aa3c568c88329c4dd471492c0db25a6c299b4346562d63e850e3064902d86d69

Analysis

max time kernel
263s
max time network
267s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-08-2024 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PrismLauncher-Windows-MSVC-Setup-8.2.exe
Size

18.1MB
MD5

242927c23fc9b6ff5efaa51aaf5eda58
SHA1

53e851f8a136ae29aeb0159d9fa221b5e37a8b4c
SHA256

aa3c568c88329c4dd471492c0db25a6c299b4346562d63e850e3064902d86d69
SHA512

cda01dc9762a02d47829cadb0678fcf0b361d6ce4a9b3ddffa5bb7636487bd16446076274ac5a4ad015cb4d52fff4cccbb49b472ed031616fccc1826b748ce17
SSDEEP

393216:CMU77hg6HfhIjEYqNPPoDlXsLAmCrQ7cAIYE9rpyTXuEz18Tcso:CMUhHfhIgTkX3mwQ7cAo9+Pyo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

prismlauncher.exe

pid process

2688 prismlauncher.exe

pid	process
2688	prismlauncher.exe

Loads dropped DLL 23 IoCs

Processes:

PrismLauncher-Windows-MSVC-Setup-8.2.exeprismlauncher.exe

pid	process
1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe
1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe
1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe
2688	prismlauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 4 IoCs

Processes:

setup.exesetup.exechrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

PrismLauncher-Windows-MSVC-Setup-8.2.exeTaskKill.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskKill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

TaskKill.exe

pid process

2880 TaskKill.exe
Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe

pid	process
2880	TaskKill.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 6 IoCs

Processes:

PrismLauncher-Windows-MSVC-Setup-8.2.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\curseforge	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\curseforge\URL Protocol	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\curseforge\shell\open\command	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\curseforge\shell	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\curseforge\shell\open	PrismLauncher-Windows-MSVC-Setup-8.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe\" \"%1\""	PrismLauncher-Windows-MSVC-Setup-8.2.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

prismlauncher.exe

pid process

2688 prismlauncher.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4356 chrome.exe
4356 chrome.exe
568 chrome.exe
568 chrome.exe
568 chrome.exe
568 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

prismlauncher.exe

pid process

2688 prismlauncher.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4356 chrome.exe
4356 chrome.exe
4356 chrome.exe
4356 chrome.exe
4356 chrome.exe
4356 chrome.exe

pid	process
2688	prismlauncher.exe

pid	process
2688	prismlauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

TaskKill.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2880	TaskKill.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

PrismLauncher-Windows-MSVC-Setup-8.2.exeprismlauncher.exechrome.exe

description	pid	process	target process
PID 1216 wrote to memory of 2880	1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe	TaskKill.exe
PID 1216 wrote to memory of 2880	1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe	TaskKill.exe
PID 1216 wrote to memory of 2880	1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe	TaskKill.exe
PID 1216 wrote to memory of 2688	1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe	prismlauncher.exe
PID 1216 wrote to memory of 2688	1216	PrismLauncher-Windows-MSVC-Setup-8.2.exe	prismlauncher.exe
PID 2688 wrote to memory of 1664	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 1664	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 3372	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 3372	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 1148	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 1148	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 1948	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 1948	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 4824	2688	prismlauncher.exe	javaw.exe
PID 2688 wrote to memory of 4824	2688	prismlauncher.exe	javaw.exe
PID 4356 wrote to memory of 2344	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 2344	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3956	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3688	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 3688	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe
PID 4356 wrote to memory of 1876	4356	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.2.exe
"C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.2.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1216

C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM prismlauncher.exe /F
2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2880

C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2688

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
3⤵
PID:1664

C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
3⤵
PID:3372

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
3⤵
PID:1148

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
3⤵
PID:1948

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
3⤵
PID:4824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaccaccc40,0x7ffaccaccc4c,0x7ffaccaccc58
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1784 /prefetch:2
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2120 /prefetch:3
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3084 /prefetch:1
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4808 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
- Drops file in Windows directory
PID:3972

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6a8f84698,0x7ff6a8f846a4,0x7ff6a8f846b0
3⤵
- Drops file in Windows directory
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4260,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3488,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3436 /prefetch:1
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3800,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5128,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1116,i,7325728548780199354,11961210212880236060,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4392 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:568

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C8
1⤵
PID:1036

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Browser Information Discovery

T1217

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
094e53450897e6fbdd2ea08b39514674

SHA1
4ac31d3efcbc16fef7047c3986a3714934efd1f5

SHA256
e60fccfd9cee83fd52e195b39ee7301178e5c0a235095032536e1a5091acd887

SHA512
89e5da51cfbcf4d62e9e75a1a331dd4cf31eb4692349fec621badd5357073bdf32081de655a9faf1f5667c701da45da2dac79aaf4dabe683f632751f14366a38

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
70KB

MD5
86a162abd8da8954c9489598e624c97d

SHA1
26832fbf83ba9b9458e4975a1db3370249e7b2ad

SHA256
64b9cd4a4ee6a195eab971c9178340b8925480628386ad7fdad7c6223cc73395

SHA512
a6e8f9b27442c940ec121d53c25130e2727d28c0e1ea6b57a65dcfaa0e16a76de7243652e3c9ba605da354c36d90b8884ebfa7a823dd160dcccc28f7821daaa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
404KB

MD5
3b1abbe87311c28f4059c6cee8caa5fa

SHA1
59616d12bffdd457fd47f535c44c54855b226a34

SHA256
378fca5ef68806ad3517ae4e3f16cf498f2ce7f03e47de3cd835863e1063c1ac

SHA512
782c6bacee55516012657f4d7c673a527398fe0825b4db48b394e0388e27e8b76eae4cd9f3a643593ae120c886310b94ac5e0e4579cbdddae95ebffdc0ef11fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
112KB

MD5
b3c990dde55c6e3f4efbee8cce42152e

SHA1
4644fed5d632044499e37c18203784a58b7e9452

SHA256
2dca2ea1ad6ced6ab65646fd1414c49fcdc3443dc51ad1366263e4a595a40171

SHA512
04a0a223a5ad31a334f095f6774cf8935b1ddf0de95469b89c04ce691b13be1fcfc9fade34b28ddce931c253b8e687c44408a8788dfe9ad1e6037088d550356f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
116KB

MD5
aca6dbe8558e61f17b97fb686c4aa801

SHA1
6a9fae0b74091b110f756c840b447d20ddb50081

SHA256
a371dbb320638029aa7489d780d253db86a879bfb02e62a510672c4e2547ed3f

SHA512
1d9ac6d7aad9ff05f63efa08c66c655cef5ae9de38def18b16bf9695d9986cda77afd915805e8a7764e26940c0ae59df79bd470bf8181c634021c709792366cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
114KB

MD5
a88336a6ee1a77d2aed94f26fc15b429

SHA1
a0023b3923d2c9fd5bd49208ab95524b2fff824b

SHA256
d0d8b19d1f9c62b81fd2703344da8af74c5ea6df75ff64d0509b7c91bebf26f0

SHA512
3722ac4db07be0a7bcf3a87a5e2b1669d20f01bab9194ef0b22b85047436e05b1d0e0be4a49b072e72080a0f26190f507862ad8ee779d9eac173e5eb26681732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
0bfa6ee775b9c09ab722a9b89c7cbf94

SHA1
d82ed1bfc17c191845540376a1ed63baaf65ff53

SHA256
1152f18ad97c3174bc5854e328e67f53048232aee5c1b40ecefe7501a2af9e04

SHA512
144414d4540e2697da07e1e195bf6a598b6844d9f29b50c20a95d29c066cdc0b33fc3d9168062bf15e940c2b53ffa7cc9ad9a236af279ea70f4ed61d75d1d16d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
173605a2c6895c36fe685a0ae8f67a12

SHA1
006be3f2426b36f0df486980c2e8b14634aed16b

SHA256
04cbf6af81fecdf26edcd15871e6e3c7096ee6b88ce641baa8b936cbf40feb48

SHA512
6a0e0bbab68a875191b187797d49b1ede3013916300b3666bbe15996514157053e8bcee1d2d41ebaf3b2f9cf7c3b92f69893124b44e3d275add058f9e3d9a97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
dcf34f231251a8702977b1119136f7a6

SHA1
d4a08e009639872866723f9333f32652a3adb8a7

SHA256
fa8cfc7c49ae8a93c104027bb2f7380eff4faa0b24523e9714b4369e902a9616

SHA512
99ba87b009e30550967238bfc12545675e96c179bd218588ae22d77b25a95a00f9312758df2b23ab778b02103b6744acb2482c6d04096e0c45ec2aac36f092fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
c31f86f412dbb4a7b390ff406c47f069

SHA1
ae9516a70de8aa2874c4ea0fbcae65e5e1102d9f

SHA256
cbbcd46870278d87136f5beb264600b7c7030b484e493194750fe400f7f43dd4

SHA512
dcd2f60946699df134d490662c66d822731003211a6f9988758c3e5e7c47431389f67616e08fd1beedd3982cb0295c841cb403facfe07ee11af5ce32cba5db87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
15797c4492f94df04171128b961ffe9c

SHA1
36d304fcc9fbee691b3d0b1bb93e73abe0e1e2bc

SHA256
ada35421920ee74de8790c11e4da2d4b0319d6f33a81f212905669b4c7a04bb8

SHA512
830a92f98b2d82de663a8bea7cdcce27afb30725d52c5064adbe4c08bfa6d415a17da7ce5f4c2f785302b709cbd67dc59b629b82f04171e73235642ae88424e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
97f96f221302ba49ef5f0913db0bdcd3

SHA1
abb828259e565248849c2731b2d7764734cb89a1

SHA256
64a20ecc5179000a93e6e94aaf6288873cda2ceae57e263b26c5ca6b4ac70523

SHA512
83e990086e3a3f47967fcad47deb0f8f3dd4ed72900a85f8d6c7e45f0cbc2fe37624e51b47069f9ad5d59e391e85d0cd2a49f79e5ae38a7e827ffbf2723052e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
7bac1b196cae4c33342d0da01bcb97e9

SHA1
06abaa484ca80ca39de87eafa8dd751371b3098c

SHA256
cac87667576195f83e1a2e7fc84b9f06a5389bbd077f35361578c0191b9e8ac0

SHA512
e297c7ba3b0518545cdc79ee43edd0d8cc33c6151d7471507c0b603e17ae83001b8dd844f21bb6e9d4e8299b7cf034224d627a45e631485399ea2905deed5ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
a74e8495c1b672e575e3d1cdc66ad5af

SHA1
0a57713fb25588153469f557614bbf929c683406

SHA256
871f9e96dcd7b0ff90f63583a87ab92f61e45d47ac2910e1ffbb1ff3f24bb593

SHA512
026924f51c9fc986e851d3336408950e3bd00e77019dccf7ba5b801e31ba5e0bb7169d807a8ffbf316d7dc7b58d47bb53da3d2bc35910c8affca9ea34b76959f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
c8fdb296efe6b7cdbc796ebe009b6555

SHA1
7086327b10f9f5134fc0c8e13ebe07b2497546d6

SHA256
8a618845be651506f740e06b46c71cfcbfcd13cba6e2d3dcca66fc0c6dff2c6c

SHA512
472d9dbcaea53248e541f0e79ecb48372bf2d0e3dc5832aa55a91876054ce73f71614f8b0807e143da3311895b4ac9cba9c2d02887b11adce1e56c6ea16b6435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
50988d20f8e7bdf7fe2a5beeb663647d

SHA1
14c484a7ff4d860f907fa6fcb7a96d258cb15610

SHA256
b71138c86a905ea9c4cd1a3c1adf3a88d4d5de75a6d967ce7e336348f130d4d8

SHA512
f8753ed5ba3b5081fdb974c83c4be204b38784bc722343b1684356e4a9da22612af1793e5259d43c207abd6354f68f4c4656e02764a6facfeea9fc3dab19cfd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6b3ad506f74bbb02e53a5a3c2dbdc5b0

SHA1
bc057cb6cb8bc06c6c365e2154841c8e1b79b001

SHA256
09bee543f766e669878f8b6f637970dab1cb8724a619500396624c546e82fdb2

SHA512
c25df3e61b7cb2052118f189ca1332372e3c5ad4b10e2e3f912650f5baecc82549c525c10efe19ad77b20c677b80608d17b04e85f1c24897f1d7d4656df4a83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
2f3b13bf9a752aacb53b9c06e26a351f

SHA1
09351d472b1abe9c49508a428e3497e58fb6d47a

SHA256
169eaf519c56087555fb92fe6d24bfc159e06feece632b8759715128233a6c16

SHA512
8b8aa9dcecf727d7ed673698d0972dfcbdd3202a24ad69fbf2a15ccd3669c3cd32e28f7b13700e59e24161d082ef843c91c28dbe654cafe7f07f9227cef68bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b3ca54b51b16b77a1aa1b715774fb4d4

SHA1
ff6903f4ed3ceb0711a2bbdccf2d2d239b0e838c

SHA256
f56761b12e3b72a267f69cada5e0ba2d1ed92c01f8bdec4b72bf4d307cf8af2a

SHA512
f6519771990f7adefaef839c28792cb0517b3f595db149668f2d4a60ee31251041c0c30ee714a3caa252da451569511f553fbbd42236f75383ab768e49bccb5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
91ecd13a3d038d014c1de1b011b6b009

SHA1
c43e955f3abc5b2fb917475c77ccf3f03af00446

SHA256
4002419e86db387d747fcf14a370d97ce8f0aaa67208b15fed0716aed4cb1e21

SHA512
11cf7aaa8b097e46b33c98d7389a1e2689d78cf92db534c5fec3ba42c52503794ae964efb968520f9f9d7ad3591f79b8b7faa8b8d0384f2c4f2e5518765e6885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
06cd7d557f061b58d8893b73255b5f57

SHA1
85b85add087958567887e428a9e8277a58af835a

SHA256
c3e3cd45d6f0f638cf6bd20bd313f2d213f25ff5388ba7eb1c698f5338b38ea0

SHA512
b6b32a3f06679991c580e60002a7e8fc72e526273530d1a403f9a21ed3d3853a1726d4d3be4bfccf1643fb85457d8171a135918c193f113d4c43ac69d5ad76a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c97afb4e7636ed422caa445444ccca5c

SHA1
6f630aca7d40fc64b4e2147d8308a79720aa628a

SHA256
536ed518adbf863903b39794f1bb948db8e418806a1b2a218d11c85e2d57002c

SHA512
e5c16000421980eb88c52372a30984cc3f449b049791a43d1bc22372762b61e6f826d2fd0e995364e982e1ebb58c1c0afc6adfdc9acfdffa704c80348d44fc21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
60436d5195af9524f5a11255ec6fb2f1

SHA1
2dd857f575131f80e60b788637eb9a2cc5fe9355

SHA256
30fd92265201e1cd3f955ed4b101f2190c2db53afbf17eb02d25e2e1b866b234

SHA512
78e9d1464c1d8f3c2039c659750db7b94b676059a65ec7e6de9cd11ec51a97d569f24d823530baa5ac50f1297dd06f222196b67cc6c144f8d426fc710b2bfd81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
baaed8c9cbe6191dd3324978e1936bc5

SHA1
7316f66ba5b1babcd7dc64a96a45812d58a36c0d

SHA256
cb321cb90b834d435aca3ddd5bce25437e94783ff624c5023fa0b487b381d05b

SHA512
0905b29b171ec2929883dc9d96e22d5f3e91bbda3d6e60c2836c38239a265a6ddedac534a329ec596942bd138aa061bbcd2ee523cc4394f21c162b9f097f9201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
da88726cf2f7bcb142b70b13383bee4b

SHA1
bc9b61aecd86edf3a1842f30bbead744d2640c1d

SHA256
e5558cf3b676483c3f40aa9db0d36bdda4e9b3561f5ef1d642e22b2c27501feb

SHA512
6026e614973e438256407e9506496a1cd225acdf99af0ac4bda6865d8decb68bc5f4b1b9071a474ef199d85f47459ae5ec4ae11eb5cdf638594ea6dc5861de2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
86e14a4868ce1d2cd69ef0d2be2e66ec

SHA1
2adeb0ccaf16bfb8da3b43410550feb982afc886

SHA256
02269064662567fd915e0457bb4f0a0578c060517456ad39903dae62375fbb05

SHA512
73537762f5c279d385fd664b8503005350aa93434dbf1f0ee148013022f63dae24605fa6a2bb7f8082b6d5a44bdef0ed802fb6880e362a3e6ac92de6e6a254f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
30afa69b7f20eaece52fec2a63b1676c

SHA1
81c9715e935092a02a6c71182f67450f723c0fb6

SHA256
085b87697bbeb26282d27a0cf526b1c24013dd14718b5a7e9d2eaeb6689db23e

SHA512
602de9aa7c208805ac8609a8391672775cf181fb090a436395a06c2f3778c8c3724899978d1891019359793706546f781475a0e9bf5dd8e3c8d89b736533e044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f6a5ff54dad6d3502e42c351a26adbf5

SHA1
6dea826e17a351c00185ef58b2d4be5502df1917

SHA256
89d9cefc165b1373de1a467142146a68b22c21babc4a30b26252ab01c5b0a268

SHA512
af0a1f112fff82271081e37de93819442e43b26f5b53af4448b9351943fa0a563cd6a7d4c1ea11aa4a3be9548691d43b90c3e4e504c4f2fbbd7f1f57653927b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c3a57521cff61b9a9185e337402d43e8

SHA1
78eaf38b224a37ec27fa43bb15b94cf781c81f51

SHA256
38ca4ee66cc88c399d9cb9ce87146250ac9029d064bddaa9ecdff1082bcde882

SHA512
587d9390f030784010b9d2b2aac63829668c3ce273a4578ee43413cf7532b3c5327a3d58468742035fe145f6da4e465087dd9b1c5cff538a478a4793367e5474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
65ebd4e5268a16fbd32a1aef8a0fbfb5

SHA1
066dd0e27a727596da5adcb378153d294d9beb4b

SHA256
fd3577d7b19bd0dbbf546d5f14bbeda9907075c702b6dd8fdb8ce94458e6237a

SHA512
0b0907d66b20eff1b1972698125c0212ac1ec60829c45e192a92d444355a511dc72178a537d714c353d3db05e4ab1664345efe01fdcb0da6a1c9b9b2b2c69b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
629a9d4c71b631381295a90fc38a2f3d

SHA1
7a3679082a8d974c9b666a6c3d98aa1935fada9f

SHA256
251a04597fba8df6f237512496dc63b23006569ff24d3a2bbfecf843376d9baf

SHA512
02a76887dce3a079bd18598bf587f885cc08189cc7c399ae61c8c44a50dea561df33711abbb2f5c21fb78d8393fbc301e302fdb81c9badab2757ce3ae49200d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
195KB

MD5
cbd267937ce284b3f1010fb90410a17f

SHA1
6245f277353e443f51a3db1a74c7f3b983d7f935

SHA256
7a017a7970c87dcb72802810200df483009992992cc04ff8318894e6d8a7e302

SHA512
00b5843fb68a8f933e7a27af20fc9b343d373e2ba06e00b489e2918fb05bf0d86c1e36e3438b7b6a91cb52ed7fe71df3e1e2019eb3838d0735b8d8e55162df75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
195KB

MD5
062abcdca5590d03baa0048c1a3843e3

SHA1
6fa9dfdeb36312a81f9007993593b4c4e37903f4

SHA256
0e9e4d2e74d46e2a92b527f0bbb9277fc39e370480743ecb00638624b77c65a5

SHA512
eabf964155711eccec82feb6aa7938513d334236f299d256e8cee390e3e4a100cf6f66bc9405116d76c9d00e38937602dcba0f6506835447dc5f041c736a8370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
195KB

MD5
b3c70fce353f6a9c3c5ebedf74ae4a74

SHA1
8c7e3a4ec76a875358624734afc388d0282f6ca3

SHA256
870f0c2948733ada2379ee8def42bfffdcb1f47a473d617ac03e211492f1575e

SHA512
2c7a3d114a225b500d02cc5795dc06e31da855069800c9b77a54d23f3121106ea75d1cc1bcb8821f060e4cf0c543bfe700c9377c2ce88576e998fefc277805ab

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core.dll
Filesize
6.0MB

MD5
4b109b08ab6ae8b532ba254722b83a67

SHA1
59b7477ef8084b6858d44d7a8ebd78f9dd09cba7

SHA256
b3fe8c06f5ff686eab4a5784a9c36213d341809d982bf81570909fec262907cd

SHA512
482a7399f541806fc64bbc5924e3e55f24c86713daf959c421a40aa2aa76f256ac790e105eff4f60cd6b4299465a039505406091988de9265279103a296bd47f

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dll
Filesize
851KB

MD5
b3fe7fde16dea4e4a4b2f5b9d9d04490

SHA1
010c2c0f4fcf7d01bf0403692d66bbec86a8f3f0

SHA256
91c5d1788a31e2ae195754b76b00e05bc1ed28042570f78f4de2c34de3d1f9a7

SHA512
5bd0bd5aeb4428d52d0e1307e125bf047ab90731689b24579972e1d6fef3dc55efd4089c351b4bfd63b12cfe3c9140dbbfa05b3020b9c8381c2bf3b54ae7e6d0

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll
Filesize
8.5MB

MD5
4d427578ce80d21926239bde77859cbc

SHA1
ac7c9d7b8f2991a34f6368ebc098e369360e30ab

SHA256
1158536c723cfbcbf24f6f3443b16e42fc5473d8b1309040aa300a03408b5979

SHA512
4364dd317ebe3f54c33bb9af8e56ba45762882c74b18e336134f2904cb494cd15bbb94dd603e00b3ffb18c67f928dccf87b05feaa208bbd0ccade71d4ca29965

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Network.dll
Filesize
1.4MB

MD5
4812b1ba9956b935d541628ff79c83b9

SHA1
d4c98dfbede38472ad486ee5a050c8d0633636bb

SHA256
f2400ff51c603d8f518f069d90d9b88823192e6cad1695d64083fe26377682ed

SHA512
02a5ac6c4f78efc06333123395103d3dc282fb9d175ffe3184252f48bf69f5bce382efa9f633ed6a37efd8963faec5e74069273fe632d9cf2ab2338189a0a845

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dll
Filesize
376KB

MD5
95d3ccbe447f7bfdb78fe4bf483d7f44

SHA1
1d840c89a1000ba6fb522b7ff549fb251ee8abf1

SHA256
4a88dbb02144e4ffe399a5e25ff37454590cc58804f731bf65672c4371ba12d9

SHA512
e586e9ad0fad20faf2c9e946adcc32559931ac6834039aab3a5b5eb48141ccf52615847ccdd268dea8c08e5000ad5a08e342495eb9b28ee47f0bab5cec2d0881

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll
Filesize
6.2MB

MD5
c22c19fae4dfb264296ffa339795c37b

SHA1
38f6d382208081904e8c6c2d0fb09f52b39c388f

SHA256
9761e3b306d52403f1f190abcb2ccacd01630cfae053457028d9b6e8d91d3adf

SHA512
1b7ae36117b7c266cdb833e232b9bf90e3fbae0b316f4ed5c5b45de7c81407778cf4df906df34d4339ebb232d0e569125b6f9788f68e78a17f5887d50f51c1fc

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Xml.dll
Filesize
151KB

MD5
2dac5315f7c6850c5de1c033f7b685a7

SHA1
d79133b56bdaff0677dedf150aee234aa5d800a9

SHA256
ef1f550bed5d78b417b560a99518d2ca30b6b9b8a1af621fb5421b7d1c01837d

SHA512
ada63250ba623a2960345406c31adf797b5c29e7715fd789c20948bc0cffa289b3be4d190572608376ce163d5ee2a4dd33ccdf74dfba765fbd0a1ef0067dc09c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\iconengines\qsvgicon.dll
Filesize
69KB

MD5
f1a683ba6f78a0c6e2390666d52b35ee

SHA1
e311e92df3a63b8ccd2fab9e7965f6c66059000e

SHA256
9469059fecff193e4628847a14b4b6c7e7c4a4d4489f8ea4e1e98b19b9b7229e

SHA512
0633147d113bab073f83dffb13718f9c9a800ce41dc5a1207ce51c6843e682e603f0c55c25f675ae1fb12e5ac2764a5ea1da8de869cc35ed02f7e93aad001740

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qgif.dll
Filesize
47KB

MD5
dbeb208ebaf03014faa17c161b93502e

SHA1
475f678440724e2c1dee3d78dfd1b553814b33f7

SHA256
c98626b5fcbb3d25d058548fcf49526ddfafb4e917fa1567d9fb369a7eecafaf

SHA512
2e07f54169790bf98fc769f41f08027dcf54806bb1c86ab637a796c5a168b76917ca2aeefb739bb9ad40a7bd7a94285d7b3be6b2e9f0c6f07fc58ecd144c846f

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dll
Filesize
55KB

MD5
ef36332f71eed4d07ca354b09ec8fc97

SHA1
00986214de00624534ae3fedd710e2eb2158593b

SHA256
871c9ac76374c6510cca93f58ebe4ec6d8f8d4f9420c00d3ab23f7756d7984a2

SHA512
55a0931df979b175fb34ace60738ae53ed7bbd2a304870b3035786fc60ff2ea8cb1b092ed9f9c61143ee599171dd1fe8831b3b84957c96133ade517701c10242

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qico.dll
Filesize
46KB

MD5
9e3a5b84ac8917de7fcfb0e346611ac5

SHA1
5f2d6528d7f40559418f02663a5eb02bf37e2975

SHA256
a23e5d3ce334a706eb86bb06fe1dcd01a52954611cdc792eaaa4e0afc3a49a91

SHA512
27095ab7a561151a93f5a2690e202e2594160a21c0e8ae8156ab7a8b4d0b4c73c42bdcb468878867a6f24c00b3d8a2617d4507c6c2447feffe6d0c0fd2887b57

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qjpeg.dll
Filesize
552KB

MD5
74f6e710318bc4874a1c9b229c19f0ba

SHA1
bab59e9e0cfc4fe8fe81a9e65f407b4a7ad82b98

SHA256
53d76435beeb8374c7553e6944754a57f1cacb97270db52b3d7144d1b1470a03

SHA512
9f7ba09d0af791efdce7072dead650ec1e8c13d686a4526366acb38e2628373052da94d461895c2aeadba8c7d3b1da85f98ff56e261e0366e2e7dc1ada39b723

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qsvg.dll
Filesize
39KB

MD5
48d268d4c06134ba2fe044c0d575f3f5

SHA1
9ba00e57924ce0d346c85dcd4b77ac6f13748def

SHA256
4d0243ac9ba6aa1b8985176d001d8c508279ab021bedabb9f6555dbb1f417923

SHA512
eed8bd0436aaae3d6db3cbc62205728954126137933c607d445c66495fc3f4730277bb0f6ee2789a3c33aae10aeadcb1b6082743e9eac043d8c3520afb699a89

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwbmp.dll
Filesize
37KB

MD5
ffadea63b292a4b9c6d098e5a1500969

SHA1
04b3cb48edb4f5917fc43937f5763854773740ae

SHA256
97f108d93f5d94efb8c44097be009feed434873d25a598b366e2874dbb126717

SHA512
59f33ed62ffb41d57c28f8fae627200ed8ce82ca876f7fb5487bae87b90acba02e81e28c872326f74929c5a68cec8cad89e9d13d1a3e7c67a9d04c89454487e8

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\imageformats\qwebp.dll
Filesize
527KB

MD5
8f9b6aa0d2ab07e9f01c704617d1655b

SHA1
57b1abe27a19f7ad8dff18556ac40bffe894628e

SHA256
a2bcc135d0e45b1051e6bb287156c44bd452680d23653cdb1d7341c0fd0ab39c

SHA512
3a6cde6a9c8d115882880b253ebea29cdea6736023b3fdd9d6ff569e034528e914614fec51035978ecf92c14be18fe94c0b87cda93dfca526baead958a39805d

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\jars\JavaCheck.jar
Filesize
1KB

MD5
b7b48051f47b0f34db559d90de94815c

SHA1
1c663d7bf62ca5e56206426874c39e0179a1bc50

SHA256
01bfea23e2c9fb63d14c60eac452ffe1426d6265beb0478e4d5b539c0f03da98

SHA512
7d0d45d523e202dbf236a9fd84241fffec09e7be3a1e40ebff9efe4f8bcd1fa9cde6b843c68a65bf536bfc5b44a6354c8736a67e66d5007223d6bfad7152f752

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qdirect2d.dll
Filesize
939KB

MD5
a409c1a09f4c2e28736b8ec779d5bb60

SHA1
9d6802dbc1a64a6db17e3f952230448684c99ecf

SHA256
7aaedb90f494c3934e3d478abd64163062cdc9b88d6f604c0dec669ae50298df

SHA512
6f29a9d123d5ae9310ca62b8aeb7fbb9c4a4b7ec7631f32a8ede114ce3ce0cfd2476cab57e0fca575527a0d43e60ad808a6b3780da9fe0285340ce84b1e468dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\platforms\qwindows.dll
Filesize
869KB

MD5
708b9fd13b3f558fea05c5ce9d81f180

SHA1
fea63d9d89ead4ee00e2c7cc73f3695646a635c9

SHA256
01a1e86174c7630be10677437343cd8c693ff1fee0787f0cdef67e7a7f9a162a

SHA512
e6139276c266bca9e9991b1cd25b8da66b50692fc312fb989ee3ce44d99b0fdf3520eaa531bdbfce85d74f01f234b6eb17d06471f211f21509c244522eaaafbb

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
Filesize
9.7MB

MD5
337e87e1117573b52d7a069a2bec9935

SHA1
52060abc875a8cb7aa08076b503f2aeaf3dd4d89

SHA256
6651a644ecbfa74355c25036986efe7ac48002c7d6d54b9ff1eb2db5f7fd8bf3

SHA512
638312070c05b33c979e95264f07168e494a854068172c414d2066e9dc7fe766a27d9fae7437060cf5d8c25dfd587d7b066d88a09d6dd32f68b8bd2fc88b6aa7

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qt.conf
Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\qtlogging.ini
Filesize
534B

MD5
4995c4ae4070a861669fd6e997d815be

SHA1
aa42f6bbab438d303e6e74172eca6a0673239e2d

SHA256
fa8b3d64121cc915337b69756bd87597f4f557a802a95e953e2dfe33e40a52ff

SHA512
96a0cee7c45fb86deb02286f6994a7aa1979e69e6e0bd3014a9ed897e6695d2fa586434fc3ea9c083118f1440bfcbacb9d4bba55cbe6ab14fdb92424b31a315e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\styles\qwindowsvistastyle.dll
Filesize
140KB

MD5
6c409b308fe4445f959e0df592960903

SHA1
6f4c938e0e892e478e9bd98a408d40f32dd283bb

SHA256
b68d5ec0167ea43fb6d86f714906ac1fd9b6a64da963f445442636d9e193fb16

SHA512
7e4a6335adaf7cb19eecd79241fafe689a644c1edc4ef74dba0c3533dad03c9e9ffceecd1efe472015d3d5f0c3fb9221364a80425bf7e593f198ef51de913238

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\tls\qschannelbackend.dll
Filesize
229KB

MD5
ae50faf9bc79f3bf69b1c1ed92773631

SHA1
942e42fff7ee58d72b6457aefcf3d9f1b5bc71b1

SHA256
a735c50c3a9440f951baf9d63d33771ed88fbf739f4c479dacfab2d359eb0f92

SHA512
fa880c2e93cc912c5c62ceb443e87b36b2a27fbd81fc7967605709682204f7ec2d08aa2b36a5248a5381160a5fa1445eba69a66cca4c8db625c4f57c981575f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvA142.tmp\System.dll
Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvA142.tmp\modern-wizard.bmp
Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvA142.tmp\nsDialogs.dll
Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvA142.tmp\nsExec.dll
Filesize
7KB

MD5
b4579bc396ace8cafd9e825ff63fe244

SHA1
32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c

SHA256
01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b

SHA512
3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg
Filesize
100B

MD5
2fd9b2881791ef2552623031a166fba9

SHA1
5be1998cc120c1d2ed4f5f914a81693c5895c0e7

SHA256
89bc2325cd25aa3b7556deb54026afa3a7dbd300542e27b3cc38bc9a7dc0277c

SHA512
692e1861722fb5aacb08b4f311bc410cc40f7608a1af8a9886d41d7d5d990b691e9df868f086c910ded758b214c1f3b6b085fa511afc7e1131881e7c594ea668

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg
Filesize
116B

MD5
6a670e1d84060da1dd45bc92d4455465

SHA1
90e8619ce02d8ba298c4bdd7c09fac2477b5dbcf

SHA256
26e3b139b3439852ea908a55e3a236ada4d9d3273355cfbcda740f49ca0b2a34

SHA512
669e8c244f74c9ddd93534afc45a465f73a84a457a2c0f65e6e6053ef143ace22a219a091331a45ef17b3aacd8c8cd593770b52dcb6bcec92b03d27d2d490dd5

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg
Filesize
75B

MD5
797496a683771db00ebff014e1646357

SHA1
ac805177dd5daeadc58f15094e101da02930a2ac

SHA256
36f33a8da824a21894fcb59b1525a2e973101f59fd6360954498580ba208f161

SHA512
63bc37433857edfe5868b458e3e76df216def6f8b62bb73125fe17fe1f9981182e5d8dcca83e904b4d52251b365fc687c12db6e685f014894e9d5282283c31ee

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg
Filesize
228B

MD5
230fff32498cbf9feade36d4ef35f159

SHA1
0082666be21af08c5a019b2da1c1056c5fa0cbf2

SHA256
b05f45c56f87c48d9e8e81d778ef848ca33b8488d7d299e67ac1afcf51f4e646

SHA512
ba7bf8ab8a42c6474e0bf1911151f029bc347f5d9f29e76fb960ac04a9e6737d1e1ed1874cfc68141e1445f6f47938de3fed4678afc83ce612948684fa13ab4e

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.ajwfAN
Filesize
30B

MD5
a6dc16331f06bc5831e5ddc9799284ec

SHA1
d344f83d549df8c3e2c959182ba37f8c81d885a5

SHA256
9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

SHA512
43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.lock
Filesize
66B

MD5
0178c088486d21325bc2cd2ba8fdf7ba

SHA1
6f652858e400115ba2a201168f4d4028ab84b915

SHA256
d86ffde3def6516bf1445435c30a5f5b3757fd66d2b7f9bf9fddd74625d0ce71

SHA512
12942e5ed6d1b8678386c172ea5d0f40ee1067b346529d16b333c5bdd545b40b0f0561c60a3380f701d079802ef33ccc2740d993284866089ec8d9fd6866ab1d

Download Submit
memory/1148-230-0x0000021D93A20000-0x0000021D93A21000-memory.dmp

Filesize
4KB

Download
memory/1664-236-0x000002435C300000-0x000002435C301000-memory.dmp

Filesize
4KB

Download
memory/1948-238-0x00000204F3110000-0x00000204F3111000-memory.dmp

Filesize
4KB

Download
memory/2688-103-0x00007FFADE8D0000-0x00007FFADEEFD000-memory.dmp

Filesize
6.2MB

Download
memory/2688-101-0x00007FF7FDD80000-0x00007FF7FE746000-memory.dmp

Filesize
9.8MB

Download
memory/3372-237-0x0000016486520000-0x0000016486521000-memory.dmp

Filesize
4KB

Download
memory/4824-254-0x00000217011A0000-0x00000217011A1000-memory.dmp

Filesize
4KB

Download