ProductName = "Eclipse Temurin JRE with Hotspot 8u402-b06 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	prismlauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\55F9DF75455A32B428CC770802B22E77\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\55F9DF75455A32B428CC770802B22E77\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	prismlauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\55F9DF75455A32B428CC770802B22E77\PackageCode = "40199EB8737742C4993429EBEE5DA573"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\55F9DF75455A32B428CC770802B22E77\FeatureEnvironment = "FeatureMain"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	prismlauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0268C047917C041EA1674A15337611A2	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 4a003100000000005758c960100062696e00380009000400efbe5758c9605758c9602e000000f5ad01000000060000000000000000000000000000007f808c00620069006e00000012000000	prismlauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Eclipse Adoptium.jarfile	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	prismlauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\55F9DF75455A32B428CC770802B22E77\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\NodeSlot = "9"	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	prismlauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\55F9DF75455A32B428CC770802B22E77\FeatureMain	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	prismlauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	prismlauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	prismlauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\55F9DF75455A32B428CC770802B22E77\FeatureJarFileRunWith = "FeatureMain"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\55F9DF75455A32B428CC770802B22E77\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "7"	prismlauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	prismlauncher.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OpenJDK8U-jre_x64_windows_hotspot_8u402b06.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OpenJDK8U-jre_x64_windows_hotspot_8u402b06.msi:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1408	prismlauncher.exe
4448	prismlauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2444	msiexec.exe
2444	msiexec.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1408	prismlauncher.exe
4448	prismlauncher.exe
1596	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeDebugPrivilege	2804	firefox.exe
Token: SeShutdownPrivilege	1200	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1200	msiexec.exe
Token: SeSecurityPrivilege	2444	msiexec.exe
Token: SeCreateTokenPrivilege	1200	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1200	msiexec.exe
Token: SeLockMemoryPrivilege	1200	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1200	msiexec.exe
Token: SeMachineAccountPrivilege	1200	msiexec.exe
Token: SeTcbPrivilege	1200	msiexec.exe
Token: SeSecurityPrivilege	1200	msiexec.exe
Token: SeTakeOwnershipPrivilege	1200	msiexec.exe
Token: SeLoadDriverPrivilege	1200	msiexec.exe
Token: SeSystemProfilePrivilege	1200	msiexec.exe
Token: SeSystemtimePrivilege	1200	msiexec.exe
Token: SeProfSingleProcessPrivilege	1200	msiexec.exe
Token: SeIncBasePriorityPrivilege	1200	msiexec.exe
Token: SeCreatePagefilePrivilege	1200	msiexec.exe
Token: SeCreatePermanentPrivilege	1200	msiexec.exe
Token: SeBackupPrivilege	1200	msiexec.exe
Token: SeRestorePrivilege	1200	msiexec.exe
Token: SeShutdownPrivilege	1200	msiexec.exe
Token: SeDebugPrivilege	1200	msiexec.exe
Token: SeAuditPrivilege	1200	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1200	msiexec.exe
Token: SeChangeNotifyPrivilege	1200	msiexec.exe
Token: SeRemoteShutdownPrivilege	1200	msiexec.exe
Token: SeUndockPrivilege	1200	msiexec.exe
Token: SeSyncAgentPrivilege	1200	msiexec.exe
Token: SeEnableDelegationPrivilege	1200	msiexec.exe
Token: SeManageVolumePrivilege	1200	msiexec.exe
Token: SeImpersonatePrivilege	1200	msiexec.exe
Token: SeCreateGlobalPrivilege	1200	msiexec.exe
Token: SeBackupPrivilege	344	vssvc.exe
Token: SeRestorePrivilege	344	vssvc.exe
Token: SeAuditPrivilege	344	vssvc.exe
Token: SeBackupPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	4964	7zG.exe
Token: 35	4964	7zG.exe
Token: SeSecurityPrivilege	4964	7zG.exe
Token: SeSecurityPrivilege	4964	7zG.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe
Token: SeTakeOwnershipPrivilege	2444	msiexec.exe
Token: SeRestorePrivilege	2444	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
1200	msiexec.exe
4964	7zG.exe
1408	prismlauncher.exe
1200	msiexec.exe
1408	prismlauncher.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
1408	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
4448	prismlauncher.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe
1596	taskmgr.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
1408	prismlauncher.exe
4988	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 1636 wrote to memory of 2804	1636	firefox.exe	74
PID 2804 wrote to memory of 4516	2804	firefox.exe	75
PID 2804 wrote to memory of 4516	2804	firefox.exe	75
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 4116	2804	firefox.exe	76
PID 2804 wrote to memory of 1316	2804	firefox.exe	77
PID 2804 wrote to memory of 1316	2804	firefox.exe	77
PID 2804 wrote to memory of 1316	2804	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\NeoWare v1.3.zip"
1⤵
PID:832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.0.286187383\3444883" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aba78028-fe6c-4b4a-ad6a-b80f414b9896} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1824 1b4b41f3058 gpu
    3⤵
    PID:4516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.1.914013439\1553800961" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {443b8ebc-474c-4079-b1ef-6a695bc8ba93} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 2180 1b4b40f9258 socket
    3⤵
    - Checks processor information in registry
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.2.2029300882\1619528772" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2788 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e4faf14-dd34-47b8-8534-345ba594c820} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 2888 1b4b84ba458 tab
    3⤵
    PID:1316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.3.1984311665\524587666" -childID 2 -isForBrowser -prefsHandle 2320 -prefMapHandle 3176 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3202be1f-a2b8-4d95-b4b4-7058e6cda6aa} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1008 1b4a1e67558 tab
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.4.1919947823\748788076" -childID 3 -isForBrowser -prefsHandle 4408 -prefMapHandle 4368 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81ad8829-037a-4c96-9e4b-220fa92436e4} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4420 1b4b934ea58 tab
    3⤵
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.5.1360861517\1923060438" -childID 4 -isForBrowser -prefsHandle 4808 -prefMapHandle 4816 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {584e9f43-adcb-4b5a-a145-37605b0278af} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4484 1b4b8463658 tab
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.6.872827493\748731512" -childID 5 -isForBrowser -prefsHandle 4940 -prefMapHandle 4944 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d3fad1-66f7-430e-b9ff-c1735d2b8921} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4932 1b4b8462a58 tab
    3⤵
    PID:3912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.7.235128102\627037348" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bce7c10-4dce-4177-bf61-32f50da049c9} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4484 1b4b8462d58 tab
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.8.563558415\632646666" -childID 7 -isForBrowser -prefsHandle 5704 -prefMapHandle 1664 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d770d15a-a970-4018-9989-00b81e28e5df} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1692 1b4bc7ebd58 tab
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.9.1760648012\1146906141" -childID 8 -isForBrowser -prefsHandle 3084 -prefMapHandle 3804 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b98edf81-d7f2-4038-83fc-401adb5f16f7} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 3068 1b4a1e5d658 tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.10.417423078\1580062090" -childID 9 -isForBrowser -prefsHandle 5256 -prefMapHandle 5272 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a42a5c0a-e14c-4d28-8685-14d28e7dccba} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5128 1b4ba6e0558 tab
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.11.2044012095\1090963582" -childID 10 -isForBrowser -prefsHandle 5144 -prefMapHandle 5308 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2431ae66-be33-493b-82ce-65c2318be143} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5532 1b4bace1d58 tab
    3⤵
    PID:692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.12.1228959640\136935301" -childID 11 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8542f54a-1b9a-4715-88a8-9ad0ed473434} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4924 1b4bd69d858 tab
    3⤵
    PID:312

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\OpenJDK8U-jre_x64_windows_hotspot_8u402b06.msi"
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1200

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2444
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5068
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DB12658B09DCB67B758D78D0FD8FD737
  2⤵
  - Loads dropped DLL
  PID:3108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2944

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:344

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\" -spe -an -ai#7zMap14970:140:7zEvent20237
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4404

C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.exe
"C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1408
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  PID:836
- C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1172
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  PID:5040
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  PID:3028
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  PID:1404
- C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:588
- C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/JavaCheck.jar
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1568
- C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe" -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xms512m -Xmx4096m -Duser.language=en -Djava.library.path=C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/instances/1.12.2/natives -cp C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/NewLaunch.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/jinput/jinput/2.0.5/jinput-2.0.5.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/jutils/jutils/1.0.0/jutils-1.0.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/lwjgl/lwjgl/lwjgl/2.9.4-nightly-20150209/lwjgl-2.9.4-nightly-20150209.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/lwjgl/lwjgl/lwjgl_util/2.9.4-nightly-20150209/lwjgl_util-2.9.4-nightly-20150209.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/patchy/1.3.9/patchy-1.3.9.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/oshi-project/oshi-core/1.1/oshi-core-1.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/dev/jna/jna/4.4.0/jna-4.4.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/dev/jna/platform/3.4.0/platform-3.4.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/ibm/icu/icu4j-core-mojang/51.2/icu4j-core-mojang-51.2.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/sf/jopt-simple/jopt-simple/5.0.3/jopt-simple-5.0.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/codecjorbis/20101023/codecjorbis-20101023.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/codecwav/20101023/codecwav-20101023.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/libraryjavasound/20101123/libraryjavasound-20101123.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/librarylwjglopenal/20100824/librarylwjglopenal-20100824.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/soundsystem/20120107/soundsystem-20120107.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/io/netty/netty-all/4.1.9.Final/netty-all-4.1.9.Final.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/google/guava/guava/21.0/guava-21.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/commons-io/commons-io/2.5/commons-io-2.5.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/commons-codec/commons-codec/1.10/commons-codec-1.10.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/google/code/gson/gson/2.8.0/gson-2.8.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/authlib/1.5.25/authlib-1.5.25.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/realms/1.10.22/realms-1.10.22.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/commons/commons-compress/1.8.1/commons-compress-1.8.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/httpcomponents/httpclient/4.3.3/httpclient-4.3.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/it/unimi/dsi/fastutil/7.1.0/fastutil-7.1.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/logging/log4j/log4j-core/2.17.1/log4j-core-2.17.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/text2speech/1.10.3/text2speech-1.10.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/minecraft/1.12.2/minecraft-1.12.2-client.jar org.prismlauncher.EntryPoint
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:2780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:32
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.0.1015947669\2001733651" -parentBuildID 20221007134813 -prefsHandle 1632 -prefMapHandle 1620 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eb5c04d-1744-42f5-baff-0ea9000a1232} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 1720 1e5770e4758 gpu
    3⤵
    PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.1.473625526\2029639794" -parentBuildID 20221007134813 -prefsHandle 2004 -prefMapHandle 2000 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2a9182f-a88d-4eb6-b422-4795671792ba} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 2016 1e56c2e1458 socket
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.2.1825623503\2028342916" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 2712 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {986dc596-73bf-44f7-bf74-fd64047741f4} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 2564 1e57755e758 tab
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.3.1647509153\577023345" -childID 2 -isForBrowser -prefsHandle 3232 -prefMapHandle 3212 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbaf312d-72e2-4ff2-a380-833c0aac0cf7} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 3220 1e57bdbd358 tab
    3⤵
    PID:2284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.4.307625640\1229512720" -childID 3 -isForBrowser -prefsHandle 3940 -prefMapHandle 3936 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3431d170-d322-47c2-952d-ec812d8a0afa} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 3948 1e57d096258 tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.7.1725287763\1659469032" -childID 6 -isForBrowser -prefsHandle 4792 -prefMapHandle 4796 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {272ba6c2-6228-4f75-bd28-e2ce3cd13e1c} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 4784 1e57d3c9958 tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.6.2085427238\98276995" -childID 5 -isForBrowser -prefsHandle 4604 -prefMapHandle 4676 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7555832b-ce22-42b3-b634-32920f35b54c} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 4596 1e57bde7058 tab
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.5.1434463767\24484462" -childID 4 -isForBrowser -prefsHandle 4316 -prefMapHandle 4396 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5605ae47-4449-4710-9caf-67857cee64b0} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 4464 1e56c265958 tab
    3⤵
    PID:760

C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.exe
"C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4448
- C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe" -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xms512m -Xmx4096m -Duser.language=en -Djava.library.path=C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/instances/1.12.2(1)/natives -cp C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/jars/NewLaunch.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/jinput/jinput/2.0.5/jinput-2.0.5.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/jutils/jutils/1.0.0/jutils-1.0.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/lwjgl/lwjgl/lwjgl/2.9.4-nightly-20150209/lwjgl-2.9.4-nightly-20150209.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/lwjgl/lwjgl/lwjgl_util/2.9.4-nightly-20150209/lwjgl_util-2.9.4-nightly-20150209.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/patchy/1.3.9/patchy-1.3.9.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/oshi-project/oshi-core/1.1/oshi-core-1.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/dev/jna/jna/4.4.0/jna-4.4.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/java/dev/jna/platform/3.4.0/platform-3.4.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/ibm/icu/icu4j-core-mojang/51.2/icu4j-core-mojang-51.2.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/net/sf/jopt-simple/jopt-simple/5.0.3/jopt-simple-5.0.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/codecjorbis/20101023/codecjorbis-20101023.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/codecwav/20101023/codecwav-20101023.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/libraryjavasound/20101123/libraryjavasound-20101123.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/librarylwjglopenal/20100824/librarylwjglopenal-20100824.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/paulscode/soundsystem/20120107/soundsystem-20120107.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/io/netty/netty-all/4.1.9.Final/netty-all-4.1.9.Final.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/google/guava/guava/21.0/guava-21.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/commons-io/commons-io/2.5/commons-io-2.5.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/commons-codec/commons-codec/1.10/commons-codec-1.10.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/google/code/gson/gson/2.8.0/gson-2.8.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/authlib/1.5.25/authlib-1.5.25.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/realms/1.10.22/realms-1.10.22.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/commons/commons-compress/1.8.1/commons-compress-1.8.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/httpcomponents/httpclient/4.3.3/httpclient-4.3.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/it/unimi/dsi/fastutil/7.1.0/fastutil-7.1.0.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/org/apache/logging/log4j/log4j-core/2.17.1/log4j-core-2.17.1.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/text2speech/1.10.3/text2speech-1.10.3.jar;C:/Users/Admin/Downloads/PrismLauncher-Windows-MSVC-Portable-7.1/libraries/com/mojang/minecraft/1.12.2/minecraft-1.12.2-client.jar org.prismlauncher.EntryPoint
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:2624

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5b0a8d.rbs

Filesize
51KB

MD5
981d612a93d7484d2f598096ffa045dc

SHA1
ebefdea8a59dc42ceec687b05469086d543c6bea

SHA256
1719c7c10914048a07abbb7996082255f8c86bb6e3bc456f5572edc73788f79b

SHA512
9dc65796cf3405b54e56ae0ef5313bf54bc213d613c1292136b13fde289692fa4ecc2e3e1adc7a1c32de067ebbd53f403b5170060e5f43f2b8324d63f38d396e

Download Submit
C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\java.dll

Filesize
163KB

MD5
050951465ef2419d513246a6df212794

SHA1
03992dc706cdf15d5b1d206f63a079e39ea50805

SHA256
217cda23a0b12a2b8f3ae01214e065a71d2002817c259e15153e93deb58ea576

SHA512
b6bb9e6c6eddded6c16f5e32e8a4443fed2e4e98019020c4c92cf93366b10d911b1aa595a90457e07f9a8068ca1ebd30b7bf83c46be5128b22afd066d9e8b0fd

Download Submit
C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\javaw.exe

Filesize
307KB

MD5
6fa60b49429794b3b42bc97bdd390ca3

SHA1
120861e3343e76a49d991cb1270241553dccecfb

SHA256
bf0801ddc8f5b03a867ad3017bf2cbd6bbbba6571f4d30eafcba31a3f38e3077

SHA512
dd05a0db6625cf48cee82d4cbecca69ada2e3ce09ecda3d417950cd098962c359edf4389b45baed8b66ece14f7f1610ec29e7082e2cc9ffbfbd11b125a9d6546

Download Submit
C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\msvcp140.dll

Filesize
384KB

MD5
678781fd3104bb86f90f19fbdf504a3f

SHA1
a860a6be5b477e0466413770ada93fe97afc79f4

SHA256
c3eede87b1ca868de5e84f3f8dae623039541d500c64f754d10249d56155f725

SHA512
db76924863cd1099a9f5a229907c0808d454b6da6f13c765e01cfab15c7bf8343e146e2af8a5c8ccafdef0cc972729580581aa5dce04916f93102667b1c3f0e6

Download Submit
C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\zip.dll

Filesize
87KB

MD5
b830eb5fabbbd5ee8213208867d754fc

SHA1
632d7033527ffbaa1457410c125283f9961d9c63

SHA256
b412eeefdec971ca20016711bd7fc8682c99b20512013dcff6143a22f02e7fbd

SHA512
4e6c8e3fafff5667c1c5ae5d97f14f4ebf6161b1cee66c5ceb821e33da3c33fb7119b9e098146370bd69d920ce3f9f75eaf9d2761bb95b60667d436fd7f6d1d3

Download Submit
C:\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7BC5F90409EE2E35163A2912D5491BD6

Filesize
727B

MD5
ca2fdd357a19905c4cd497f0df802256

SHA1
001bd857d863b9e5d49d2b7dc43e43cda1fbdedc

SHA256
78cfc224fbb27d643a557456237a087b6fa50b89215f1642f93bb2100d52638f

SHA512
20c381bd76b678c9252b8ab3a8f647d6e940acc284dda81704ee3fb31f679493e8fbfaf8db13b49b07896787aa858d28332e154dae3a31cc2ad934c4a4709ea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7BC5F90409EE2E35163A2912D5491BD6

Filesize
404B

MD5
bb4a8e21bba6deac7cc421046feebd9a

SHA1
2dbc366b11e861a7b10442f0f8bb8bcc6438ec2d

SHA256
5ce18e0169e81b31ec1b9dae1f37fca6cd03c9cb3dce26093dbeb1309881aedb

SHA512
b03356551c60bb9570fef6e391aeb93a659ab604c86d9c2377fcf10d598589829492a41787f4d8ded7a05331121a604fdc44321d373bfae9587561c3c5f4486a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\doomed\10903

Filesize
8KB

MD5
742a454937e5d12153f497b955a6c37f

SHA1
76a21c3ce699bc705d3d95ae5cd725ea35483f6a

SHA256
55f00d06b4866116de329ea9ae48d83bdd1e40e9c47bfcd2bff38e79210fd409

SHA512
b0baeb0a5efebabcaf345058aeeaec1e479544aa711bcdc4fc69126c14faf9feb2f693a647a13402383d4416b80be6c62b3f71c561fe6bc779f972dade104cb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\doomed\11861

Filesize
10KB

MD5
d0bd43ea237db6e1bfad7bc87bb1ac9c

SHA1
9e7a837e3e52a152a44cdfe94b410da7adb02a63

SHA256
e4065234a974ef2fbbd0d6fb88fea034075973e40ce47ec2db5d7d6861983e90

SHA512
23a1c6431058d863f7c081d5ca80b5e42a1911e3c93cdfee39f6e643c2fcec069ed18ffabf2a917c4aaf275474f851edba644df5feb54153e7fec8f0c10d14d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\doomed\14622

Filesize
15KB

MD5
fcd7db4b36b694e433ad9b56670fdaa0

SHA1
61f922d8f35b7a266e786033695f2fc5277ec90a

SHA256
a532d92596a435b7c5918efb03cbf914ee6d535abe87357e0fcaaab51ed60f5a

SHA512
2416e4852e232ce68f56c3500b41202662f3db29a6b94524a633875b8fa4d1ef625bc7a78ab14a4a1f3158a66aca90ef5db0119d8f9cb20fb5ab7b5e6456dd1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\doomed\30608

Filesize
8KB

MD5
29ef5f348ae2507b73a1197caa416b6d

SHA1
29ef43fda427a14d7dab0fe5f77a2bf1c287bdbf

SHA256
3efdc78a698517cca300fbbdeccd3273421849e8a127cea13b550ecea0da5f76

SHA512
3a9192ce2e241cf22318048db847fcb7a1b626c9459056bf9f6eae2d20141f56c541083cb3cb59b995b253f9e28d38e10bb0873f5bc54c0c070add839ea60436

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\doomed\31099

Filesize
16KB

MD5
ff53b36218627fe1b36f197a8dff47c9

SHA1
e268124aa3511c3b659aa3b4006461932c831956

SHA256
ab12915b75d854c1b9bc3e7ab10901652392b40b312973906fa4f727000ff0fd

SHA512
96e601930b8df5e6dfca60253ca0d8564dc210397793edf115bb13b04a3db8a05830869814be70bb568f95aaac97a6da4484cb700c760c494c7682c603ca6c4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\doomed\490

Filesize
8KB

MD5
b24f791f332a8e746ed23e07c34b41ed

SHA1
172faff9ceebd789c17e4995f5f4312a3f75a0a4

SHA256
d7662e0671f4868227904ce3fcbf509f4a960ff65165011068dbaa28c9db3836

SHA512
321ce926472897b50bb93c1f1bc29a1c53a0d2e16e66ebf35e76d2710da61a56dd38e78d72f8c29249dfb06bff677db9c0a540d724b20298c6035fd81a19c5b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\entries\2E314F996749FC2961ADDA5FEBBF4D8F72D1129B

Filesize
79KB

MD5
bcff949d192a0e3d66ec009ace66b037

SHA1
4ed650a6f477c601f6866273bb39bce5cfe87832

SHA256
cacfe944e869d62776f58db36d0e8c79f089dc4dee7fb5c73e4735f72c7894eb

SHA512
e42fb0a23f06556b4110ae63955eae41b6a7613ced739f5ab4f14d69dfa4fe4dc9340b709295665f45a1ee714f7fcdf82ed553174946cb273aa1f2354b7d914e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\entries\50A63A2998FC18A2B4EE131F466727551D65BD8D

Filesize
57KB

MD5
f6a494027bc997e7d0b23c2a39af3fee

SHA1
834c1b7a42a13ef6cb59fe15b1879e3bb675c191

SHA256
825c6bf757f40394432fa800103077749add3423f05e63173e65b694856cd367

SHA512
98e07fa7a76a6103b777e7aed8ad68310f8e1b8e690d4a8c050b8fc865f05a6d190655051002fbd9059710e538d009ce46f35eb9241430c52feef2440f3a56d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\entries\8DD38B1D2E458601D2CA0C084D148B982678448E

Filesize
204KB

MD5
74f8bb959fcf816614185dd362c1ab55

SHA1
15e828b78ed49c34143b754faf35dc15b87f31da

SHA256
e5d3b87cc499aaf8eaded18a5979a260bd442534b8103f9ceb6d6bbcdfaa1235

SHA512
6ad79aa7e1fd4108625a1e38c1862e8e2f49cd40b31f29be204d569c77390e7a9606e7d06ba124bd9d6c480c645873f0a39669851ee3c339ae902d8711549286

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\entries\E27904A1EDEFF3C2F8DBFB23D08310277323C1B1

Filesize
188KB

MD5
5fe743f48db01290fcb16168f7ed0808

SHA1
41cc01ac8390a54d9229f7cd1a3f990ebda9119a

SHA256
e3d5c9e68e27d119d8b4723d0f36de8e0c629a2a2bce9b73a614528f37624e57

SHA512
7527ea2ae76d1aaa20ac629d78c06abeb2039542a7a2e0b3cf275e6091c41d54b6937b79049b20093ec14ad870ed2b2f2a7d90f3a950ffbb7a26e70fff9c91cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\jumpListCache\fgJfYFjbtyEx1oxOf1vDLw==.ico

Filesize
2KB

MD5
4207374b9344baf79e8dbfddfa94490d

SHA1
5df06b69605b8f1536984c6f51ffd7fb8d37ff2a

SHA256
97d4fe0f2ea2f34b9ea36390140f0f3db0983dd4c73f62bf55620d2c62df9dac

SHA512
97157c269d547d88ba1196cb8869ddf2857fe161d47495f4c4de1ccebc1aa109dcc82f2f12cbb1307436d75c6af92610c7d0ff70b960e1d169b771d9a90e0a2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\jumpListCache\j6sg_eGxcxu2aS2mZOtWYg==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.9MB

MD5
ca45866f4101533f35eb6ba0fae4f607

SHA1
7c7d27b37b480b6204c086cdd7d479cc573ee88e

SHA256
6701fb1b46cba1354612a764b28524d0b1491710c61f841081aeaf269ed13c34

SHA512
792f1764d23fe18e3459d6114abc6a13fc0ac9f1c4011541f4616a147b60dcbf26618009df08a267a267eccd6b4d4fc638fe103db9be556c2b2fbfe31cdd7a36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
160aa69c723265af01b1602ffd8a74f6

SHA1
5ccdbf550fbac43f170884f67409b3fa64e070fe

SHA256
898d695d2852701cbf409252ed2e9b096b721090ea72c9bed39b0f42023d9e43

SHA512
0ff8fc7cbc1c471e61b8f7f8cc5a4815efdff6f464a3bc103568ec1988246b9ea22e3df28b26e01e41a399de439f3c0384dd7568fa1497fc7942fca5179f315a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
698224549e2442bd6fc8a64866ea1a3c

SHA1
a495096d5c5cd6cf6622692a27c25db321eaccc0

SHA256
28ea8eb27ec017ed494fb577f6cbe83a7d921d354867dfe79989638ecc2dcb6b

SHA512
99c5152aff5b4309c57f4ba8ac780b52d5c02fc951dbb2cf51009f355471cebb48f09f51e150a72502458daf54e2d6297d243386b67b8fc7ecfde8a3ba31b08f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\SiteSecurityServiceState.txt

Filesize
876B

MD5
bcbd2883746eebcb7dd5fc67bb207ec6

SHA1
0537e948fbe05539d6971d13dbf7d23d690e238d

SHA256
a0dff277574759ef97135cbb58899937e1defac4d9a189fd542d0b1d55788d90

SHA512
e3afe80365a9bf9ba48ab18d07e51039bb3cb090e94358b93388faaf23e2f29bf9b286cb97c87210bc6870ddf7bb09473b01a76a3d946e778f5cca05f74e9c53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\bookmarkbackups\bookmarks-2024-02-23_11_087+VusIGNQ8R2wZwrLagA==.jsonlz4

Filesize
940B

MD5
c982e05aed6c0edb437422afead8863a

SHA1
42af5b7f35f2e7840a9b7ba26dc1384f8993e25a

SHA256
fa14b47b9bb1329434bff547147e2bbe1859494a55f81265473c45b5a1a003a4

SHA512
34e6b36c84a7545280716b2a824bb837c5ef992a76a4ef2257ed99cadc69670989a20740d5c405197b6156ca1d3667c6c6cd37804a035efa3523fe898e1882e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9da2673680e1566a93d9fbf448caa6dd

SHA1
aae7ac6748b084628a9549664e6cd19cc1aa1ad3

SHA256
921e1f32fe1e0881a42439e12466127205dacefa04034efdce9bf80eceeda7b7

SHA512
cbd0fa67d099cf23c9ae3010739b9e3e4efd3f1bdc4103b62f887af0630d2b042e3b33761a77c172140cd01b745c10c0b6b1a155048ddaa931a838c2f6e89c37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\db\data.safe.bin

Filesize
5KB

MD5
7b761adfedd88618e30c8577381ccdaa

SHA1
b9baf24a320af02f3fb8f62b68f9da806f3896e5

SHA256
0db5cce8f44b04cffacfe21a711d80c4473698cd35096779f09c8734c23aeb91

SHA512
9fb656ef8a44f6ed826b52b50106a5c2c56f883555b23bdc95038d6d844cbe497ad22a0416a50cb03411b8f926824c8065869d2545bc5f5a830f8ce1f6cceaf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\438a1bf6-7bac-4a1d-94dc-eff92ecc45b3

Filesize
746B

MD5
9432a3d4512383aa51abc5b4d073df6b

SHA1
37f6b30cae0189611b4126292a8bcfb379dd8cb0

SHA256
1dbe9c76bc1a1b2fd8615e66a8b7683010c4baa074cf7772f3e822cf3878cdd0

SHA512
518383892ea37180febc3f39d261aa7abb6039afd2d02ba1739f461d609931d7860574aadd5c9f09653be27bc70ed0ccf81f3859e79ca2e6d7f984f13934e88f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\62999dec-1320-44c3-b14c-e17dcca92a6d

Filesize
10KB

MD5
0371ab90bc30cd6ddc94e4afde002f5d

SHA1
7b2a4bd7bada9afd6a76bcab5cb841e639948406

SHA256
ab878d8ce39ce19ed8b675559e57760df9ebbbdc4cf909a09dc70fe83fa0098e

SHA512
680d01a86f47cae393aafd01ea813bb6a33970e8ac0e0f35707c1ee6165de71ab9766989b453eb8836010575cb4296ad42a754d4691cba2fb73a7febd92fd31e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\bc0cbd73-7d7a-44e0-bd4e-62f1bb64cf12

Filesize
1KB

MD5
b0f0923b47541f29449a553019f3b04c

SHA1
518aad35e9a19d768abac51d1f249bc56061bc71

SHA256
1a06e9356d51d9e0feb9b27329ddb7581890fd8bdb4006ab0db5f646a162d901

SHA512
9144ff38ea830f8a641e84bb9d8f94120dcb72c8548b844d384f6ad8c27d8fb7494bf3182d62863eeef1020ffa7ee9435d37ec23a98db4bc25a646785adc449d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\e02dd883-c665-4e92-9f99-bfbf1db62741

Filesize
791B

MD5
2be08c6153f616ba4e6d1c950098fe59

SHA1
bd2e8576948bcdf370e89371e5be740a1aafa8c1

SHA256
c14bdddb5f633150269ff63460241b517ee8f26780ed8964531e64d76dd032f1

SHA512
5d728d4fa60cfeca809e724c64d66e73d10a2b1f0034e70861271ea818eb21f7e230c04223e61bc15cf7367f3de6247355680dd36da2d3d7e3a02811320c67a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\extensions.json

Filesize
36KB

MD5
d8ffe3c778a86fde27c5a6897ad3a169

SHA1
def46c440f1703828b0938b20a69c012d7b0847b

SHA256
ddca7f553a00845ed5f0d6206b72096a4ff53349249462e0ae21a7f63ca1d558

SHA512
3186d2c6fa0d2bdab6c15e0646735849db135c8d4e6171138c798967cd7a674cc5ccac8b43d4fe057702b8982034d2efabcb66b3ec7a25c2d4ae88af8adc9c31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
2.9MB

MD5
7d4f6b4769ece8b3c040d03ace5b23c9

SHA1
58407d3de96ccd11691c43247cc3c9c33d16a127

SHA256
ee0ba0b44a2769e8fa95447706ff6ad66178430e51543f4314701b13a20cde76

SHA512
49f30f40e26130befaee1bedddc5f885a8f7233656ebfa545d6a014ebc5e056c9f96bbda56e643fb75303408545b63afd2a6761bea35f61593331a522c6703e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js

Filesize
7KB

MD5
91135200129afa60f1fb940ae0d7ef80

SHA1
6edc58de2ce1889ccf6ee1df8cce0321c50c7950

SHA256
5d87df85d9384ba475607ba3b54be8d4e8c97ce42c41fa8de6a3061a8cd35a45

SHA512
7c3baa5afc5c59529ec0acf84381a1b808e40f6bbc4d7aaf9d0280ffc80f12c8b3d649efbad113f34a3e5d97032b6146d43c3cb51dd19142020c806ac698a7b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js

Filesize
7KB

MD5
af3a518663f6a551cdd4c142d812ba7c

SHA1
96fd97deb4da96f271567c1b80b1b151efb6b356

SHA256
67f542a3d5d471488b07857ad46050c02628191214c838d41173f16cbdf9d585

SHA512
64f69bfeb028f5d7500a10a73ca8d855aa75eb2f9123142e150272f4608f6b137bf96b6de6861eb1f192b7b445f5f25f51aafb750b5b7ceaf8b796d92051cf78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js

Filesize
6KB

MD5
26768add36630c2d96ab8a25f1f0adb5

SHA1
b448eef60dfa53212791be03af45b130ca668fbf

SHA256
2cd9858674eaec13485662b6f8da80cda8eefa5372a4da99a4d555224d918f89

SHA512
5460cc6c4aebcd569c2b32e95045a347b964b990d0d2ce1371256251f5a0fcd59e8f947dd864ef92f6464077720f1b3c7e36e0b7e6985252732d5af6671c5d37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js

Filesize
6KB

MD5
81fa060a0fdd486bef9b3c08ed7910af

SHA1
3ed750f6a69dc19f0820e2900249c5c5769f83c2

SHA256
5538cc434a1dff2379e5910ad788ee79beb9494c5b11601f5eaca3c465b7e36c

SHA512
18841fe55ae273f1aaacf1fc3141069e388e64204746f4b7e8d70b57884673a6e542df4d9b6c1c68cba3248de62e20c4d1ebb5a7e40a0b520de29b66b603e4a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js

Filesize
6KB

MD5
6df51e89278e0cfcb97b7eb0335e2fc2

SHA1
f47c971cd700e26e0991f30858345d0d54d7c925

SHA256
a517d90005b61e2b357eafb1737c35f2fd8ece8a2c0a77351022371c32ea21fd

SHA512
06b68e74a593231aafca4c1b7aeaa64cdd6dd8b855e5badd4cc85184854bd39817c204b77adb9b20daffaff8b44e84e21c6f779ff7c65e3a592fab65ab72ed84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js

Filesize
6KB

MD5
d55b1fff13e609b065df9338030c4a86

SHA1
34fda19d05fd803016411f6f27c3f65d2ece04f2

SHA256
228b273adb8ea8018fb74cc40fa3620fa1c121d378ec1b6fde044388be03b6ed

SHA512
9dd8dcc3291306f83a851dde1ae61bd3d2bec98ce6e83ebe67c126572dc9a0aea3fb773150d324f5a17aa56965102a7b3630e08d0c2458243c8648f1e6fe6bb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs.js

Filesize
7KB

MD5
8a432fe0afe7d094b2bcbad0b7e028fb

SHA1
d67ff0d1b32a371028b40c2becb62d411100dec3

SHA256
09620cd9ffc413fce75aec1a6653e5943c9ccc464454ef366d6ebb365156e648

SHA512
7f5302ce0a007c6101bf4bd16ee29987122e1dc35759e94ead030d026f6b19a95e0b6620497367c0fe8479951f36dec18346522f17b8ff2756a2e383456e64e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs.js

Filesize
6KB

MD5
90f00024d25300ce5e5666e9fd265f2c

SHA1
be36e5dbdf757ed7103672ff87cfb58a9027e5df

SHA256
87b4e7ce9c971856c4706039f5a9444b8abeab6b24f50cc46ed7352d503db440

SHA512
870bd0edd25854c3e788bf8998219e7adaf8b2b9f71757e63f0ee299cbe2adebe7d2452e32e43e160bd8e9a8a0a0c16ca0878599e08193ede67ff22a855c17f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
5bce373c9cf1078c6cdd1278d091c369

SHA1
9caf487739af45e885bf7fb1f2c97a488c706ebe

SHA256
780613be9856095ebf845c321ce1fc07ef1c672bf7b6888a35ac03712517a68e

SHA512
cc9c78014646ef1d47ec6718e9db00429f27c141b707f01899463cc340e95f56e1ce3e2601a0ba1e694bb53bafeb128ef6193a393b7d0dac69eb257376649e33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
eaad44e610640dc79b20ba204959597f

SHA1
274babecb9a62992628f48f95359eca9f5568e9d

SHA256
045d36e2fe514f2af1f57149dd399ce48f2101d565d2f0d6cbe0ecd82a487aff

SHA512
35a8172092022e39fe9c2656711f854a4ec7f35e3ee609fae9a3664b395733e6d24d27c5e2081de5ec7bc2a5f9471e3def4ce276405682a4331cb1fc093279ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3c75b117a75c7335ef645b003f024188

SHA1
0e438aeeb1f5e52aa4df0ca862ad782b52c2a2fc

SHA256
46b09155ca42aec0d0d6a65ba0761c7baeebb465e03002224ed8fdc0a40d8159

SHA512
3e78ace5bda1aa56a9c7d20b3a3e4e8b35a4953e18a9dccdbc8f45ac2f53dcbce956e5ecc8e0ab0c80987ab552f9318a825bb354bbb75e1595e31f7e9777f258

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
52be4f470e39e76d79e91a3ea00db71f

SHA1
b6d4f265abda7aa84684109c0983b099ec32c43b

SHA256
9ad76425f6190f73f4480c8cd7c3ecdc99820794363f81b3a48dfae9b6f2f719

SHA512
8487defbfc5f0dceb793fdf875c2bbc3f5a8fbe1f43abe624838adcdea4363c80d6a60235424c4a2d8e5d8196e7cece3852bce62c4d69605587ad65a05ff4bba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9fc2faf97d854abf699f04bad04c2159

SHA1
7723dbf7afd558cb9813853d3e0f5c94f65b6375

SHA256
84d2bf2eadacd519d017f0ca403291178ee016da6e27f83af810998ad603c4e4

SHA512
d029fb3219f02564a02bed1cc7507828a224af9c68052c754b30635662f9c0fa8ccd3b403d855a240de63cec9f40ea0869cde6d57b2b0f7aa31ba3b59dc19c38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6f4cde4f98d9503aae3af79607efb363

SHA1
b6e3801ace72f1ca72153712f3374ea6a1088424

SHA256
4a0cce42e6b52593b0338fa75c4c226d53952930bdce1b7f26a41200dd92c5c9

SHA512
b9f2c8058b2c7c735ec274409dfef208efbc79a7f46ffeeab5d04a6fb4e0f0ef8db6bd45548c550d92b8a9b5ac61020b6edb5d60114386d5715181e411222697

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
1247014519171fb602c9ab5b29d5df81

SHA1
97693a25df5236270e6e2b96f70eccc52cdba6cb

SHA256
8736ef65a05c36d0277e142bccb47c418e0f1a77afe0ca43405e61697353ae6b

SHA512
f4a6109fa03f3379a8af330c2bec5b70b78388d4faa38ae65f6b40aae8d93170e035070439c3aef9adbb077910aac254ad555d0316f5c54bf0b69c2ad1e9878c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
118d4e5c95d8ebb240e31181ce34ca30

SHA1
d572d76568baa9d13684dffa9ffe4f2f93ae8fcf

SHA256
31a305ecdcc939c7d224d6c3619da1db7f1eddcfc56c32a4277f519a2e9c6b9d

SHA512
c717877e06c951feb973fa05e901303723fff2e16735c1ff2bcf22b67636809424a176584f4f9f11f77280bf3c9447dd03ebc5566425cd3b6cb3352576e899dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
f966c085c2c9e57741b23c709916adc0

SHA1
1fe3ea6a25b554475df242cb6d7177f87d9ee1db

SHA256
797e30c33b193355168e8e96319c3a13282564afc09784c5215a65d3ae1a03d1

SHA512
676346f46fefb6ff79161ab1ed095aece08deca9649e41b350d2651721ba0adb384c2f9516d9278ad3468203b8a7ef0382e15ad10f7b407569211b63239653dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
901896fdd542d991e1d28c5f7946133d

SHA1
90369fa79bef2b28e3bf3219680d18f6f6f11de4

SHA256
57d2e2a4dc006c9a18a03d2d7721d481869ddda968393e840a191ac788e0fa76

SHA512
e88756fcbe66918324f34cb2e71f7497e9152ddf33e9813849c390c479143dcadf238ccb87e4e8be105845294446e8b2e0397438596f403453825935a3fac9a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
9ee7490fd2dfee13e319689c3aef4763

SHA1
5a6024fb837c2187247c283227fdcc4d97f1c772

SHA256
10f72696e39cf1a60abd4d1144b307a578eed7badfa5c6e43cd2dd64d4e2ea08

SHA512
9f5486f99de2215daaa0546790766663cde1adae51ac102c8e52f131c0f3e11576dad24abae38778155e4ec760edc08249b3dfe9a9c53eca0b17a7e4fe91f173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore.jsonlz4

Filesize
16KB

MD5
4cbeed874cab7c1fcd058ae46e8f3347

SHA1
96a49d9b7ff15e3ee11e1d9e6f9a5dca9ba926e8

SHA256
23e6a4a2122b63194ded355f9ebb38bc382155b77fe2ed8e8ffaf02bbc8b3356

SHA512
07e68dce3dc671ac63dd7a907c06159d4c70cfe48448b3f486764f1bc8ba5323b919275c98e01806cd591a5af3a35d0be8b2645729fb9135d72883e0b16beaab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\targeting.snapshot.json

Filesize
4KB

MD5
e446a23d8ce659831ef581ddc7166fd6

SHA1
b4eb6bf14989ebf440838c12500bed28f908fe48

SHA256
ccedf68c620126ee4134734c15cc51ad71ac902852e813c49cd3a8832e248c25

SHA512
2688972edf9a32f5e52a4b7d998752ca15eae2e9e20fb43280e6b0c3e172ac576a9fb4dac756e7bd491b10bdccbb3f8096217c1c9ae8693535c31c4b00e2b709

Download Submit
C:\Users\Admin\Downloads\OpenJDK8U-jre_x64_windows_hotspot_8u402b06.6yDZyYB6.msi.part

Filesize
320KB

MD5
aef6d64eee91857fd4286302ae63aa05

SHA1
83e9454bd57be26904fb204962d8892eeadee949

SHA256
d644884dc6c48a559638e29a9834c4a85e1b6c0f1cda06320fb59050652b2427

SHA512
5e85d1f46e9632f816edadd90d7b35bd98d78a219df75ec5a1886281ea7bdc3462d23be61fe124c25ee377a99cbd66503d315d6aa8427109eee47577bfc47f6c

Download Submit
C:\Users\Admin\Downloads\OpenJDK8U-jre_x64_windows_hotspot_8u402b06.cFiama3V.zip.part

Filesize
3.6MB

MD5
d9e8742dfbf9852f8ee1c2cd99d5e8c6

SHA1
914aa4c8db539122a189e769d9d88ef33b4f1445

SHA256
7027830a794bbad3968516797c88e6bae1da783eae922cf85730d7218c9c322a

SHA512
b745f8a2a2bd7edfbb73c819c2c315c7f046e1fe5dcb98bcf7f21f306833ade58ebdc771869ec1fe4a2968b1f2e2bf538edda95df5996b95aedd0e4458944ecb

Download Submit
C:\Users\Admin\Downloads\OpenJDK8U-jre_x64_windows_hotspot_8u402b06.msi

Filesize
14.1MB

MD5
a7974e54b88d41cdfa24c2d5f1bf72a0

SHA1
35ee1307b6e3be34737f2f7bbe42ba27342cd19e

SHA256
4872ae209d1b5373875ddab7f285655b1ec3e716c8bf1c6fd64b50888330c96c

SHA512
9f61782dba9cdc766d05fa5c3059cdd9d2f471789ebe1c10800c1ea77ab2681fc5960351dde95b0def7f2a413e627011b9bd3b8ed1ad1fad731d56e6f63b3d4f

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1.zip

Filesize
960KB

MD5
6d2d9da055563a13acce4be06afead25

SHA1
be9a0abce61ba926f78e36eae7e1211811090061

SHA256
48b9eccf9dae3bc3cb0e6debf157032df8aa5e1012ee46ffdfab0f27d9bf9612

SHA512
e58eb3adbd95002d31c9ca33e417027f52ce7c8d390286fa1feb3c24fcbe3c0a8a2ddc1cda12350a36ddfe4a4f73073a71ad34277740e8c0890fce4b5d7b7d37

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Core.dll

Filesize
1.6MB

MD5
30b157389fe5d3a44776be41dce9589c

SHA1
ca42fac12b3df2ad29e04f0908dfe198b7b6d46c

SHA256
ae78a85c6a5a0db81668a7ce20670c512eab7094e42e9d1be2b343ab194f42a3

SHA512
e8645a4ffb5ae1aa198760acba4fb150f0a5ed0e6df4960e65f0dbc174ce4c35df86e8e7f3a69b052da55fe67da97c225f0495070bea90fd463dc23b94eaeed0

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Gui.dll

Filesize
1.6MB

MD5
b214310b3c98dc506325f8ae93a432a2

SHA1
2090f9a15570c29ad623260eda93ff2ddef917ee

SHA256
a75693f52d1f39f7847ec76cdea5d88906f332a5e14f3456999aad9b822dec54

SHA512
b6c00390ec2444f79168feb1fa227b0b9cc653af3cc5020158d7f52b3d1f4449c5deae793d0e790788bd5df0eb5458c34e4697e21bdc80e1de313a50609a3534

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Widgets.dll

Filesize
1.9MB

MD5
74d09123f81afa22f87e82a2ff4573ff

SHA1
1e51235288c2ddabbbee7e48dd8aca85c4a38a27

SHA256
d97932bf21736577252bb835a58e9cbfb6612fd1c6f44b03fb0786642331eb21

SHA512
c8b4cee5211ba387289de21fa65b3f6286b2424fee05b1ec3b7f7a5526dd28ce96ceef4be47fc4ca2badf63b7e924c1a0772f27590bc686f7a221835a80109a9

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Xml.dll

Filesize
144KB

MD5
3a0b4fce55d035642b015472b0ddc5ab

SHA1
e1e9acf68e116c22c9f991fbfddf0b017ee49a11

SHA256
f907b1354f10b2278f4b8fc87e7f814f5ae0b4204e891a3d107624a19d6e7547

SHA512
dcf50c1d08234420b56b7ed585d6fd4a5f0fa5b3a29d1f21c1480c8d3154a3e5d054eeeaf1c4fdb6879641c885a0dae3c3ee7f4c23026f50bae9b8469706a08d

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\accounts.json.LeXBgg

Filesize
833B

MD5
2a0185a461c36db61270b97622107c11

SHA1
699cd8372bf229ecb0552e1e5da51f130edfabe6

SHA256
c4f6d0594f09b90a04ac0d01ea4f97680cd9bce6880e0e852fa77d1851fedfb3

SHA512
f426746f70392e01ee9b65a220ff9a921d79c13d6b5729aa2daee04b9739cb2e081f68344f8321134ec73162ef51aca2de1ec2df15adc44e0a4d8884dfae3606

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\accounts.json.dwzocK

Filesize
709B

MD5
52008a3a9e4f9523e0c9832466be639e

SHA1
d56269fe6236855b36a382516b85250edf423afc

SHA256
a30356f8b997f7f9aac73aa1bd3ae7baec3ac4bcb20ae9d9c1709d5b2b86b456

SHA512
de2e63ad70b9e9becbd5c53b1efd1a5889afaf9bb542384a3bec2f2f8b3d4a7333fc42c48520133b44b7470445903fbe1c9ab0f78439527ea0fa5128096fca99

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\assets\indexes\1.12.json

Filesize
139KB

MD5
837546708c50e9fa4614edb5a44d4d5f

SHA1
a21e1ded1a24ea1548dd8db0cf30b6acb02655a9

SHA256
7a87ae9278d129fc60285547332b8c17c1ae7f72b9c8017cb0a6898df743eb2f

SHA512
51ff2c0e72afe85a5231647d551932bd342a73ed59c5788c03fe759587e39d605eca7ce915567cf541d6ae9ecad23389eded1cbe5d752d0f31d3d2d0a71648bd

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\iconengines\qsvgicon.dll

Filesize
63KB

MD5
bf3ae484446b9dee7102ca01941a2675

SHA1
76fac9993bcd4b5f7dcf7a412f653e48e9f0f0c0

SHA256
7ca34f1b353e5f02b0ed1fc32b689a98c4d36c2dc2a30b561d1079c901c55526

SHA512
ab089da9dc5be237a7bacf2e02f328b1942ca027a315b3ef3661b8a2c2ee866eadad3bbdd656f24c18b0bcd387cc637ff62c7b5eab1afa31d5573cc291a55d37

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qgif.dll

Filesize
47KB

MD5
26574147ca3f4b70e868cd717e69a58f

SHA1
fd3f725c56c4d2baa2d831b077a9ce2f101e2689

SHA256
ce34841b2350a0fcfc9250203c81192ea4babca587375ec9fac2e55267a6fcf3

SHA512
8b75a6afb0ccd50f5a1cbbc16f0a04e170263e7629980e8fc7406dfa6f4e074d33317a4a3c8c6f9e201faf14ebfcbe99a7584a88351d3786b4e2dbf31ca41911

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
105B

MD5
82e75af4db65118895cf8f4314e750fe

SHA1
696a617609a587ed321ff7961805af83845539bb

SHA256
df64933e47b26813504574b262a1a3680d7797b934f041c45808e11ff8542e35

SHA512
cbc6c7e3129144a3d04fe3757aa670c9f62f840f172d568d451085eace1fbfd261a95949f7a80c96a01881a82855f7acd70bcf7e4d545281db6fc7b4837da655

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
1KB

MD5
dec3cf161ec89aadcce89381622bc6ff

SHA1
7c4478a3890070068032ed6fda40891faa9693fc

SHA256
04a9170f2abbb7947b68eabc5f00f7101d02f1dc3ddab49f7719056dfb4acecc

SHA512
749c2a7d939466214c0e9d6b177d38c7fac0c5f096c46f789048c8a9ed02ec6efbb75390fe6d68cd6e22af4e2cf23527a58d30e758dce32536dfe403b85ed3ca

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
81B

MD5
bd1d596aae39ae74602be95f419eb14e

SHA1
c632fa29f116cda60724763c3bf4f24315c266bc

SHA256
90f49052e0e61d776dc5b52a9677d382703ab77400ed95c060ea57b5606d5666

SHA512
d7083be6b4ba6a7749a8a4cc62aad5ce4f7256845b8baaa1f018ebcb52a5fc03575592c063c596dc4404436b93b2b6beb41b45a04f0afce8e193e58415624384

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
129B

MD5
bde82854672bef660fb1c6352ec575f3

SHA1
e6f055195683f63aa1941cebff1212a22058dc50

SHA256
baa6569787e5fd89fee0bee74b788b9b83f2e64f02dfeed7c7a9840a5f6aab7a

SHA512
3d23b04b32ba0e69346c6915e5be5a9ad0517a7895b8c016513f0c4adbb8eb2149bee8383fd9653575fa534d25c12f994974679375e0204c8fee326b734d06fc

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
585B

MD5
fc1aea9ecd1fe818537a36cac143e66e

SHA1
dd84d217cc4a7d8139cce9ac16fded9f94ceaa16

SHA256
60e0a9ab0bae527318d708916b97dda044dc5f7dbc9fa263e90d606feaf3b973

SHA512
15bd6e890157be1096174c61f52cdd8f5f355c2b0e94ffadc886986a5d71b8026eea3f91cb151a04ec6192b039060019c66ac4660a5d7b637cd2273ba24fe195

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
792B

MD5
4764fe69c6ca94b17b332c610b458455

SHA1
534c6e2ab70549c89fea3553fdadc7c1ada0c69f

SHA256
c21efffc4d814a5f0ad22a9b035575729711c078115ff0fa52e9e04ccd7b1ecc

SHA512
285dd40bf23d3c0dd03b0b25ebf648e9be9a693bbe26a6180d6910219147f757c1fab7116f5d2032c9f22f67f2e53ae0fe1533733ee003494f02f5eed1ff0bf1

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
968B

MD5
0a608d64c24750b8e97834a80460feba

SHA1
5ef3ea7a8867bdddd41034f4e7fd2518e492e9ed

SHA256
717b147cd43ab246976e2adc609ef89271aee69873fc60a10b22fb5fdd5cf8cc

SHA512
bbccb4115f9f9a3aae8ccc03bb1b273600359ad5d9f0289312659d6659e4bb58fca2ecb9e79cfe2763d233e3f053daa60c7f7a6ffe3bf9332a42cc343fd860af

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
740B

MD5
7348cfce87b37630e25c77e4eb30c9fa

SHA1
d010269cd670bececf76b057b9d549038ba4041c

SHA256
ca33d52ee22e15d8a1a5a3a4d3fabc7198a5cda20518457efb6e12d7cb6b4bc4

SHA512
8c39b27695fb21c65f53a711c5e376abbb38b83641391557cb835e674e337db1dc47f20fb214587d77b55eac7ae007f9164082f121e32560c25be206347a7419

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg

Filesize
1KB

MD5
3331a6ce5ec3bc8c9e99f8e6bbd4c3b2

SHA1
7440d7bc8299bdc7f184f50ec5cf2cbf78ae9177

SHA256
d6a607557cba741c7b7d53bd4b87cba640434088d66f33e48b76e119ed1ff9b8

SHA512
638697e5968dbb086ce27673b5e5a794c15a91525156b2171d9a9484e221c42174880249f12ea46d31a5522fedece0ea07eea3c5a35a1027b02edd9a09c62fdc

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg.DsTPYb

Filesize
1KB

MD5
2674a0abd48b0961180aad89ab8adc00

SHA1
424675580772fad7faf7325abab9beb1eb8babbc

SHA256
a2c4ba8911c39ab31775aa90f4c4a7ab710a757d74feeb3e0cdf45d337574ba0

SHA512
34dc651cf9d96a61790071af963a974983c492d486bfb453e8186d75554764ec649d56c06227149f8f7bf30f88a63b25be042273f6edd9d4a7ba912f86124884

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg.PWszcj

Filesize
567B

MD5
58037e0c08b9888079b1bb549265ae02

SHA1
98c2d30972e6198bdc4261f993258602ecd0a747

SHA256
c391c2bb704703a31b69287d30ea8edc90338826e7ecf70e4292d1c81310bd8c

SHA512
ff84888a01f59f48d0058255a833eb6430aee72b00861b1501c59b98de760baa187a29774cf7a0bb34601bd29b8e9813945b5dbeaeb301ea484ffe529df598ab

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\instance.cfg.wlOhSF

Filesize
229B

MD5
7cabd69519a60b111930f1cda0ee9e63

SHA1
1d81f08bd1fa77f1a20246e25807eadad09c2d1b

SHA256
506c811b31481edc30fc6ece75363aa10cef7868f97c8f36f816984d2bbce880

SHA512
6280fac03c3902257078b54141eb52642e21ed9507d49691e1fbef21c04d56656f3caba3ef39f17adec98d18ee2101ac6b1e906d2a9dad4e68fe0148f12c3c3c

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2(1)\natives\META-INF\MANIFEST.MF

Filesize
25B

MD5
92d04d6bd8a0235843240bba30d2f091

SHA1
79e33dd52ebdf615e6696ae69add91cb990d81e2

SHA256
566ad1a80220026d05099562645ce968ff0e7c36cde22634332605bb34cc3eff

SHA512
d01c0adaf501bd1fadab5b911fb6e9c817fc57d3e5ce6a46c04fee263960a39f74467c8792b5d50c7827d6e180a8056d2e714caafb07bf8ab69c80c7e4bcfa46

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
1KB

MD5
ff714f194645779f012a75e39eca79f0

SHA1
fea7b5bd7ceee18ce1558cf2371a20bf29fb5373

SHA256
966cec18c0db3d3f6f5230a6d22a55ea5e847f8818b0a10f95a3f455c9e37fb2

SHA512
77aa723b1f60f14d7e0bed7e286c63ab49c87cc29c23f539f8b493396e5923bedc748f686493ada373e33bdc3de1cc2d7a7907f8a28106dd8e4077e6491b9819

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
60B

MD5
2eaae1b8edcc064956070abc53d587f6

SHA1
f62a3663bcd33aadb06ad941f54777e072f0a48d

SHA256
bf9fbd5f470f9113a36915b0c9fffef42ada1729fd17e43694a636640794bcfe

SHA512
2efaeae6299af5274758de9cf56ed417c6ea86d457532da6232a1c5829399a8bf44dcd0ea69f18d99cfd6f5e930d6bcaf12827bef7cd2718c69f20850b86c636

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
1KB

MD5
848560aab4e8a232068e6f697cc862ab

SHA1
32bb51c30899b1c0e7f1d7e97feacdca685ed97e

SHA256
36e01df1b166360583da3587ccb1b2a41db525ff9c1732b0c06c4c0dfb88465b

SHA512
502ccf0132dcf30b7666abbe4a1399a1cc3f9cd4c4d175ded0b741047235b4fe0962d5ff9c4c41ca15c662db46931b6c91cba3a31a8b1fa43dff696e991fffef

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
178B

MD5
b349994f18d6950e545709afdbbb947b

SHA1
de5886a9d93db6e1d848e35dfc941759672e8a8c

SHA256
aae26b3bff8857560d3484c49a34c49b6041126bb39a534b1c8e7135035998f5

SHA512
984d3ed42bad0e788351989fe249434927cc1f65384a1531f4732197a5bb9899fc0696eb73a0094b628d46af627fbb96c1336f7642e81fe3ef7e7ba1f8681d41

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
602B

MD5
886971ba79eef3160df86ec8d4d8984f

SHA1
c2ffaa839870fa0fc8594747356a9e574885b763

SHA256
43df726323a2bb7395a58f8bceff8d6e474b01386b0a7170503d04cb3824c104

SHA512
fd0249108bf81bf9aea487488caeb5ac11d3e94b6e433c23efe436500b7197e8d6227a30c8832ca465b565d951dc0517c2c79a877ed994a33c1f91ed44d59614

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
309B

MD5
736efec94089789944c9966b07be02d9

SHA1
72d57be963a9c5272689e3703c22ac7bf4c38312

SHA256
7151ef6e27e7f73eb79b100ace1c59620359d1b3dd67a0a6ac8fda488b6c3ea3

SHA512
ddce4aae56401b02b665d842d47e217ff516c73aa7512acb8e44cba0cb89b76f5f156fef266365d664291e4443412151b197f4af3dc90f59364f05b3d5c564dc

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg

Filesize
1KB

MD5
99a22f8a476a8a1499c77cfe599c3dbf

SHA1
7af6b371f58b954797b197db12b3f2a63ab02f27

SHA256
bf674889cddc9a0e00c44d16b20a8b5e3e4b356dc9bd8cd26eee2be36548b76b

SHA512
bb2a29f82f9d4f63fb8e79817386e807dc688f01fe588611e9dec9fbcbba8b955730a6dc782c700ce487ec9833156fbc40e288ae3f637d419867d7c1feb18573

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg.YIVAGF

Filesize
1KB

MD5
a4e641cec54136b3713cebd4d860cbba

SHA1
f9b8381e918416538d32a2e9ea4eb5c838139070

SHA256
fd7bbadd2f7607f5e17b807baac9d4c332cb0f01718f748c3c4a663afc82a166

SHA512
8c26c843693afc0bddbb14421c78036771563aa4ef0c583a42e5d108adb42469f54ef87488a2a9ffdc26bc9221fd5e4cab7b0429e01ae16021faa4dedd21fd51

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\instance.cfg.lock

Filesize
66B

MD5
0a2bb4f8f966e2d12faef176698fec1d

SHA1
a2b4c3f4d26ddbb0017330c1d80ee57cf974d8e9

SHA256
f74f4a2deae459e3260dd93d37a2fd20ccd6853c63ff2a33ddb394f19e13e020

SHA512
428a2ac0e81fc915d90b1b45ccee5b2b62c5ed0eb6f55d36bba8ebff33898d7e1a178993678a544a840f9206a5d50ea52a4244019b0371598e43e5ac79edef46

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\mmc-pack.json

Filesize
696B

MD5
e147d5f4c38c3fb97f4174bac6015916

SHA1
26f7cc86139b572d99a65f4a07af52e81dc6e2df

SHA256
2e3ecc45cd7f123323c7d6b52daa30d19a5997db6656c59032f21ffd0911101c

SHA512
269c66e28516b481290bd30ed8946df367c1256468fc721737221596c57169478cceef09bded33fa9e81d3fafd0a34cda2b27b653f94d237e1b8a1d1aa05c619

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\instances\1.12.2\mmc-pack.json

Filesize
173B

MD5
3eb339661cacb686b9f5d666ad77810b

SHA1
3601a9a39e80e97c32cf5e5f95ceb0aa299852bd

SHA256
0bd8b0416a3b93867245c2439578be09fdb6861c7cd3e7743cb3dd5cef15e8ec

SHA512
615797c57ebf45e08d88363765625e527226175bc723ac837cdf7ed80d6c0237741247c9e48939622be21fe53359885d5c04a3a73bb30819c4068e6fbb67ae72

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\jars\JavaCheck.jar

Filesize
1KB

MD5
0a86229dd5956c139aac29668d21a10e

SHA1
b0232cc379a0924630abc41b3c88b2c44007e6bd

SHA256
9a9f3010cbb7a95be3468d77ecba3d3961c2b82ce2061a414b8122406adefa88

SHA512
d9b8d36292141aa49a669201c305b5adfccab53c994df49e9b46e1ad4d9883057a1126b8d3038e082d1419fc2378ad69e2f3573ba135961ab71f1560080dba76

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\platforms\qdirect2d.dll

Filesize
894KB

MD5
8ed6d405d97eec66523cfd2587dba3b3

SHA1
6fd030624f16a200ce086f1cb5136d89bef8d5c7

SHA256
dd90600099c735c0f0c1b2eb1077c9bd3d004b9287434cd5ed07c922a6b29507

SHA512
6cf759dc299c79f3a4ee2c82515273876dae49a1310ef736eed5ffd3ae52129b372e81b1eafb74dffc0e010140e1a8f6026ac3ad6ed51ec255163cf82408a290

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\platforms\qwindows.dll

Filesize
320KB

MD5
2741b4afda0ba40cc148a7e5d2512f09

SHA1
e8507db655277ab6aa3fa645a643abaf384fb097

SHA256
40278c808b0d470136cc44b1af45a1aee9941dacbd6848dce2dd75e3042c9874

SHA512
62b6fb2d981ab304ca9b31f8064765077b5c22ea6fa5a60701deeaba5519d677fcde631c6b5740533a8723ccd1e0329b258e092ea7166f26a8c1ae03b027882b

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
2KB

MD5
09c652e6820acb73458938e2b78cc121

SHA1
dd0851b5888e8b4e48da595c42b559443ee01d80

SHA256
872244e0cdd34f2cb697ec659c267ba4d4cbab7b6d4ecac24022609150caac2b

SHA512
abb0012e1f6779d14639be7a502f3a0f365f0b11f01f3e35ad3a95d03bb614a6b6d1f7690d747c0b0a7f9f3261246e88b75302de1c2b7dfcd3854aba1597f598

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
94B

MD5
24a134d1f9319a0c531d60d84273ecea

SHA1
4ecd0ac28b019911accb8f8226da62bc7f4a5bfe

SHA256
d48ec33d0c5f5ef1ce78d82a133f6bbc38447deb16732cac63e30ebb04386fc0

SHA512
ecaf51e1c6b3d206ee0f1a039d363cd617d2dfc6aedd72732a467fb67b299d720b652c411443ead6e3ee130891109bd6b02b2222f4375f3c6734f217acbc835a

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
391B

MD5
2a8adf1f37fc812c2e208396fea8c4bb

SHA1
7a52ef52f94afd40b799568b206a29a4d9035b43

SHA256
9cec9fa556f470c86000e9e37e302c0d95d89c9956e551b19a496ab188fffba0

SHA512
02ed5f50cf94d13363867ff7ca0b7608f6f96deea008b8903af7e6a0b40907892af286a42287686816167c6b320be4083f8f7a35d584057147f4155940fbb497

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
1KB

MD5
fe7a94573aa82374791e2a8225ddbb8f

SHA1
fae143f85336ea886ab3a51ce9ed69994ac22599

SHA256
9b69f657152604a5853c8457210b9c3a39b02bdf4f880cf27900af58b6a8d5ab

SHA512
75eac9f1a8a4c5c8bba9888db44c493a96cce032b8ff5348f17b9432a5e9946aa2e1c36a09c996c69ae699705016ca5eec154d9c1f8972aa627aafa7a5ea3dd0

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
2KB

MD5
da49b9aa100d9b2f196755f125826406

SHA1
cfe69380e3613e46635f58d8f7ae7cb19f8c8c35

SHA256
918b0b5c2b0e12e63d5a5936bf58850155810c3f0606656bbf020b02ae635507

SHA512
5d5bb500f7a0a5fcab5f3ecf83e44d112f8d5696c644539f2f128ff46ac5b7f8b9f8f800142ad008598d7db9629e4c2863c4cce3400a0bb7a16884caf01b9db1

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
209B

MD5
568e1e8154c8392b356d045d4fa3e990

SHA1
b0303f11076106faea05bc8f3bd51ba432919116

SHA256
837fda65bc15d00b55e6fa56e55131aa41e4397a769034430bf7673b558a9ddf

SHA512
3e0e1c87c4fc300b17249ca1bed1931408912ce8c78e55f7071161d36063f7bf520edcbe40a2ddea7cb675feb3846ca8a5ff64e0d364697aa4ab6be0726ffa3b

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
1KB

MD5
d1b1b4ed42bfde509e2d60e6892fa6e0

SHA1
0ad2d00ce7ab99bd4b9f5573914a4da06c70f805

SHA256
733eb4bad92c868459cc48894fa8a61f3bb782a5a0a449d6248674f1a6c6b7d3

SHA512
d445bcecdbf5bdd8415c550ef2740d99a4377b832144debf66d1fe7b7af2b8d26b16ad94e387080a8ae20bc99e2503c37e9ec8870e6e8d8bbd606c927b54c5b0

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
2KB

MD5
43abdc1bdcd19cc03099b624586de545

SHA1
be0ab2825f80984ee85128948484a21d8d0847a6

SHA256
2dfe922cf0c8dfad2f553c5fe04f9ef590edef42e437b17f22ca431b53392d6a

SHA512
c66efa5937846d6736ac57672df1d14ea048f53a5430ac5fbaa880bd679eb42323812c83a70b318e4cc0fbc4201ee0564c253b531f97854c3dc8483e4a70006b

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
1KB

MD5
9e7e4e01bc26c81f22ea293b6fbb26c4

SHA1
3360458defa7556d901184be20b51b8f8a4e659d

SHA256
4f488d212cc4ba1c628a245e968f0b54d7148bf8823ee53eae5251d35df95f4b

SHA512
f3ce57e60b336fbe1a1e3927f6db6173bef0914c2446d4aed1973667b91788b616a73525900d29b73083fd5655ed8d84787e976dc47d7490dacbb35544afdcff

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg

Filesize
1KB

MD5
f7226f43e4bd93498da7c3e913a051b2

SHA1
cfa60f1d7f5f28aff61a59d362610c0a5e703acd

SHA256
553c5d4c0c8204aa9245b519cd4ff2011fd12e70423b2599c6e7d7a6b32f2e18

SHA512
6278aeb7f7ccdd520602a9054741610c6798113412d3f02bfd23fae64afb3283681840e7b5833c757944e6ec07dd5db810ff32a5e782a590fb39899c0e392b72

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg.NDyqkR

Filesize
2KB

MD5
bfe3264a616d186951b6ebd8ad8de88e

SHA1
f2743d6b1ebe83389fd63592d6a75c6c6c68e72a

SHA256
bfbad277ebd0dc0783220b68de2ad001261231ecfd6b027fa98d85c36b84de73

SHA512
8e03cd9a613a552a122f147944270c6b29784611b6327b77d27cb9cae1d47312943ba2077bd12c5ea7e4e04a0aa11c84bcbc6621c3bb12ff909dcaa25ed78b67

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.cfg.lock

Filesize
66B

MD5
96f45326f3ed26096a3f899a226e58ff

SHA1
b306a2c4efc63267d93b3a224dba6ae88dbce5a2

SHA256
26632b2bbfd4d1292382627135669454ae0ed3ec185bb9023e54bd6b79b40685

SHA512
ad1beb31363d39cba0e14fd32714701fd371b086d0ea9d36868fca0e20f36fcd9e00e9327e9bc9853aab407278fa2dc9a97c04aa04ffa0c0c15977bfbfe67b74

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.exe

Filesize
1.8MB

MD5
1016b09c1ab5ed090f7a73748fdd50d6

SHA1
0dd3412673fb358ec8579680d56ce0ba7fb2f033

SHA256
6dfca414a9c21484427b042b9a6803b039103399b1735c843f2254a1263d8eee

SHA512
02e3111a9b5df9ab829279c4d94e75228a8e04b49035c5abd3a860f3852c64e193cfd26fd71abd2328893063cb01f3df9771f84c5e62a125fad9520657a34ae1

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\prismlauncher.exe

Filesize
192KB

MD5
f7bc2eebe84829ad8c5b8be0c2c563db

SHA1
fe8291a6ae85261bc8d6d109beacb01a3d8ee37c

SHA256
51d82fcf68cd7bedba86720407d24a14e142122ea3b6d8ab7f70a2a2a885aa87

SHA512
8d48a877c2e3454d675caabb8d6b6ba9b91a08cbcd03acd7a5adc59d4d10f3fa3bc76d56b7735f14679e29563954e841cdb0324f8d921fdd04c55690c11d258b

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\qt.conf

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\qtlogging.ini

Filesize
509B

MD5
58967a7fcc8cd9d2bdb9b0fc24eed94d

SHA1
b09f4ed1fe53850307cf8cb8cd2767524c26335b

SHA256
ba15aee260e7ca1d48016546bab52fe30c3da264356b629739c125cd4eb3c700

SHA512
5d44670d283b8a88892fd8def2fd2f2f9222d5115b25cc4b9e2b04a7c5f004930dc0b5e2d11ae128ab844f826ba079a0f93e17d5428355bdb4d21a04ee58055a

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.psjVyVc7.1.zip.part

Filesize
3.7MB

MD5
e4e9ba9f7d4a435f77601ff1868a8889

SHA1
7eb8b9f4fa0333bb84ce58718423d6edb953f2aa

SHA256
25625f9a584d0a36fb14b79d61ada1fe47de372a42a8f270dbcb3f11c0b960f8

SHA512
d693b7df05796f3e60faf6bd89d67a33b2293bb6db3f6dec4ba8ce614300d113589e6e8ea3b6f04744148d82db58607142cd60a2aa9be2da3718b04d464f0d8c

Download Submit
C:\Windows\Installer\MSIC22.tmp

Filesize
215KB

MD5
5a36af31695af76ce3aa1507611fe5bd

SHA1
255787a75d37258a02e6f0d19a83d96b46654d80

SHA256
17a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118

SHA512
b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
17.5MB

MD5
6d376c9d7c4e991ec389836c1f83283f

SHA1
759a5b5b044d85203b365ed6b1a8d125e8158942

SHA256
8da54a1dbcec542ff95613f2ee3155872ac8c2f940e25499584613296a405e86

SHA512
9093fd523c4735fb229ca5c101984f8d5d3ccd0f869f98ce5a9f76ba65694866b5bdca0e4b59a87ac90112604fe666a00ee2f106ca02106433155803c73af82f

Download Submit
\??\Volume{3b6be73c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{50fa9eea-cedd-4c07-b8de-7281693c4721}_OnDiskSnapshotProp

Filesize
5KB

MD5
caa1b3f8045d472962f9e7fbfaaba7c1

SHA1
925953d4d12c2d376f5ac2ad5d62bb17d17ab0cb

SHA256
1909eef59ad3540a427b122e4befc017e4cd100336af2837a0e4cf4e54d1cb7d

SHA512
2320659bbf3308b9828ad7a6b683c0194f9cda71c2bd867feff8edab03c68694567310aa3e7ccbcf2e73c25f0cfdf48e7ed18618f51f2b980337250e96ededad

Download Submit
\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\msvcp140.dll

Filesize
320KB

MD5
fa6893dc207f6d6e707387abdf9fc58c

SHA1
c53e20e44a432b668044cac191c13c7eb5bfe4df

SHA256
6d7dadb8d91b66e99684218d44c3c6274d888d194813e662fbc9228f3c74a7fe

SHA512
7be26b7b4b405cf75cec9f00d00ee554cafd01402f9b1a5ac51eabae76ecc8ddd3d54aaa8cfadaedc12cd281804f8917e14d8439eefc4b6abc48924acf83c1c6

Download Submit
\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\server\jvm.dll

Filesize
448KB

MD5
72de649da674806d608b08cc47f1a8d8

SHA1
9c306e4799f0a599444ae52795773e2d6a60ecc5

SHA256
43d9ae675cabe9a82646de98f9e39f712fccead566134dc0c6f537388a70387d

SHA512
5ee7e1d1e5a841a1a96ba0bb547e5cb3dc416ed5505bcc44fc82235975c33cdef400ed99d2f373ee28b4b677e615261627e0ffbda9ae302cdd2e8b38de610caf

Download Submit
\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\vcruntime140.dll

Filesize
77KB

MD5
9fd32af6df29ca10d0d49779237169d5

SHA1
20b08d1a0abaf64c16cf85884b4f1eb5f9a4d1c3

SHA256
456e9a12e884b035922e17077cdf62ae694cb007a966dcdd2438e79403a240d5

SHA512
28071a21d63564d2b4b9c977bbe0590b35299f463fe13a3d2c2e85e11ff6aa1fcdefbfd4b21969cb63cafa26960ee6b6682536c325e14de581c3bf16b5632c9a

Download Submit
\Program Files\Eclipse Adoptium\jre-8.0.402.6-hotspot\bin\verify.dll

Filesize
54KB

MD5
e91fb0474543a01529a484996ae06a0c

SHA1
6bbb13b5c4b68d4c5df911760d9f8a173087a6b2

SHA256
651e3f3fa2bc18c737260c09b85fa0f42a94b2e88249bb2e79e91b9130b4abc3

SHA512
2fb5e370b0363473cdb990a0aee1049f3b0c0682e19f9b38448586ac8b12f35cd531b7cb687a8b1114b538f3d6217cfd901927c33280e92558888a25a9aa41ca

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Core.dll

Filesize
1.6MB

MD5
4565ad30b8b566bdb51bfe57d61ee179

SHA1
e3b535b71c182ff414a7246662028c37683fe467

SHA256
a6279022283c51b205fe9a846035c6dcd2ec236324820c2e65c3fbdc2f33eab7

SHA512
6931091681362db8383fbf644d6b76981bf20e7f149eb80eaad45ac9d48777af96eee34bbbc5399371fae02848cbb10852be49a9a392f38fcb48b0366110220a

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Core5Compat.dll

Filesize
815KB

MD5
74555e92dba376e41f11b06bff3443dc

SHA1
93eb09d5d5e1ebe90e9bedca41eac30f182dc0fb

SHA256
0aa34eeaeff8f84c954ddc5b334d91fd51a9f19b1a1f3f18ef292a1fb43e94c3

SHA512
85d7304608c104ca18fda66a6b16388c164fee9b4bef4ed0de2656b081e5ba5ff94851eed5590f7da101897dc3eb2561d5ecbdc86469ceb09a662dc51380cd26

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Gui.dll

Filesize
1.6MB

MD5
d12f04acccc6775d875cca048b2de165

SHA1
1293aa6eb44238d1c922550ffc5cf88c51c79511

SHA256
d491852a9b424aeebd13851081aeea9b348d9357a151d08339b37e2d5b29b368

SHA512
e2e0419cd9b2f013af0b8f95f58d967a1d8316e56d3ffb9644abae87bca1cc13b5fbc80dead99a0440f5064ec5787bfb7192528e509ec6c1c393970bda8abda9

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Network.dll

Filesize
1.3MB

MD5
228f4d0df07520aa1fa57640fb6ec5f0

SHA1
13c65c16625fab847d474e1ea9dce1ffdfd98e51

SHA256
298257eb27353c47fcd811e8202f03aa7ea2eef0bcb6f3ee71e8060508b29d49

SHA512
ed1bbb2367e3d76ab9844d4212e8bb884573718781cdb77596a72e4b57b2bb9678b159387930e8adb7a01f4a56c6a0e1ae4d1dcda7d931a2fd21ac5cd1ba5d15

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Svg.dll

Filesize
355KB

MD5
8699b8bada8fec14462321757e89cf9a

SHA1
d5b7e1d0e96d3f73f65221a625e4d5f6033cfcfc

SHA256
70bd4c4cdf70865645e86a0b1dea58eff111a1d588f6654a972a137c000b87e1

SHA512
395e9efbe2e992e15a7a89424b86f394e32c19563a5da2dbc1afd14f1f453cfd72ae76754c475075e7b7f99b4a88a23cf8f2d5330ec211e44c4eee1623b900bd

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\Qt6Widgets.dll

Filesize
1.8MB

MD5
3226e51acac7dc367921315fc8c7edd5

SHA1
56b334f77d825c54f7734ef49925b71a6b691ef0

SHA256
17ffe32bbb80d246790fd2af15547acde1bf93dd6a8c3480c44634c5005aad35

SHA512
c5128fec0e9a962891d76ac4a18194cf99e787f3e6b048233a4caeb7fca05e0fc561e03eaea429606e51766b3e4c0e99cfa81c291b3e5b44033c040de043ec24

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qicns.dll

Filesize
54KB

MD5
642f364074eb6c96a7282561688cfb34

SHA1
c3225409478c1bd5baa746360aed5ac7915dddf3

SHA256
26a605b9db40012d2935d1398d90d01a6333c5eb432a5ef2868fc332d57d7717

SHA512
92c05dbab1560a92e5f0c616fa213160e9bf19a79805540ad83921079f124676463b7f1c428f4c929c5ea1c5adbcae057db8db7f855ecc70020e532e637d39f2

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qico.dll

Filesize
46KB

MD5
3db1047b43a8eab09b9789529889341d

SHA1
4604eb1d86c6bb1561d1f2fb75ef61c3f959a1c3

SHA256
7d689613ff4784dd8afd3ee4429027c46432119b25786691d7da67f24b7ebd6d

SHA512
6490788dcc4b8f071d52dbcb12967ea37e4dda930f2fa548621f88e28ae096b084ada0822676a3ba6157b802fe0b40d9185cf3715efe5d78cbcfb830e3f104da

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qjpeg.dll

Filesize
445KB

MD5
ee879fe49a874af52b6abf9076ae8fe9

SHA1
7bc23a9615bdf2ff32e961faae1d0223e40d5fdf

SHA256
3e1d675563585303e4c3276baa3915a88d540af2a22d04fcda43f4645d1c05e6

SHA512
f3e9cbdbf9fef3e9014c5fc3edb6bd8e001b6575b263d43dc8df7281e6104f88a8bf7ad25657183b91368e6fd8a8c6da608b7dbdf3f8fee393c4a1a9ac8722a6

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qsvg.dll

Filesize
39KB

MD5
5bee238b2ca3eca6ab04aa9a61ce3224

SHA1
097a4273e0ca8d1f29f78e9fbbfdb95a4894a1b1

SHA256
c540dc238325fdc9b183efc6f95639b58df4400dc4074e43e43588e3eb3d2451

SHA512
aaf32a8bded590c711c292fdf6d7382d818460033f730a67376ed475226a0989b0941d54067e44ae4138ba0f4b487b32a7e7311059afdfb7c6e0ca1f2324d4df

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qwbmp.dll

Filesize
36KB

MD5
41be686d706731d6336f2b91e6129850

SHA1
1d5721ecbb9dd8da433854e3822a49acb80c18aa

SHA256
bc66ecdc28aff5d400e924157f640944f3c432061e6f3d8d77bc0379d9232373

SHA512
c49c8c88004983819a2c5a13bbab8dd84874fb75892ec0868fe4cd1294e6e3bc385c5df8268ca0004ec1914a5c648ea911c3b86d808242f6a748231c704374de

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\imageformats\qwebp.dll

Filesize
518KB

MD5
157ed3a7bf795211035f6bff17addf4d

SHA1
3d5d6640d463be1126ce2709d740001c6da8eccb

SHA256
e1431319c8a48a4eb9ced4a878fe254431b9015840b277f6608712bdb936ad04

SHA512
8a3491bccb94cecd27d2ec25e2d08476c21a446660afe729ead7a036adf61dbebb3902dbea948615a902e0dc23517658f4ec79ef9dfbcbb9c4b70b367fd69c42

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\platforms\qwindows.dll

Filesize
256KB

MD5
5cf3c2686368f2cbb2e366ed9cf55478

SHA1
9257acbd481a75c0ba90a48b67a0b0fcbbcd7a7d

SHA256
a16380a454f202a1e9165bb51e39b3e7ea81fa35109c1841a497fde4326b96c5

SHA512
9a623f1229c33195e84a9e0a5d23452dc73706039126ce4543d4fa5e8ebd11c6c7834d5eee3fff5c72ebd5a34cd8ecc11994cc07db1c31f9cd0259f841678d9d

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\styles\qwindowsvistastyle.dll

Filesize
138KB

MD5
a9ea33827f593d4ff121eb27da14017c

SHA1
2b45c65e083b05559ddd27f23d61c359b9b527d4

SHA256
f605cf01582c022a21f0c2faffd13e4f46d596727806793a708eaaa1ec3f7859

SHA512
586f11f2899b1ed8f2257d0e9cc433bcaede5c64c0e702981483b059a12c5899e972bea9fcbfc638e13d9659562b4f3a735b6ff9a0507f141b7405afab8caeac

Download Submit
\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Portable-7.1\tls\qschannelbackend.dll

Filesize
212KB

MD5
1d553367047781e4cb8375e0d69f92f9

SHA1
d47e17e30f031484874058e3c012ee6483dcce4a

SHA256
943b8a803d0521bb0f38c70e22bfb2a7ad89ba84de2724e670563808f89d4fcb

SHA512
895d21ee6aaa9fa029c4ba459495bfe58709ff80f33d6218f563aecfea2acf3d2e36f86dfad3aec4cbc1747502f747829ae918960cb9b1434d748364c825d41f

Download Submit
memory/588-1366-0x0000028230670000-0x0000028231670000-memory.dmp

Filesize
16.0MB

Download
memory/588-1410-0x0000028230670000-0x0000028231670000-memory.dmp

Filesize
16.0MB

Download
memory/588-1363-0x000002822EE60000-0x000002822EE61000-memory.dmp

Filesize
4KB

Download
memory/836-1348-0x000002A600000000-0x000002A600270000-memory.dmp

Filesize
2.4MB

Download
memory/1172-1346-0x000001E3331D0000-0x000001E3341D0000-memory.dmp

Filesize
16.0MB

Download
memory/1172-1387-0x000001E3331D0000-0x000001E3341D0000-memory.dmp

Filesize
16.0MB

Download
memory/1404-1349-0x000002F66A850000-0x000002F66AAC0000-memory.dmp

Filesize
2.4MB

Download
memory/1408-1255-0x000002294D840000-0x000002294D850000-memory.dmp

Filesize
64KB

Download
memory/1408-4833-0x000002294D840000-0x000002294D850000-memory.dmp

Filesize
64KB

Download
memory/1408-1356-0x000002294D840000-0x000002294D850000-memory.dmp

Filesize
64KB

Download
memory/1408-1068-0x00007FF6A63A0000-0x00007FF6A6CD4000-memory.dmp

Filesize
9.2MB

Download
memory/1408-1069-0x00007FFDADEE0000-0x00007FFDAE4A6000-memory.dmp

Filesize
5.8MB

Download
memory/1568-1773-0x000001ACDA7A0000-0x000001ACDB7A0000-memory.dmp

Filesize
16.0MB

Download
memory/1568-1770-0x000001ACD8FC0000-0x000001ACD8FC1000-memory.dmp

Filesize
4KB

Download
memory/1568-1878-0x000001ACDA7A0000-0x000001ACDB7A0000-memory.dmp

Filesize
16.0MB

Download
memory/2624-5511-0x000001BEAB540000-0x000001BEAC540000-memory.dmp

Filesize
16.0MB

Download
memory/2624-5455-0x000001BEAB540000-0x000001BEAC540000-memory.dmp

Filesize
16.0MB

Download
memory/2624-5462-0x000001BEAB7B0000-0x000001BEAB7C0000-memory.dmp

Filesize
64KB

Download
memory/2624-5456-0x000001BEA9D20000-0x000001BEA9D21000-memory.dmp

Filesize
4KB

Download
memory/2780-4702-0x0000021668220000-0x0000021669220000-memory.dmp

Filesize
16.0MB

Download
memory/2780-4642-0x0000021668220000-0x0000021669220000-memory.dmp

Filesize
16.0MB

Download
memory/2780-4657-0x0000021668220000-0x0000021669220000-memory.dmp

Filesize
16.0MB

Download
memory/2780-4645-0x0000021666A50000-0x0000021666A51000-memory.dmp

Filesize
4KB

Download
memory/2780-4664-0x00000216684B0000-0x00000216684C0000-memory.dmp

Filesize
64KB

Download
memory/2780-4713-0x0000021668220000-0x0000021669220000-memory.dmp

Filesize
16.0MB

Download
memory/2780-4663-0x00000216684A0000-0x00000216684B0000-memory.dmp

Filesize
64KB

Download
memory/2780-4665-0x00000216684D0000-0x00000216684E0000-memory.dmp

Filesize
64KB

Download
memory/3028-1350-0x000001B4934C0000-0x000001B493730000-memory.dmp

Filesize
2.4MB

Download
memory/4448-4878-0x000001ED151A0000-0x000001ED151B0000-memory.dmp

Filesize
64KB

Download
memory/4448-4835-0x00007FFDB0EA0000-0x00007FFDB1466000-memory.dmp

Filesize
5.8MB

Download
memory/4448-4836-0x000001ED151A0000-0x000001ED151B0000-memory.dmp

Filesize
64KB

Download
memory/4448-4834-0x00007FF6A63A0000-0x00007FF6A6CD4000-memory.dmp

Filesize
9.2MB

Download
memory/5040-1351-0x0000014A07D20000-0x0000014A07F90000-memory.dmp

Filesize
2.4MB

Download