aa3c568c88329c4dd471492c0db25a6c299b4346562d63e850e3064902d86d69

Analysis

max time kernel
585s
max time network
597s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
11/03/2024, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PrismLauncher-Windows-MSVC-Setup-8.2.exe
Size

18.1MB
MD5

242927c23fc9b6ff5efaa51aaf5eda58
SHA1

53e851f8a136ae29aeb0159d9fa221b5e37a8b4c
SHA256

aa3c568c88329c4dd471492c0db25a6c299b4346562d63e850e3064902d86d69
SHA512

cda01dc9762a02d47829cadb0678fcf0b361d6ce4a9b3ddffa5bb7636487bd16446076274ac5a4ad015cb4d52fff4cccbb49b472ed031616fccc1826b748ce17
SSDEEP

393216:CMU77hg6HfhIjEYqNPPoDlXsLAmCrQ7cAIYE9rpyTXuEz18Tcso:CMUhHfhIgTkX3mwQ7cAo9+Pyo

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	prismlauncher.exe

Executes dropped EXE 1 IoCs

pid	Process
2340	prismlauncher.exe

Loads dropped DLL 24 IoCs

pid	Process
3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe
3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe
3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe
2340	prismlauncher.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4420	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3632	TaskKill.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\curseforge	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\curseforge\URL Protocol	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\curseforge\shell\open\command	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\curseforge\shell	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\curseforge\shell\open	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe\" \"%1\""	PrismLauncher-Windows-MSVC-Setup-8.2.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2340	prismlauncher.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3768	msedge.exe
3768	msedge.exe
3964	identity_helper.exe
3964	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2340	prismlauncher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3632	TaskKill.exe
Token: 33	2872	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2872	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
2340	prismlauncher.exe
2340	prismlauncher.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3632	3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe	99
PID 3040 wrote to memory of 3632	3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe	99
PID 3040 wrote to memory of 3632	3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe	99
PID 3040 wrote to memory of 2340	3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe	102
PID 3040 wrote to memory of 2340	3040	PrismLauncher-Windows-MSVC-Setup-8.2.exe	102
PID 2340 wrote to memory of 3696	2340	prismlauncher.exe	104
PID 2340 wrote to memory of 3696	2340	prismlauncher.exe	104
PID 2340 wrote to memory of 5072	2340	prismlauncher.exe	105
PID 2340 wrote to memory of 5072	2340	prismlauncher.exe	105
PID 2340 wrote to memory of 4764	2340	prismlauncher.exe	106
PID 2340 wrote to memory of 4764	2340	prismlauncher.exe	106
PID 2340 wrote to memory of 2404	2340	prismlauncher.exe	107
PID 2340 wrote to memory of 2404	2340	prismlauncher.exe	107
PID 4764 wrote to memory of 4420	4764	javaw.exe	108
PID 4764 wrote to memory of 4420	4764	javaw.exe	108
PID 2340 wrote to memory of 3768	2340	prismlauncher.exe	127
PID 2340 wrote to memory of 3768	2340	prismlauncher.exe	127
PID 3768 wrote to memory of 5068	3768	msedge.exe	128
PID 3768 wrote to memory of 5068	3768	msedge.exe	128
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 1448	3768	msedge.exe	129
PID 3768 wrote to memory of 3916	3768	msedge.exe	130
PID 3768 wrote to memory of 3916	3768	msedge.exe	130
PID 3768 wrote to memory of 2328	3768	msedge.exe	131
PID 3768 wrote to memory of 2328	3768	msedge.exe	131
PID 3768 wrote to memory of 2328	3768	msedge.exe	131

C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.2.exe
"C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.2.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\TaskKill.exe
  TaskKill /IM prismlauncher.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3632
- C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:3696
- - C:\Program Files\Java\jdk-1.8\bin\javaw.exe
    "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:5072
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
    javaw -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4764
  - - C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      4⤵
      Modifies file permissions
      PID:4420
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
    "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
    3⤵
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link?otc=SYW3FJNM
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa346546f8,0x7ffa34654708,0x7ffa34654718
      4⤵
      PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:1448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
      4⤵
      PID:2328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:1784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:2652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:4908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
      4⤵
      PID:2600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4242152272548709722,16184055033943158530,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x294
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
fda73f4a365624c3d64a8e4403d8b3e7

SHA1
f8b6776f5b7e6151edf60c35dff5bec24c28543e

SHA256
4598dff4ec61850c0f01fd30ce7430a7ffe829939e8db35e7bfbaec246b2a6f2

SHA512
dc6f500edb2eff0e04f4a12c2d96b1214bbe3c1d1cdaae8eb9e854eeca7206cd8f50e665bbc712da905e5fce9c93965739cd86e97d1f73bf4d4a186db73783b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
6731ba30c8c73b86781d316e01f3e63b

SHA1
b3f301427eb5a0b1413869fb05672cce66b9377f

SHA256
437906938b87342ca44f6aba8a34972533116fdf3d3e9470ad33261d889f26de

SHA512
68e3032a0ac910d92d011c66d5694ff5eb373a63a7849ec166cb1aa5961b6eaf7e5f211c894cf0e98171843261507d919b0ff8e649cbca33b2cdc9708d904bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
355B

MD5
6272d8efc5973258ec201d62917c7944

SHA1
6ff8aa4629a9cbc9249574b78689ab74b605f91e

SHA256
b5cbf9ca992092228e368efc7ce97a3e0e64d83700a1beb979807c98b6645809

SHA512
b011780bde18435aabe27de88c436dab58d640dbe3fb0a7ebc3d461efde86f98531a6bdca581b5e80d513148e7f273ef701af8c87fdd0c99d6df24c6b77a5573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3e3faa5ee3dba47bc5468376c2dc70d

SHA1
d9d940fe514d2df0a0c4f969b3e6c9b476c76cdc

SHA256
0850d79db25fcc34423b0dd35b0ae4bdbf3b64fd5585332ff30de38c1965e728

SHA512
4376ea7002acb766375ac6884628fcfa06e353524d77c08e7ab05175d147692b4e3b08117252346fe1b3a3cc8a3615c047ef220ac7ead9b4b80d568151543286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9f5a14522baf9180ffdc51d6d9eac56

SHA1
85dc89274f92b26791ac97f9dda07916cc4c23f7

SHA256
9e156e9316b1fbf0157344cf2c9e000722967f8118975b316a02f5de780236f8

SHA512
4c08f402e23c10d5832cdf5c18ec53f28a3e4bc8202df39af5fbc361836433f6e7d22851e6fccacfe12b16f477592a6e1987da0546b823c69eef1cadb4512809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7975297db47755e4e3957ba5345c2aa6

SHA1
527214937f3122f3c29ec2f34759ddc3ef376523

SHA256
fd41711893c33d0977e6b20fe50335d6c1e87253851c22aa5725afff45f8b220

SHA512
86fa3037b44491193a71ce885aa889d6425079ac13f07e73d7254546337e400fd2cf7773ce387455e7a3b474975f18f3ab66295177d2f4ccb27b793321460bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
e96d715dbaf8bcc1b0d971c1f5a74944

SHA1
87bd7b438aa445d9273df72efa2fd163d6383371

SHA256
4f30c76dbfd77c245ae21fd33f2f36583017f98d3b536cc3990f7088577dd759

SHA512
33b7b1ad577e77da4facd696c7b5feecd68f1f647a490070d965c3f8b58996bd3393ea07739022f207d83f2c24fe8918215254d7633ff58ce6d7067c0e3b5b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cca9b.TMP

Filesize
540B

MD5
8098695e0ed4765e7e065ae73a23a1f8

SHA1
17b02256836bfd08ef3614d68ce006064babe198

SHA256
e8de7d14603b0ac697984d875c538b2d40bdac6e7242a7bbf56543e1e9e0aca4

SHA512
063d2ba35ce501196481d3f0d6bf17387d7bf3a809bfbc9f6e843f05f53c849c5d21548014171bbad53c63713cf0adab867586dd90175b29c623515069dafbfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e10fc033c9c4b272a34972480c85982

SHA1
887d20b90d742e046ac93d012fa30b9cfefef0e1

SHA256
3f7ea2bc299cc152d9719c082db4777394137ef19c179639b3201155e0b4c9cf

SHA512
4fbb377a2017fac122e8467bb7a191414c12199f9a012ad6b26d97db99e39de25925b47bf7ede115af6c0d2ce1decc3fbf6a66ec8e9e4a4764d11526dbdc4697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb91cb8663d2123990a4cb8cc183bb4f

SHA1
b4f647f515bf2933532ec8d3bb6595f0dc069d7f

SHA256
ac78693fdc3b35ae61da0d9226ed6dd1e0e9ccf373a388af17758ff2e35c8ef8

SHA512
445e2a9262468937229e7b8d067892a41128e9aa32ed29b9b01fc5e9eabd0689b411569f7c0e6a97d01debb5a705d451968bb2b05feaaf6d8b73c46a776b7851

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
615KB

MD5
07d0d3f55e894569bfa0b9a5363f41af

SHA1
892e2af552f6533f663d135226543da1c0fa0dfa

SHA256
8a0378b9b1d130df739bbb9903a3e0470968e45512541941ea73ff054fc1e36b

SHA512
abfea8e6bb182a867531ad7c9d91de04bda20d472fdfbfa6e02ea898a83be1a426348e4450cdfe74241b5eb7614e8fda193561981c8bc39e8ad6e41ecddfd001

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
474KB

MD5
25908ee105637efe1e0c23060a66e211

SHA1
37ac28cc96d4ba69a6fd49c0280d738e856efc3b

SHA256
366ba8fe153586ff88b7a56819d818d882b01ca55b4aa37a55918f50f860e061

SHA512
d23cf9005e47443ec7d4ca018a707a1ca7b4b5ce6feb500585aaa074e32be01d62c70ce9921d6f971e2bcb63ca469b7e97248d7d592856be2365fcc05e896032

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
644KB

MD5
d057b2c5f80e2647d2fca2a2e6b0772a

SHA1
d41b121e0fc64e9c63f16a29ad8a5c2e97b9d638

SHA256
ea3f7694bfcf98ff71434cec9759b8ee1183d83a532c383525c95d92c8895d62

SHA512
d4f5f256195a6f610d02f9639082fae9c0804297db1d12bd4a6835cf1751e6e0c0f4cebaedced37a20fcc92a3e02d1c3e68be6ff47153a0a3f38ff4c24765d96

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
368KB

MD5
659eaf21be93e48b30f2dfa32699a20f

SHA1
c5ef7c2e47306c470748bbe37bc7ed922ecb28ae

SHA256
1629841744aca80004449ab7919f0831b03dadfbe815365046780a52c1e4f022

SHA512
5220371c8fa992bfc29ad61c8e076b946370d2e00187e65b91c7e3d1154db17c897c670697c7daf746e2b2074d6522117f590e358e80e4d0e34d5969f29936da

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll

Filesize
448KB

MD5
9125c44472e4b2448eec15f092487aba

SHA1
625a695ffe8ed46a3e94dbefb9e228c295081044

SHA256
05ce818ac123c03c907be61fcc3ac2e44f45a5dc854bda3f554cded65a7d6f29

SHA512
9f3483509b50e1f5d3c0daed2e32120fb4cfade9a7edc03d97525f64c5aa4c70eae1d58e900228777e0be8d15a87e4f3314bea66f58379dca565dd841b406623

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
851KB

MD5
b3fe7fde16dea4e4a4b2f5b9d9d04490

SHA1
010c2c0f4fcf7d01bf0403692d66bbec86a8f3f0

SHA256
91c5d1788a31e2ae195754b76b00e05bc1ed28042570f78f4de2c34de3d1f9a7

SHA512
5bd0bd5aeb4428d52d0e1307e125bf047ab90731689b24579972e1d6fef3dc55efd4089c351b4bfd63b12cfe3c9140dbbfa05b3020b9c8381c2bf3b54ae7e6d0

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll

Filesize
429KB

MD5
83879ffa6b2cc361eb329bc7c5ae8c30

SHA1
81b0baa8b974b75f1de69028ccdb8916b90d3043

SHA256
176d01951682cbaff40fc0dea2d7da83679521deecd5e729752e25572a99ebd4

SHA512
f977a1f2a288d19952d88bdadab7f62cb7bf0365af1d300535d2e377f9e0203d30efe873f253abb7cf485288b00fea8038ea0aa85a9f973325447af7fe332c62

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
643KB

MD5
01aaf881b1f0523d4cdbf74314c8839b

SHA1
25503cc98253bd7c9b104976ef7280ae13a45446

SHA256
f5226c40fd2406b4033b0307115cae1572127989e24b032a96480f683b01b2b4

SHA512
cded9584f6c02142edbc468a7f799129a530a0872a609029cfa1f0a920523ee1062adb1b489f7348b011f00bd06d5630a12c29976f6fefeb4ec21ac09a265dbd

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll

Filesize
462KB

MD5
6880f91bb6be5a5ddaea5d08f4cad4da

SHA1
5ce72dfe362abd291acd2179aa2608a8d18b5b6a

SHA256
66a21d9cfe94782ab778490ed0db1a45939c297e4b0928f3e945a1b78a8b6bb9

SHA512
6fb24aa3cd504379a3fa61d54a881a3806d8a59c62f657d6f735bfd09466e16756651356069a8918027f11641c4b84956a89368fa91f424d1de1c9d686566fb5

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
1.1MB

MD5
10af08a887194092f4457b22dd06700c

SHA1
9843b240a34cfd294fac985fdaa427b0fddf32b7

SHA256
87944bede8ef2417a07e7ca0572a240d70c54c872edc97ce4c9356173b319a6f

SHA512
7347175dad7ded9f402ab62d1d147f700910e9e461cdd46a8f3bf150deef68ce9a5ce7149b723e0374a318df1b11554c1648cedd9d274a9eec5398eb4190d9bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll

Filesize
562KB

MD5
28423ca638fc5f6dcacff0b2098a740c

SHA1
90fe1616ed02db64ffd72b96039c647376eb2736

SHA256
d9e4328e074982a82694399952b52d850a32b61edc918764d8953f095dda4e70

SHA512
5d6ecc0de3a824c3a67fe8bc7854ad9ad8d7e452f79b4ab4804fafe6f3a8af6ff437ebeb79d0bca29edc64fcf0f7f38b1df282d6195d0eef7d122f0a8cdeb300

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
199KB

MD5
e1299b9a9c25151e268484d04e9acbf4

SHA1
4c33327418fcaf877a03a25f3c1c918926db7f8f

SHA256
3e8b7d177c4f8bdd4d763ed960a9a655a9a44262e828d9d3345e62dde9123539

SHA512
eb1c30a8ec8cebbcc83a888950d5bb7c0874af96373a5f3d115810ba216704b761c2ebceef3e7375d17fea0aacee5bf94c981bd530f05ab823ef9456533d50f4

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll

Filesize
140KB

MD5
05ca3a9073150b3f07a86b0b555e79d2

SHA1
5004061e76d59e905553f59d8e6f493306b3d0eb

SHA256
7fdde354d703c7525c4d3952a58336f576f1dc07d807ba615d64f3e658e05fb4

SHA512
d02653b6288c47ce9fa61ecfeab5934768bf043261b8b3e39be628520043c760b0f0ecd1fa241850a075a7592e8381d7c8f232955f48f97ecfb94b2df9ac2139

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
837KB

MD5
748cf8d64bbd1eb3372b35d104f2ceaf

SHA1
e398ed89d80e691dfd8d24f6f8a9a6365307e2ba

SHA256
66bf9a9c5c1c5126fa03cfbe03b5b3510bc8f1d474e26eeefa85703c45f00e22

SHA512
b71f4531661d1f8b57fc1441e66c11516e60504f6db1d21d04e0fceb4112a4886562f7677c5d687d8a46123fdc5ec62bc9db01a4fd4a0f59628f1cdc085b9307

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll

Filesize
532KB

MD5
fdee8f877766ee6293c93473b68b92f5

SHA1
e6a8392f8343ef46eefb70ea911fb5c549a21376

SHA256
8d63dff7c2303b8e601fb95a37d234cecb7912e9ce64e81f26472c8719fadc98

SHA512
444a6bcc92fe92d8140a73e489317b0492d7518421bcf2013324d03b55953a30b89164fda116b3dd729297bf5f903f7022f12de9f934940b883fb7a10212a58b

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll

Filesize
151KB

MD5
2dac5315f7c6850c5de1c033f7b685a7

SHA1
d79133b56bdaff0677dedf150aee234aa5d800a9

SHA256
ef1f550bed5d78b417b560a99518d2ca30b6b9b8a1af621fb5421b7d1c01837d

SHA512
ada63250ba623a2960345406c31adf797b5c29e7715fd789c20948bc0cffa289b3be4d190572608376ce163d5ee2a4dd33ccdf74dfba765fbd0a1ef0067dc09c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll

Filesize
69KB

MD5
f1a683ba6f78a0c6e2390666d52b35ee

SHA1
e311e92df3a63b8ccd2fab9e7965f6c66059000e

SHA256
9469059fecff193e4628847a14b4b6c7e7c4a4d4489f8ea4e1e98b19b9b7229e

SHA512
0633147d113bab073f83dffb13718f9c9a800ce41dc5a1207ce51c6843e682e603f0c55c25f675ae1fb12e5ac2764a5ea1da8de869cc35ed02f7e93aad001740

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qgif.dll

Filesize
47KB

MD5
dbeb208ebaf03014faa17c161b93502e

SHA1
475f678440724e2c1dee3d78dfd1b553814b33f7

SHA256
c98626b5fcbb3d25d058548fcf49526ddfafb4e917fa1567d9fb369a7eecafaf

SHA512
2e07f54169790bf98fc769f41f08027dcf54806bb1c86ab637a796c5a168b76917ca2aeefb739bb9ad40a7bd7a94285d7b3be6b2e9f0c6f07fc58ecd144c846f

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dll

Filesize
55KB

MD5
ef36332f71eed4d07ca354b09ec8fc97

SHA1
00986214de00624534ae3fedd710e2eb2158593b

SHA256
871c9ac76374c6510cca93f58ebe4ec6d8f8d4f9420c00d3ab23f7756d7984a2

SHA512
55a0931df979b175fb34ace60738ae53ed7bbd2a304870b3035786fc60ff2ea8cb1b092ed9f9c61143ee599171dd1fe8831b3b84957c96133ade517701c10242

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qico.dll

Filesize
46KB

MD5
9e3a5b84ac8917de7fcfb0e346611ac5

SHA1
5f2d6528d7f40559418f02663a5eb02bf37e2975

SHA256
a23e5d3ce334a706eb86bb06fe1dcd01a52954611cdc792eaaa4e0afc3a49a91

SHA512
27095ab7a561151a93f5a2690e202e2594160a21c0e8ae8156ab7a8b4d0b4c73c42bdcb468878867a6f24c00b3d8a2617d4507c6c2447feffe6d0c0fd2887b57

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll

Filesize
349KB

MD5
16c3e87c8b1fe0953fd7acca23bc2e2a

SHA1
57a0e9e6e01df8e418a7df9669b933986d98ad76

SHA256
1503ca13fcc570b6f8e837e99d55dfeec3010747f5caa577d1ff2b50d7db155a

SHA512
428de3a4fb3920dd0d8de67dede5edc166c57a9a120db453f199099254b19d2b99ead43a24cbc249d1ec36da8481182a14e578ec9bf8e5921e54dd67a808c4cd

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll

Filesize
163KB

MD5
261fb81b7f02767d6499159b387b3be2

SHA1
5cc0cd62f9a2b084730e2363aa7fdde711982118

SHA256
6072cd757032c3a16fdfa405cc2e84730934f9ccff46d2bf9b5bc3b3efe42586

SHA512
7ed125a317d5b22d83d991c258bb3dea14e0e813658c0daf86afb957324d251451f5b7cd43b8b782abc4c856e5e6f59a5c4a4466f80fa096e94863db21b9e072

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qsvg.dll

Filesize
39KB

MD5
48d268d4c06134ba2fe044c0d575f3f5

SHA1
9ba00e57924ce0d346c85dcd4b77ac6f13748def

SHA256
4d0243ac9ba6aa1b8985176d001d8c508279ab021bedabb9f6555dbb1f417923

SHA512
eed8bd0436aaae3d6db3cbc62205728954126137933c607d445c66495fc3f4730277bb0f6ee2789a3c33aae10aeadcb1b6082743e9eac043d8c3520afb699a89

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwbmp.dll

Filesize
37KB

MD5
ffadea63b292a4b9c6d098e5a1500969

SHA1
04b3cb48edb4f5917fc43937f5763854773740ae

SHA256
97f108d93f5d94efb8c44097be009feed434873d25a598b366e2874dbb126717

SHA512
59f33ed62ffb41d57c28f8fae627200ed8ce82ca876f7fb5487bae87b90acba02e81e28c872326f74929c5a68cec8cad89e9d13d1a3e7c67a9d04c89454487e8

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll

Filesize
333KB

MD5
253d3f540d30e1416f4115a4ef805a1d

SHA1
176b167ac488df5e159b65346713c720ed4e3381

SHA256
83b49bd1c710cac73bcab43e4be17495cc3950a9db931fb1b93912e520567e33

SHA512
7a2bee55e5891747cb23925c095f7679dafac01d966cd458ae8b7cfbefe9e3c21a5fbee68ff296a33b4e4dad2e359d5817faf8aaa0426eaea5e69b1f125edd82

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll

Filesize
254KB

MD5
b4147e8f80e5fd4ff0a6b4e762b0e4e3

SHA1
530eaa4966e9985dfca383a681b09204e10a50ad

SHA256
ffc16cc5b30f7bc8fee199ee4eb65d4a45d22674188d8570afed299753cee95e

SHA512
b31b3f30154564f05fe097d9246e9fd35f53059b0fa1492bfb4ddc312ba49cfaead1b3801432fe3b730695725370ae1a0568c3fa00a58f15927927e38ba02842

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\jars\JavaCheck.jar

Filesize
1KB

MD5
b7b48051f47b0f34db559d90de94815c

SHA1
1c663d7bf62ca5e56206426874c39e0179a1bc50

SHA256
01bfea23e2c9fb63d14c60eac452ffe1426d6265beb0478e4d5b539c0f03da98

SHA512
7d0d45d523e202dbf236a9fd84241fffec09e7be3a1e40ebff9efe4f8bcd1fa9cde6b843c68a65bf536bfc5b44a6354c8736a67e66d5007223d6bfad7152f752

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qdirect2d.dll

Filesize
260KB

MD5
6a7281934683972e3f6e43bdf7b1466c

SHA1
eaab902094c3289dd9ad5da33335ab2a22165f9f

SHA256
e51eeab56485debe47d8e2aea5c40f0e0ef505edfa229d93376989f636afa749

SHA512
b317db5d97dc36abb61c50ee4559db4c1928b260d47da04e96c84ec7ad8df2c5f3f2d43dc7bacd34f7d1c5d3b952f631568cca4684a31e465cb762313356101c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
320KB

MD5
2a258ad1d051e1269dd5437f4261c198

SHA1
4da3a45e342c88ac1b025bd81241c9e743a3722c

SHA256
6271f86ff51d92a388a0106bbfbd21d3c699306de31aba8826df5fc6285bae50

SHA512
dad86db511d1f38fcd1744483a30672de142a8be0e315a4b3292adcca5ba1592006b5a15b755e5b47dbb8e14b527f092f11d75f9d4e87e547edfbbc493cb3075

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll

Filesize
369KB

MD5
cae5c2261c9d9b611784afdaad807285

SHA1
f5fdbe941548222bce5aacf4497838f7eb2bce5b

SHA256
4c14fd376de030c4f5ebddbdabb9be621dc576eb82bdecbf87b9662a2d7dc27e

SHA512
7bde5e6c2da7a4055a615c5408a25c0f2c6254a6476d2572ee49f3c9bd5d286caa34a8eb7f36b2d16153e31389ef673b25c019828e1a4edde8f58a57e6890888

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
213KB

MD5
4499b5ec746aa57105e9c163c9e9788f

SHA1
fc5535a1da9ad87f2c7de2129d2deebfa3400b4d

SHA256
30417ce009792f39bd7084528653bfd6fa850e440d90743fb82e50d7ba9e7d38

SHA512
d0cbd7a93f3335b6cd8b2bcd3fc3cadf115ef2e597541b8b50ca8bce4aac969db64f01a76eae90c451cd628a1c9645b5c7b80bd7a1b76bfde8554e51153006c9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
827KB

MD5
a457c9e981fdee226d9667da8b0825e1

SHA1
f7d85574124a6c0d586d67b19ea9b9cee2df0755

SHA256
da0a35812c68bd2fd60632d896b8c6645e5cae60446a31bde456242f1bb0dc0d

SHA512
f37fdada1b789fbf690772a124050ff07ad9fd3a9f37df6f5ec6f5d2fc061a33b18708e98581903d5f9ca909f5e35158d4a7132d43fabd07296444176218bbf1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
710KB

MD5
1fe3186384ba2d84fc3012e274d5c2d6

SHA1
7c37284686c6db1b25360d4dc7569c08b8e9e062

SHA256
56014d2a24ee6df8d090d643dce7f113b367bca9f51374e4548604a589048355

SHA512
5e03576e7aac7b1fdcbaeb88d215b114b1ba56b46fb3cfd1230bed0364c9879cee8914677f7e4dbaa5c79dea5dd1a68fc82bc5eca4328c755aaff1afad7f1205

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qt.conf

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qtlogging.ini

Filesize
534B

MD5
4995c4ae4070a861669fd6e997d815be

SHA1
aa42f6bbab438d303e6e74172eca6a0673239e2d

SHA256
fa8b3d64121cc915337b69756bd87597f4f557a802a95e953e2dfe33e40a52ff

SHA512
96a0cee7c45fb86deb02286f6994a7aa1979e69e6e0bd3014a9ed897e6695d2fa586434fc3ea9c083118f1440bfcbacb9d4bba55cbe6ab14fdb92424b31a315e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll

Filesize
140KB

MD5
6c409b308fe4445f959e0df592960903

SHA1
6f4c938e0e892e478e9bd98a408d40f32dd283bb

SHA256
b68d5ec0167ea43fb6d86f714906ac1fd9b6a64da963f445442636d9e193fb16

SHA512
7e4a6335adaf7cb19eecd79241fafe689a644c1edc4ef74dba0c3533dad03c9e9ffceecd1efe472015d3d5f0c3fb9221364a80425bf7e593f198ef51de913238

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll

Filesize
229KB

MD5
ae50faf9bc79f3bf69b1c1ed92773631

SHA1
942e42fff7ee58d72b6457aefcf3d9f1b5bc71b1

SHA256
a735c50c3a9440f951baf9d63d33771ed88fbf739f4c479dacfab2d359eb0f92

SHA512
fa880c2e93cc912c5c62ceb443e87b36b2a27fbd81fc7967605709682204f7ec2d08aa2b36a5248a5381160a5fa1445eba69a66cca4c8db625c4f57c981575f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4A68.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4A68.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4A68.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr4A68.tmp\nsExec.dll

Filesize
7KB

MD5
b4579bc396ace8cafd9e825ff63fe244

SHA1
32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c

SHA256
01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b

SHA512
3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\instances\1.20.4\instance.cfg

Filesize
60B

MD5
3e7f91200373fa2a08bcbaf8f1446046

SHA1
5502496075cba95ebafee78a951bb8688bfeb6b8

SHA256
c18e047ea80c9b5b0c2a6f5e6688cd2ef1b065e482ab04ca793523f752f3e36c

SHA512
b5f5396ffac72577b605f36a129b71dabea13f40241509b2eb44ab885ce8af84ef923ec3cd310d1bbeffd2afc7b7537e5829c379b46a3641c5699a060045aa20

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
100B

MD5
65751da2e66035f6a80994b8807b102a

SHA1
a4ce83dd109fe9dac233a04eec8ca96f60597e32

SHA256
b8c453a92517602054654276301e0655b52b0c39faaf38e1f9961a64c34ce8b5

SHA512
9a34a850b43d7cabccb046d3478b5eb2e14622ea1b13b0544fa355a1071f01ccd6a9d6ca6fd97e6292fe1c7600111e8402dcbc32f08fc589117aa42e7f7f8994

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
113B

MD5
53804b278596b04cecb23f37209c0114

SHA1
3d218d17056031857daa427b2d32973eddb6f5f3

SHA256
4cb837f834f3ade0129d7c443f9cd446ee654ddcd0cab438646d88f33e0fa022

SHA512
746fd2f5bdfc5841a328dbe4b4e6e65f19b0b6dba1fb672799e04232aa143d723ed804d5662c409c4f258f1779a4870d333df1810b679d66733697005557498a

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
292B

MD5
03307164b88ffa3aaae050b62371ea10

SHA1
3d31b377d5ec351562b22d87768308560b6194f7

SHA256
5d00bd8298320fb1f2f7ac86e483c4742966c215500445af90034765ff5c1aea

SHA512
c194d684c06306e224ea8e1d1a28c1b7936527d9deeba0fa343160c8ca883e249e9b5e80d6d18675314a3943c30e1df222a756f7c17718f486b7a544130cab3b

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
322B

MD5
bb4252c7659076608740edc6640b525a

SHA1
b82f6acaded6395567d91e8a3bcc7e16b3d20061

SHA256
35736df2d8745309927cb998fa180a6aab0b741ad35e63e60dad71fca2e98056

SHA512
f4911fd28ce544f5a7b4c7e611665e7fe125b637f31a7d8c0dfed6044195d054b82edd8f57de375889b426dbd77c5a72dd4f2e27b128dd8acc4b268b8b3d64b3

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
148B

MD5
385e76ab1f842e764724a6e2ec5a6734

SHA1
f4f4e8a93efd5af9656ef0a3af951e634e5ea703

SHA256
8ebf0f95556a499fb392adc2aa6dbb363342e0e5fb5ba4c0663697857cfababe

SHA512
4c4352ef6e4fa4c8cd2839844e33508d5f8e50907245a7b7ce80cb800cf27cf0de6e1fc725bdb214afc6eed7d7b7c03d430753fef5b4695660c71db7cbed7988

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.cdifsP

Filesize
30B

MD5
a6dc16331f06bc5831e5ddc9799284ec

SHA1
d344f83d549df8c3e2c959182ba37f8c81d885a5

SHA256
9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

SHA512
43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.lock

Filesize
66B

MD5
e3398eeb936a7330c9d206d05d407772

SHA1
113051670401fc5902ef6ebe35e843a7b4ad80ba

SHA256
abc86d689ea4de9e9acb4736f00ecfe371334e1cdef09b5bca8ff1b8b8b08d6b

SHA512
c03bc775bc05178ed26fe6ec0728747bba108ee58e80a70df8ec21cc56dc52270b3985fcfff5c9523dc41eb649d02762ab2806887af306e3950a2cc198f0f9a8

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\translations\index_v2.json

Filesize
22KB

MD5
c4639a2238a1a95c30a551293aa4cfa2

SHA1
a79fa5f781e870b54dc3b1f91686bc92486e7d18

SHA256
284cb0046496e5617d0ed617e052824dc461345e4b5d6d0e4c4992c3f5588341

SHA512
0f2f49e56f0cd919c34ccdb60a421fb33e3dce63d2dc10821d1cba60315ce46f63055f31008af78171838a7e3a611ab6a812ba8cf81947d23c760aa2a38264f1

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\translations\mmc_es.qm

Filesize
276KB

MD5
6c9a8fb2b7e17b1507108be5ab57d1ed

SHA1
14a47a4bcaabbbb4f9a747e2689e2b84e95b14fb

SHA256
c18df5a5b4ca78a1ce8e0ee397f7597dcd6cd8d9befb23bbb290d8d674957963

SHA512
50e92516838da26c056388985dfcd7603507bf8cef8b44f24f59da5d4fd39e8f1d5b6ce4df78c1085d17585394223a351df866e70d234941ab8692978bb141f5

Download Submit
memory/2340-266-0x0000019BFC9B0000-0x0000019BFC9C0000-memory.dmp

Filesize
64KB

Download
memory/2340-99-0x00007FF768C00000-0x00007FF7695C6000-memory.dmp

Filesize
9.8MB

Download
memory/2340-104-0x00007FFA33100000-0x00007FFA3372D000-memory.dmp

Filesize
6.2MB

Download
memory/2340-111-0x0000019BFC9B0000-0x0000019BFC9C0000-memory.dmp

Filesize
64KB

Download
memory/2404-264-0x0000024E62980000-0x0000024E62BF0000-memory.dmp

Filesize
2.4MB

Download
memory/2404-252-0x0000024E610C0000-0x0000024E610C1000-memory.dmp

Filesize
4KB

Download
memory/3696-230-0x000002A84C810000-0x000002A84D810000-memory.dmp

Filesize
16.0MB

Download
memory/3696-253-0x000002A84C7F0000-0x000002A84C7F1000-memory.dmp

Filesize
4KB

Download
memory/3696-267-0x000002A84C810000-0x000002A84D810000-memory.dmp

Filesize
16.0MB

Download
memory/4764-245-0x000001D6903D0000-0x000001D6903D1000-memory.dmp

Filesize
4KB

Download
memory/4764-259-0x000001D6903D0000-0x000001D6903D1000-memory.dmp

Filesize
4KB

Download
memory/4764-262-0x000001D6903F0000-0x000001D690660000-memory.dmp

Filesize
2.4MB

Download
memory/5072-263-0x000001F19F130000-0x000001F19F3A0000-memory.dmp

Filesize
2.4MB

Download