Analysis Overview
SHA256
b4d41cf83f3d337de9166ad65ef9bc7cff2c35191ab0538109fffbbc82c7d53e
Threat Level: Shows suspicious behavior
The file PrismLauncher-Windows-MinGW-w64-Portable-8.4 (1).zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Checks computer location settings
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 16:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 16:02
Reported
2024-07-02 16:05
Platform
win10v2004-20240508-en
Max time kernel
91s
Max time network
94s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 8.8.8.8:53 | prismlauncher.org | udp |
Files
memory/1360-1-0x00007FFE77540000-0x00007FFE77B63000-memory.dmp
memory/1360-0-0x00007FF6A76B0000-0x00007FF6A8365000-memory.dmp
memory/1360-2-0x00007FFE76650000-0x00007FFE76823000-memory.dmp
memory/1360-4-0x00007FFE76DA0000-0x00007FFE7753E000-memory.dmp
memory/1360-8-0x00007FFE8A7C0000-0x00007FFE8A7ED000-memory.dmp
memory/1360-7-0x00007FFE87220000-0x00007FFE8725A000-memory.dmp
memory/1360-6-0x00007FFE870D0000-0x00007FFE87131000-memory.dmp
memory/1360-3-0x00007FFE76310000-0x00007FFE76643000-memory.dmp
memory/1360-5-0x00007FFE77540000-0x00007FFE77B63000-memory.dmp
memory/1360-17-0x00007FFE86690000-0x00007FFE866A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\prismlauncher.cfg
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
C:\Users\Admin\AppData\Local\Temp\prismlauncher.cfg.lock
| MD5 | 1a22468ebc89b4e1a1bd28460c7e2ad6 |
| SHA1 | 2034c707f07cc477194e2e00e0b67051b80b8c01 |
| SHA256 | 9f05bf93cdca224d9c78e81f3756d882c0134ed8094ffb8f08815412a9a80e9f |
| SHA512 | b752feec6a13268c7cb6df8d5fef1a16c85c358f78e40abafef56b1c2a8e9dbd5c9745142f755f91fc707287f8e137584a200e53bd364cc2e294dcdc27ea9e7a |
memory/648-72-0x0000018237E40000-0x0000018237E41000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 8bd0cfe0a748e9ce9ed7111f3f299e6b |
| SHA1 | 533b61f9852af63d1957571c83d2b56fadb649d9 |
| SHA256 | c1719e470d6229563cd004941dd54ed2ad6d64ac4620083aa6d5806a77694ec7 |
| SHA512 | a200475685432d03309cc7806fe6cb38dbe50f5c5a45f85032cff7c9bdb152e9c18ae21c228f1556d12a6ada5c9bfeaa444e61790d06200532f0b03105b40675 |
memory/1648-76-0x000001F454B90000-0x000001F454B91000-memory.dmp
memory/4540-78-0x0000015617730000-0x0000015617731000-memory.dmp
memory/4864-79-0x000001EE4F890000-0x000001EE4F891000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 5db32120c804ffbbb5aeae7be0bff369 |
| SHA1 | 953b45430b7b6187d3ec759d42b02f02319e2388 |
| SHA256 | 365e0ac4b13ef6e97eac11f6a25775495cc2de4180a45f554c2de7adb7b57ae5 |
| SHA512 | 11b97b76096680bd5a8815134e52c569665cc1b7d3c2e2901c20e0c44f20adea968cb3fe7a788435c8be65f34859169a12254d00849606eec0042a3454a75a77 |
memory/3924-96-0x00000156E64A0000-0x00000156E64A1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 16:02
Reported
2024-07-02 16:07
Platform
win11-20240508-en
Max time kernel
240s
Max time network
230s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Temp/jars/JavaCheck.jar
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link?otc=JUYLU5V2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf09a3cb8,0x7ffcf09a3cc8,0x7ffcf09a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,9479047546774528220,10184190496790037474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.109.153:443 | meta.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| DE | 52.58.254.253:443 | prismlauncher.org | tcp |
| BE | 23.14.90.74:80 | e6.o.lencr.org | tcp |
| US | 52.111.229.43:443 | tcp | |
| US | 185.199.109.153:443 | meta.prismlauncher.org | tcp |
| US | 104.18.23.35:443 | api.modrinth.com | tcp |
| US | 104.18.22.35:443 | api.modrinth.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 13.107.253.64:443 | acctcdn.msauth.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.89.178.27:443 | browser.events.data.microsoft.com | tcp |
Files
memory/2884-0-0x00007FFCF4030000-0x00007FFCF4653000-memory.dmp
memory/2884-1-0x00007FF779B40000-0x00007FF77A7F5000-memory.dmp
memory/2884-2-0x00007FFCF3580000-0x00007FFCF3753000-memory.dmp
memory/2884-3-0x00007FFCF3240000-0x00007FFCF3573000-memory.dmp
memory/2884-4-0x00007FFCF3890000-0x00007FFCF402E000-memory.dmp
memory/2884-8-0x00007FFD09400000-0x00007FFD0942D000-memory.dmp
memory/2884-7-0x00007FFD09430000-0x00007FFD0946A000-memory.dmp
memory/2884-6-0x00007FFD05EA0000-0x00007FFD05F01000-memory.dmp
memory/2884-5-0x00007FFCF4030000-0x00007FFCF4653000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\prismlauncher.cfg.yNzcPN
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/2884-19-0x00007FFD04C10000-0x00007FFD04C24000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\prismlauncher.cfg.lock
| MD5 | 493fd4d43046888c682c35777602abb2 |
| SHA1 | 4b90e8c3f03e6f9814fc48c56a973cba3be183f7 |
| SHA256 | 66a4270f9608950f3b2fd3771a8b2d6e7bf41379b73f5b878363c0fbc2d83ac4 |
| SHA512 | 0ae2c01a6cd5a030fa7464dbd14b40e895abf2a84c71565484c3b73cfccfd911af14abc69914d4b4dea986a441e43f6aded42576a8f9213d6c1f8fa280568818 |
C:\Users\Admin\AppData\Local\Temp\translations\index_v2.json
| MD5 | 69531cb12382a8feafdda30c030193a7 |
| SHA1 | 4d70dc11b740c791c50220f604f11f7929c95495 |
| SHA256 | 8960c827e4240c6ac9632d93c3f2cd896814d5c82da1720740ee866212771ca8 |
| SHA512 | fabbb74c60f49e80b7a9257bb506f9660cd501b263624368961201f34e0d32c926451e7ca1d9942b67384c47e44f1505dcdf6a252a8491215b693f36959737ff |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | dfdfe8b3bdb04c7f9cdcdc6081269a8d |
| SHA1 | f8f178955b04af8f00766bc8a40278361e289d71 |
| SHA256 | 3927d80f9c3a508a3ca71ad10141d3c15a99030b1cfbe080fa3d8a164fe5f17a |
| SHA512 | 176e07bf15d75acbe63ccf51e3f6826228b0a1b8821d819f6f9173b5d56f1837dd82799df33622bd6db25deb71c859156303df15bd76f494e57f4da5ba316958 |
memory/4332-95-0x0000023F39960000-0x0000023F39961000-memory.dmp
memory/2888-94-0x000002518C530000-0x000002518C531000-memory.dmp
memory/2768-89-0x000001E068130000-0x000001E068131000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | ebd7bbdace8d79297219e6b169f0f501 |
| SHA1 | ab0c43b7c44f190fb51e45baa2b1156e28b97cbb |
| SHA256 | f076db6be1e474e1e911bb9f27f2f768f983699038525b9a1c231279b3386a83 |
| SHA512 | ab084529daf8e407b6ae75a1f10171de7bec92737ff920c13408f0e7ebeb280f55f8aa6236447c7c3a80d45d9aa473c46d8cd0a4b02591fba49db1dc030b891d |
memory/4208-99-0x0000025FF04B0000-0x0000025FF04B1000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 5b4b374227305228322fc0864f7e317e |
| SHA1 | 14b840f4f2d7831a06c7e15f4df3b89585ca9151 |
| SHA256 | e3899fa82a0956c0c6a7c5fb71020f7b2e8a4dfe3aa13bbf4c31710ccd237d1e |
| SHA512 | e1485fdf520e1238c10f38b9acf76d5ac257becaff7ccccf2ed30b653efe24f0cdce858f970885426745da40019162196230531daeef2e1294f6daf18673fe4a |
memory/5088-116-0x0000023DB99E0000-0x0000023DB99E1000-memory.dmp
memory/3152-128-0x00000254C4950000-0x00000254C4951000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1528-141-0x0000022E4C640000-0x0000022E4C641000-memory.dmp
memory/2884-276-0x000002BD231D0000-0x000002BD231DD000-memory.dmp
memory/2884-277-0x000002BD231E0000-0x000002BD231FE000-memory.dmp
memory/2884-278-0x000002BD23200000-0x000002BD2320B000-memory.dmp
memory/2884-275-0x000002BD22800000-0x000002BD22809000-memory.dmp
memory/2884-274-0x000002BD23140000-0x000002BD23186000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cef788831ffa3a75d3486534f7cb7e28 |
| SHA1 | 584ab9a9bacaa73f5d77123bb805eed6b260af4a |
| SHA256 | 56839e296066311a720e57fd536be484a32c456c55136d2bd9c10efd0402616e |
| SHA512 | 21dae19b18d62cd87877fe94ff0a1af371d9b3143cc23cd8d5da180398c7447aaeeebd9e3150cf0f40183d83e3b6c92db0cabc69aff5e7a57647f535f25cd2d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c56ab33d77bc109e3e821db7e5a698b0 |
| SHA1 | f5cf7d7c2e25ab1b87a2614a37bcf1db50252dcc |
| SHA256 | 513964c5dae9f0286168aaf4793c03a57b1c52001c1192a6e364ea1e9104b08e |
| SHA512 | 61ab42551c2dc67497d24c64e656029b4cfa94a21c6758882b9bd0dd26940aea84a27d8e06ce2eb05c092011acda93545a5f48893d44ba4e236fc70915a1e795 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 5437aa6e34f17520e46151eccc9ec333 |
| SHA1 | 31955bdc42c94cbdf449f8244e17bd8d3e06beed |
| SHA256 | 72c9367206d6e70ba20f48a9c5137c6ed8a167266d7a79ff9d856565c52bd2e7 |
| SHA512 | 1a93c1ea6db2e505c67f50928514bf36f84614cbb01a6981bbddb8bb1f0f14bfd2e3725fe60079673c509bb907e0b93b49726b3d5967785eed01aeb14d3e5835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b97fc53ea4b27d73618b6b47b9d08d2 |
| SHA1 | 306d36f8b7231e506fc3343bed2deca35405098c |
| SHA256 | 3d98edb6415365488c9922e2d13efa3323c8fde2b57d043f07f3a37c17834062 |
| SHA512 | b903b9b27f694bc7400ebe9b6afc00c369d59c96618afaf85765d5cfdab015442af3e084b59c990903b81985037dd770c169048ce18afdba53207d29bc0c175e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21c7a5f33ffce94f8b4328f7845b1da9 |
| SHA1 | e6a15c8db46dd87edf43657629c32dda7fb6f9d1 |
| SHA256 | 1affa0f517e096b036f02f1ac56d35165e911a66ccd916f52a9b523f70ab6269 |
| SHA512 | 0c79a46b3bc567736c887aca0780b10fe4e179650944904c02a895e29d08aca4f71f9d059f0018461e8cad4ee32e64d2e2f94571a666e0240d843155d48088b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 310ddacd83e27e5db08e90e80efcacd3 |
| SHA1 | c68ed676c2ec5a490e82348fbf908cd036a67e55 |
| SHA256 | 73d4325faf7361ccd3962ac2162b47995d43e79312e9eeed76536c4e77f7fbeb |
| SHA512 | 74f69a59bc26208ead164a14ce94b8ef17ea69b9933ab72c50f4494e88e1288e8212f13504f8a2d8a1e426fc240311974bae5213aa499730dddc074aebcc1f4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c950352fbf4bb90f57a9622eaa1905bb |
| SHA1 | 7bc655f11b9e43a8fde74bac8db341d5b69a9383 |
| SHA256 | a01c02381c65f70939059b914c5a7933fa96fb57f191013b72ada480dab8c47f |
| SHA512 | 7553542dd778bfbf2669626ef24e859edf659a99b9942b16e88a95ab523fcb387000a8ce81b558c2aff315b8950f5948162e3b07ca652547ed7c8fc1899e6337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5f3c4207f466c4f7723c39eb5a8668e |
| SHA1 | db7b5d2dda66ba9c7f33af0ae64b3be2fac284b6 |
| SHA256 | 213ae5187dd62245a1ac30ddd0db96bcda9943c4410458ee91619b44bcc0e37d |
| SHA512 | e8aa0273d490a7a9ae24d25d9875872cea9ca61fbbd226fdb91b3628c895a9477c1f8787237cad4f6964dd8df9e85bd83d6fb12377ddab41bf871a9504c32124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 472f34edb4b00898ccfd606665b6126b |
| SHA1 | 33686336bbbdb52999e28787a061e6169700eb5d |
| SHA256 | 91218efa0890e1b62cdfb12289d0ddd56a152b7a2429cc1843a889996f7d908f |
| SHA512 | a7c30c3c3d270697b3b28a5b6f4ba95a31651f6777910b4472475f53595196c0ecdf6ce6a00d9a97fe2afb136538eac67e5543da77eeb8f0cb301cd935b62439 |