80048ab4b4e0128faa80c43a323a89326f01b7f86ffd176e1f66718cd26e1525

Resubmissions

03-11-2021 10:15

211103-l9765sdee8 1

03-11-2021 10:14

211103-l9m6zaafhk 10

Analysis

max time kernel
842s
max time network
1569s
platform
windows11_x64
resource
win11
submitted
03-11-2021 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ProstoLauncher.exe
Size

126KB
MD5

6399365f4b8289b38b9ae4853a19ba65
SHA1

f21c6301ed85ae399800384abb60716a353ab441
SHA256

80048ab4b4e0128faa80c43a323a89326f01b7f86ffd176e1f66718cd26e1525
SHA512

5b33d0ecea7cc998efe659d022a4bf088ec6178419bb007373982478a46a5eeb3c55cd55f4a52ed1cbce7bfee59cbfdd4827021494a800050629b8e10c395898

Score

10^/10

persistence phishing

Malware Config

Signatures

Detected phishing page
phishing
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

javaw.exe

pid process

4796 javaw.exe
Sets service image path in registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Loads dropped DLL 12 IoCs

Processes:

javaw.exe

pid	process
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe
4796	javaw.exe

Drops file in Windows directory 6 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\SoftwareDistribution\ReportingEvents.log	svchost.exe
File opened for modification	C:\Windows\WindowsUpdate.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.edb	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

4188 tasklist.exe

pid	process
4188	tasklist.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

WaaSMedicAgent.exesvchost.exeWaaSMedicAgent.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	WaaSMedicAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	WaaSMedicAgent.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

ProstoLauncher.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProstoLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProstoLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	ProstoLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProstoLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProstoLauncher.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

tasklist.exe

pid process

4188 tasklist.exe
4188 tasklist.exe

pid	process
4188	tasklist.exe
4188	tasklist.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

svchost.exesvchost.exeProstoLauncher.exeWaaSMedicAgent.exetasklist.exe

description	pid	process
Token: SeShutdownPrivilege	1712	svchost.exe
Token: SeCreatePagefilePrivilege	1712	svchost.exe
Token: SeShutdownPrivilege	1712	svchost.exe
Token: SeCreatePagefilePrivilege	1712	svchost.exe
Token: SeShutdownPrivilege	1712	svchost.exe
Token: SeCreatePagefilePrivilege	1712	svchost.exe
Token: SeShutdownPrivilege	5084	svchost.exe
Token: SeCreatePagefilePrivilege	5084	svchost.exe
Token: SeDebugPrivilege	1336	ProstoLauncher.exe
Token: SeTakeOwnershipPrivilege	344	WaaSMedicAgent.exe
Token: SeSecurityPrivilege	344	WaaSMedicAgent.exe
Token: SeRestorePrivilege	344	WaaSMedicAgent.exe
Token: SeBackupPrivilege	344	WaaSMedicAgent.exe
Token: SeShutdownPrivilege	1712	svchost.exe
Token: SeCreatePagefilePrivilege	1712	svchost.exe
Token: SeDebugPrivilege	4188	tasklist.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

javaw.exe

pid process

4796 javaw.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

svchost.exeProstoLauncher.exejavaw.exe

description	pid	process	target process
PID 5084 wrote to memory of 1512	5084	svchost.exe	MoUsoCoreWorker.exe
PID 5084 wrote to memory of 1512	5084	svchost.exe	MoUsoCoreWorker.exe
PID 5084 wrote to memory of 4132	5084	svchost.exe	MoUsoCoreWorker.exe
PID 5084 wrote to memory of 4132	5084	svchost.exe	MoUsoCoreWorker.exe
PID 1336 wrote to memory of 4796	1336	ProstoLauncher.exe	javaw.exe
PID 1336 wrote to memory of 4796	1336	ProstoLauncher.exe	javaw.exe
PID 4796 wrote to memory of 4188	4796	javaw.exe	tasklist.exe
PID 4796 wrote to memory of 4188	4796	javaw.exe	tasklist.exe

C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe"
1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1336

C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exe
"C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exe" -Xmx256M -XX:+DisableAttachMechanism -DdisableOldUpdateSystem=true -jar "C:\Users\Admin\.prostocraft\launcher.jar"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4796

C:\Windows\SYSTEM32\tasklist.exe
tasklist /V /FI "STATUS eq RUNNING" /FO CSV /NH
3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4188

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe d27ea727a484b6de92fc5c6e9e75b2a6 mBM9uuLzMkWkFqAwop5hlA.0.1.0.3.0
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5084

C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
2⤵
PID:1512

C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
2⤵
PID:4132

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe d27ea727a484b6de92fc5c6e9e75b2a6 mBM9uuLzMkWkFqAwop5hlA.0.1.0.3.0
1⤵
- Modifies data under HKEY_USERS
PID:2716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.prostocraft\jre_launcher\bin\awt.dll
MD5
33e9b154e43b2b69adf40d6799208d88

SHA1
895cff6ece3fad39f56223615c91cf25a7384aa9

SHA256
7951eb8e97ee2e048e89f5890859ed2782e3c5b161725e05451b60bcee233ea4

SHA512
bdb3395c6a2fa8a63ad90027721806b051f83260ff73ba3916dbb8fb0fa4c03bc51deffefec60973e14c9c37a18b5040957678511f281434f4dee53889800071

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\awt.dll
MD5
33e9b154e43b2b69adf40d6799208d88

SHA1
895cff6ece3fad39f56223615c91cf25a7384aa9

SHA256
7951eb8e97ee2e048e89f5890859ed2782e3c5b161725e05451b60bcee233ea4

SHA512
bdb3395c6a2fa8a63ad90027721806b051f83260ff73ba3916dbb8fb0fa4c03bc51deffefec60973e14c9c37a18b5040957678511f281434f4dee53889800071

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\fontmanager.dll
MD5
872fbbf67cd3cab9c2f9e784cdd45c30

SHA1
c03fbc635f201353d91d8b40df5d8743685deb53

SHA256
67068daa2edd079f18f0a1f41352eeba4de16a4fbdddeefd404e014428e4aecd

SHA512
e95180dc51abd56800bc5a62afdd2619e78b331faf3d30065bb026dceaa8a99e63ad3890f1d95452b501fb3e88ca6c1104b7f5c6fe4e8986f65b994913f60983

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\fontmanager.dll
MD5
872fbbf67cd3cab9c2f9e784cdd45c30

SHA1
c03fbc635f201353d91d8b40df5d8743685deb53

SHA256
67068daa2edd079f18f0a1f41352eeba4de16a4fbdddeefd404e014428e4aecd

SHA512
e95180dc51abd56800bc5a62afdd2619e78b331faf3d30065bb026dceaa8a99e63ad3890f1d95452b501fb3e88ca6c1104b7f5c6fe4e8986f65b994913f60983

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\freetype.dll
MD5
888d53b780067b3b089198e7af1bdf2b

SHA1
7b4b3d8dde2b288885c87d22f40987a32a385019

SHA256
872bb64cd90df72c9b822f3768446a9595fe84936e1ce91cc6b4d383e7b2b41e

SHA512
75b0ce4644185ac80a7b951b0557781c037aecb10abfefea95dec9e97c9015496484571e1ac0a3a3411234eb0e05a6478053ea3b48a697e717b7f98f34fec0b5

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\freetype.dll
MD5
888d53b780067b3b089198e7af1bdf2b

SHA1
7b4b3d8dde2b288885c87d22f40987a32a385019

SHA256
872bb64cd90df72c9b822f3768446a9595fe84936e1ce91cc6b4d383e7b2b41e

SHA512
75b0ce4644185ac80a7b951b0557781c037aecb10abfefea95dec9e97c9015496484571e1ac0a3a3411234eb0e05a6478053ea3b48a697e717b7f98f34fec0b5

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\java.dll
MD5
3f31721d9d07e16703822163852ad595

SHA1
eb4fbcaa5a15aa5809c32abec87d9ed6b0d1959b

SHA256
f8620213358c4e63e8c04e095db383f8f39170a9360dd33dbd600ea750a00efc

SHA512
57fda13b745a0b91cf7bcf171f8de7a3537c45d16fbe59c4659502ba69efc6aec786edb0839195c240ca4dc1407138a92e8969410c59e88b0eaf77b4820f2199

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\java.dll
MD5
3f31721d9d07e16703822163852ad595

SHA1
eb4fbcaa5a15aa5809c32abec87d9ed6b0d1959b

SHA256
f8620213358c4e63e8c04e095db383f8f39170a9360dd33dbd600ea750a00efc

SHA512
57fda13b745a0b91cf7bcf171f8de7a3537c45d16fbe59c4659502ba69efc6aec786edb0839195c240ca4dc1407138a92e8969410c59e88b0eaf77b4820f2199

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exe
MD5
a7e2be2458fc570315febd27f44bf01e

SHA1
2276d27477ea32a5cf6cbf37bd73b961c2ca791a

SHA256
f1092d1203289bc6c0f05982d3ccd741075eedcd1d3022affb735b4eb0b62b19

SHA512
96f8b285748951679083528f164f3e713c16fb10fe4342674287d963340313577f4cd85e5db6f06037e595492133b9d71ef420aa70fa67786b5b184b502d181a

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\javaw.exe
MD5
a7e2be2458fc570315febd27f44bf01e

SHA1
2276d27477ea32a5cf6cbf37bd73b961c2ca791a

SHA256
f1092d1203289bc6c0f05982d3ccd741075eedcd1d3022affb735b4eb0b62b19

SHA512
96f8b285748951679083528f164f3e713c16fb10fe4342674287d963340313577f4cd85e5db6f06037e595492133b9d71ef420aa70fa67786b5b184b502d181a

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\management.dll
MD5
104c87698afab216ba46a12d3249fdd2

SHA1
f5866a5abe8246261d304a99e88a049a9f733c6f

SHA256
334002d1fd15a0bc3b364da760c21f5b37e7577843fe741483b007d750e47037

SHA512
6429a5ecc59c7e6e8c43f566873f76d226e1228d75ab8eb3f00f44dcc0e0e9fe2bf79216138381b2f62b8256ec08e96b74ca145a76e1a534e53f681bb3cdf11f

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\management.dll
MD5
104c87698afab216ba46a12d3249fdd2

SHA1
f5866a5abe8246261d304a99e88a049a9f733c6f

SHA256
334002d1fd15a0bc3b364da760c21f5b37e7577843fe741483b007d750e47037

SHA512
6429a5ecc59c7e6e8c43f566873f76d226e1228d75ab8eb3f00f44dcc0e0e9fe2bf79216138381b2f62b8256ec08e96b74ca145a76e1a534e53f681bb3cdf11f

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\msvcr100.dll
MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\msvcr100.dll
MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\net.dll
MD5
cb8432a2d628e71cbc64cdf482acebc9

SHA1
3a4e39e7f7fbb4035e7dc84647daec8df1b0c5a0

SHA256
fa86cfe0062b72f3ce803fde6132b8ab2f976a0bf988398e748c376bba178af0

SHA512
72173b3d64cc529bbbdd17f56bd08648c732158ed11ad685d01fe5e306900046e562e1c5e187c8c586b6d481401717f2bb3d8b4f7d153fc035b2e5d67ef77e21

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\net.dll
MD5
cb8432a2d628e71cbc64cdf482acebc9

SHA1
3a4e39e7f7fbb4035e7dc84647daec8df1b0c5a0

SHA256
fa86cfe0062b72f3ce803fde6132b8ab2f976a0bf988398e748c376bba178af0

SHA512
72173b3d64cc529bbbdd17f56bd08648c732158ed11ad685d01fe5e306900046e562e1c5e187c8c586b6d481401717f2bb3d8b4f7d153fc035b2e5d67ef77e21

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\nio.dll
MD5
087ebc333bed4c5098bdc791bb3268b1

SHA1
bf05182a4df4d51b1b1128f87874d997c1cf8be0

SHA256
765a2f4c750b53627f0549641cb998e01ccfa56c40e9d847825d7982e5a0318b

SHA512
7ee2d1c095afb12d638069bf6ecac59f79c48d7e06f428bd52fb8c793ddaa9919a99dd53e8c2c495bc372641875f132ccc3e3808e298f910793a789bc829acc6

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\nio.dll
MD5
087ebc333bed4c5098bdc791bb3268b1

SHA1
bf05182a4df4d51b1b1128f87874d997c1cf8be0

SHA256
765a2f4c750b53627f0549641cb998e01ccfa56c40e9d847825d7982e5a0318b

SHA512
7ee2d1c095afb12d638069bf6ecac59f79c48d7e06f428bd52fb8c793ddaa9919a99dd53e8c2c495bc372641875f132ccc3e3808e298f910793a789bc829acc6

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\server\jvm.dll
MD5
5008d1e765a674700b11cd8f2080afa0

SHA1
03bc819591f2c9bbc640f74f73d0bb679b232e70

SHA256
2337c9c4ab16d8e78dc54f7cde3353e75a18a286283a650d5dd318a2cdcc481a

SHA512
34ab0c1153e692fdc9b5e46771d3dd9daf1bacb751c70ae24b9b29426badf1e908202f12d8028b2810596b85b67972666a57c3a710dba3969e8eb6201986c5fa

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\server\jvm.dll
MD5
5008d1e765a674700b11cd8f2080afa0

SHA1
03bc819591f2c9bbc640f74f73d0bb679b232e70

SHA256
2337c9c4ab16d8e78dc54f7cde3353e75a18a286283a650d5dd318a2cdcc481a

SHA512
34ab0c1153e692fdc9b5e46771d3dd9daf1bacb751c70ae24b9b29426badf1e908202f12d8028b2810596b85b67972666a57c3a710dba3969e8eb6201986c5fa

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\sunec.dll
MD5
50561e132453081ab3be005bf6796d90

SHA1
b5462b6855123a525d79331bd25a70cd4f3ce1e4

SHA256
55fd9666ca27bcd48b5a86ed39d524a5b677b2e4857f7605bd72b6657c2ce995

SHA512
78944d894798de8da9ff21407155378f26462508e441c829dc31e09e3217e4c2f35d255f13b54e439e1ad8e1d798696fe8dbc96483dd3c1e93ecda99bfdf525a

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\sunec.dll
MD5
50561e132453081ab3be005bf6796d90

SHA1
b5462b6855123a525d79331bd25a70cd4f3ce1e4

SHA256
55fd9666ca27bcd48b5a86ed39d524a5b677b2e4857f7605bd72b6657c2ce995

SHA512
78944d894798de8da9ff21407155378f26462508e441c829dc31e09e3217e4c2f35d255f13b54e439e1ad8e1d798696fe8dbc96483dd3c1e93ecda99bfdf525a

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\verify.dll
MD5
e2e4d70319b2c6f1d0f3518dcdec41f9

SHA1
c06ad7b35aab3d0e7517e8da6ec771b86864822a

SHA256
2d05c3f8ae307ffff9904524af3a2f30b31f973fa68d9ac3dc76f1efbdabe9fd

SHA512
53ec25c59d1f686fb9473b3b3cc84ed2d20979f792c36adbb6228579d23a38a2fa1d5186fcbb86aa0567651894eb2ed51f5165d59fab8f6e3f354d137ef06cdd

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\verify.dll
MD5
e2e4d70319b2c6f1d0f3518dcdec41f9

SHA1
c06ad7b35aab3d0e7517e8da6ec771b86864822a

SHA256
2d05c3f8ae307ffff9904524af3a2f30b31f973fa68d9ac3dc76f1efbdabe9fd

SHA512
53ec25c59d1f686fb9473b3b3cc84ed2d20979f792c36adbb6228579d23a38a2fa1d5186fcbb86aa0567651894eb2ed51f5165d59fab8f6e3f354d137ef06cdd

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\zip.dll
MD5
607e3117753f1be1d8c6555d8cb7fbd8

SHA1
816e6dc9f77b7f04621863e3d8da1fe804822e9c

SHA256
89e2a52601cbaaf90f56ca486c05ad38afeb127cf6a039039dcb800f8d9ba5f9

SHA512
02272fbbebe3cda6c29fce210561df0001155efba14d28b1b00872ed41b96579eea5676c681a97c0fece001cb791f8ebe4e10af7f4092817ab880cca83a66abc

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\bin\zip.dll
MD5
607e3117753f1be1d8c6555d8cb7fbd8

SHA1
816e6dc9f77b7f04621863e3d8da1fe804822e9c

SHA256
89e2a52601cbaaf90f56ca486c05ad38afeb127cf6a039039dcb800f8d9ba5f9

SHA512
02272fbbebe3cda6c29fce210561df0001155efba14d28b1b00872ed41b96579eea5676c681a97c0fece001cb791f8ebe4e10af7f4092817ab880cca83a66abc

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\accessibility.properties
MD5
2ed483df31645d3d00c625c00c1e5a14

SHA1
27c9b302d2d47aae04fc1f4ef9127a2835a77853

SHA256
68ef2f3c6d7636e39c6626ed1bd700e3a6b796c25a9e5feca4533abfacd61cdf

SHA512
4bf6d06f2ceaf070df4bd734370def74a6dd545fd40efd64a948e1422470ef39e37a4909feeb8f0731d5badb3dd9086e96dace6bdca7bbd3078e8383b16894da

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\amd64\jvm.cfg
MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\currency.data
MD5
06cbdc01d247d7b365c804c4e9aaefad

SHA1
183cb72e7bf7118d870e549e9ca1fc096a2e3107

SHA256
183cea6ec937c92c47f2af345fda468cb19c6126dbb1a35b70dd47623efabe2b

SHA512
78a768406649b73457796f19f347c407c867c630be77d79997e25ca852e3987c0645fb5affecaaae458b1d6f9dbc6e359f505760652a898d6a1f515034a004c2

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\cldrdata.jar
MD5
af5b7e4b303dde9c33b7a47742a843dc

SHA1
c43e8acf20d6c749cefb18592d166f4d5febea22

SHA256
f66fc0e580aa34b65f85d12bc0d3300d9b178b819452e441da4e73adbd5c2479

SHA512
94be19e92e63fc7b3f37b001d9f072d1e697bc759cfb4615b3223d19c534a893107679b99bf8fb7a54efef866c5d5f38b901e8b5aa808a0fb729669bc3502ffc

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\localedata.jar
MD5
71bc08cc79e2ac26eeae0e972c4aa86c

SHA1
244672e75edcc5c07ca5f69397415ea32fef58f1

SHA256
854cb2f842d4d9bfb250ba7727c72fa3be3e23347951197019aed141dc913c1a

SHA512
6e4edd3ac384a6d7e9b2862519bba39e965f4c49b9c7d0b7eaa5230c89395804b2df1665cc48c10f3742f5220b9398f3bc0dc85a6eecafe4691edf6eed41ddcc

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\meta-index
MD5
c13d39595f3ab17500d6963b323558a5

SHA1
65e8806bdc09e1433e0c9c4ccbce759a3db0df98

SHA256
f3c5b6ec18f23aabcb3c33ae6972c5f65fc3220196e4a3081e25341ce530cf64

SHA512
9e5821660a85337ad94a7d8dd488ca400e58046af7ab0785080b257c35d22462304b59d157579c3d79315a9d51bad3970988a8e45f34d8d741265f6e3ff202d1

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\nashorn.jar
MD5
e25f5e11b9702241d9cfa08a7ffede66

SHA1
c9fdc6e1be21dbebbeae268db4dfee273f80c8e4

SHA256
a1fae362c0b629a8bc2573ac53b10cd58908df0fa7787b506f06ef4f9603ee56

SHA512
1cbb368e85db75939c8dd07026fb09666adaa0014dfd6f34caaee22d6106197e853849bc1995f6f8b2e56b821327d6316cbb1004cf431579811c89fb637e6fd8

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\openjsse.jar
MD5
06d227469855967edac6763909785dba

SHA1
cc9578a57ec16fc4091efe5d7be7ca2048617f68

SHA256
04bacac471ca7d29dcdd06013f5d48eb0e30adfacbc4cd192f7008f6d75a8864

SHA512
3c52b46f28955e85b5e45db8213fd1adb1b320da9e809daf1ff8f8204c2c592cbe5cec1b98133f2d9543dccd407658fee77cf33722e3cf28beeab3a9a903e3ff

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\ext\sunec.jar
MD5
79fef85c0dabf1c0075d6bfbb6759244

SHA1
b7ff2ffd36e7c47b419cdcb46b1edfa900c116a5

SHA256
64638c49201c94989fad0c0a2169bda9765b67fcc2aef2aa4033dd29872b3e69

SHA512
b2e079225a49e8b89722128773dcc3865273d91cfe4f3dcf6dc7088aabcd92ef3ecf2f515595bff27343bbc96a03eeb69760e35635b55193df313b58bacaf8a6

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\fontconfig.bfc
MD5
48b8858d27494a66594b59695d6dc60b

SHA1
1d3bff1e17ef6b5563cbd0762c2867b36fbdad95

SHA256
3f1792188ae901eca47b64728776d35095dc0220d5c929d0da99a2427877c3b2

SHA512
5d814990cff9f787723c629e22b30a2abfc9c8df0a712c2a7cb7b11ec52ddb083cb67c2158eeea2cc03d763aa308c9a271ac7cb7c88a96e4e4c029dd95b7656c

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\jce.jar
MD5
568bc38e0ddd963fd7527d03ede92d30

SHA1
9e8e4d9342ba118d215effff0d1fc7bdb6f85f06

SHA256
75dc223aac99d208ac71dd0eb0f4da24b869bf76019bd6d609602d19b3c24bdf

SHA512
3a51e3bf825a0f7fa14375ec452f736688e38e4ecf7eefb121560a7c664cad006874d34c163a325dd6ed5ecfcb425817f2d21e54694291775c4a8587b6a168c6

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\jfr.jar
MD5
4d48c2627bdd719de7d8dcda91a9385e

SHA1
f72a1189bfa1310afb4799fd343234e962ce4453

SHA256
46c367ff26ca9bf9e19a7e6f26d68ca4cbb09172ecd21f673fc9456a171a6758

SHA512
ae2ccb4a89def734f27d88ac439cceeffabe388635d4b386e42483617b9c4f65125b7c2cc7124063e2abddc3624536535d3ecce8fff07a5e4738b5f5c2f36fd5

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\jsse.jar
MD5
eb6ca61950d7c34fe6d1d734a1b6a6d7

SHA1
e89da234bd5e00a7c2ea5abb99e3aa54993a8e32

SHA256
2532573c38e277175a0b7eb529fed5f54e20bc961ddf8fcf99d939da954ec760

SHA512
e3a808abf5dfb24203ba1c0482e0e672f537b7299b21c4825c916128afa646d72837c3e81712f6f67d83f7d8d6c9b84ec9853c29f642e7b02b5a69082d250a9a

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\logging.properties
MD5
809c50033f825eff7fc70419aaf30317

SHA1
89da8094484891f9ec1fa40c6c8b61f94c5869d0

SHA256
ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232

SHA512
c5aa71ad9e1d17472644eb43146edf87caa7bccf0a39e102e31e6c081cd017e01b39645f55ee87f4ea3556376f7cad3953ce3f3301b4b3af265b7b4357b67a5c

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\meta-index
MD5
83964354d8e8e69dfc1001f01682bd70

SHA1
1f2012a464683ccc1c284d51b20778811641b2ee

SHA256
dff270e76bd7d851cbcf79702aebd71122c3a9e93836ae4e9f650234a754b5c3

SHA512
4be6e0c8ed2bd2f59286bbfa5041676f352e32731e070d7c26511e1e570bd8d6940ff2cc59b0e1656c9c8b3f86186a34709dbf19c303d80840307dacc39d9956

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\resources.jar
MD5
c3bbe27de1f2b10ef2bbb56a7f961c51

SHA1
0739a03caf8dab725790734b72ff66c2a7985392

SHA256
4a05769f8be84bd5f0319c87cd7d61adf1890b8a90f954e3d38d1743becdb77d

SHA512
ebdb969491b2bfc0c1d1b64da051ff108ede6305dce034a5e86cad68b671f735152d788eba12151dff026df5200a1ec3cf6002addae4a25c3c1ee0e87727b9fb

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\rt.jar
MD5
458bc2981d973f4e026a8fb60289fade

SHA1
d3788bf4acb12e0e15e4adeb597062c308df04bd

SHA256
4ba750e38b48d8040a692160a31323bf64e41d95b6d1058e70fcbf09045a4f6d

SHA512
c2825c905c668ed060dfb46425afe5e30d857c661987c899e1c29dedb94b02c2186ef0f732e4c5bf531b2b354bf0bb521a19ad05697de12e688669fbbb38e530

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\security\cacerts
MD5
a8182c2e545a8fee39a7d95c5d8de160

SHA1
ddbcd5a35942c3a8090aad86a26b8489122697e5

SHA256
d39ee462113ff7c12d1ba3eeb2ba30a6d43dad4ee254744770784f35e29269a2

SHA512
07deb4dd16c27e5b6f2a89547dfa91439556e09d02b6565c514cd4061ed96412ae9e7094c7d254eec467b9a45c64fae6032f6802b41d92ec8e75e190b4faeb03

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\security\java.security
MD5
5437557ab8efaa997e3a4cf2d6e23012

SHA1
751aa69f3eff9f079f8a4834b1416f029cdbd5e4

SHA256
fc7d92dab9e7b2ce281937b747c3341f8039d43290ebf1a0ab41d05f83ec6c55

SHA512
98f46518acb7e3eafa1b5a67ffa308a2f9b6094fe1eeaace6f3b176d4ddbb1d89bf90d247fd21d32d71941163ab5a761f28503bb19e98e44a76df4fad127e614

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\security\policy\unlimited\US_export_policy.jar
MD5
e151e82ab2931edbd9db48ebde2521ac

SHA1
a4949ea49a22e4339ee7655008770fd8d3901ce8

SHA256
38ad0943cc31f666c4fdfadae13f0ef7fc32c3ffedb7c270106681349cd8142e

SHA512
93b0d04f63944d9f783b06cb1012af8f6405e3f81d12144f7d00683ad42ea9fa65a0c44cf2797f4b4e12eb5bd20d2f7ed3a30dbe83cc55ac5f57d2d585cc50e6

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\security\policy\unlimited\local_policy.jar
MD5
7a0122e7772ce94751f3c7d7c78e553d

SHA1
b6b25e936e8c31a24570e179ccd92c6e4c53b53a

SHA256
de91ef8434aabcae85ecdcc292e8bfc400d3385ea24c1edc5e6faab07383c6b1

SHA512
69cd5d80fd2a3542c71af9ba06942f3d9d4762a17cc7b020aa6787bb1fedbb35905c9a5a0de8b6d97106dc4baa35ab44314b50edada8b76661477d6d8a932e6e

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\tzdb.dat
MD5
91e23cf0643b8b4109440215fc662aa2

SHA1
f401cdf8f33de0b1442aa64b0437e79133957d20

SHA256
939cd4a7554ad2f85b493d6213c5815736add4eb1a14de37a8c8b0106b952f7a

SHA512
63bee2044eb21fe2ead9e41e893547a6ac4c882413a6749f2e5858fb91678033f36a1f6837c5140a3f4c563a05773647971e913125587b0c53cf23356d35592c

Download Submit
C:\Users\Admin\.prostocraft\jre_launcher\lib\tzmappings
MD5
62bc9fa21191d34f1db3ed7ad5106efa

SHA1
750cc36b35487d6054e039469039aece3a0cc9e9

SHA256
83755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a

SHA512
af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3

Download Submit
C:\Users\Admin\.prostocraft\launcher.jar
MD5
6113ca6a64028dc1e6ad2db6b079d96c

SHA1
be86d220cc92ea22d4e9d1bf9d1013ddbac02190

SHA256
bb81157a00dab82d40d65d7220dfdc0bbafaabbc22cc29ec786e0c7aa3a38bb8

SHA512
43f65ab02cfdea3ee8eee32bea7dd012c0d7916522def05dc34a42ddd877f5433f4300e594494f931b551a9ab232fa9ed188b827b963172452affe7b97b38b7b

Download Submit
memory/1336-146-0x0000000000C00000-0x0000000000C02000-memory.dmp

Filesize
8KB

Download
memory/1336-152-0x0000000000C05000-0x0000000000C06000-memory.dmp

Filesize
4KB

Download
memory/1336-151-0x0000000000C04000-0x0000000000C05000-memory.dmp

Filesize
4KB

Download
memory/1512-150-0x0000000000000000-mapping.dmp

Download
memory/1712-155-0x0000026434470000-0x0000026434471000-memory.dmp

Filesize
4KB

Download
memory/1712-157-0x0000026434430000-0x0000026434431000-memory.dmp

Filesize
4KB

Download
memory/1712-154-0x0000026434550000-0x0000026434554000-memory.dmp

Filesize
16KB

Download
memory/1712-149-0x0000026434530000-0x0000026434534000-memory.dmp

Filesize
16KB

Download
memory/1712-148-0x0000026431E20000-0x0000026431E30000-memory.dmp

Filesize
64KB

Download
memory/1712-147-0x0000026431750000-0x0000026431760000-memory.dmp

Filesize
64KB

Download
memory/4132-153-0x0000000000000000-mapping.dmp

Download
memory/4188-235-0x0000000000000000-mapping.dmp

Download
memory/4796-205-0x0000000002A70000-0x0000000002A80000-memory.dmp

Filesize
64KB

Download
memory/4796-206-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/4796-218-0x0000000002A50000-0x0000000002A60000-memory.dmp

Filesize
64KB

Download
memory/4796-219-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4796-220-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4796-209-0x0000000002A00000-0x0000000002A10000-memory.dmp

Filesize
64KB

Download
memory/4796-216-0x0000000002A30000-0x0000000002A40000-memory.dmp

Filesize
64KB

Download
memory/4796-217-0x0000000002A40000-0x0000000002A50000-memory.dmp

Filesize
64KB

Download
memory/4796-215-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/4796-214-0x0000000002A10000-0x0000000002A20000-memory.dmp

Filesize
64KB

Download
memory/4796-204-0x00000000029F0000-0x0000000002A00000-memory.dmp

Filesize
64KB

Download
memory/4796-201-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/4796-232-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4796-233-0x0000000002A90000-0x0000000002AA0000-memory.dmp

Filesize
64KB

Download
memory/4796-234-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/4796-202-0x0000000002A60000-0x0000000002A70000-memory.dmp

Filesize
64KB

Download
memory/4796-237-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/4796-236-0x0000000002AB0000-0x0000000002AC0000-memory.dmp

Filesize
64KB

Download
memory/4796-238-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/4796-240-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/4796-196-0x00000000029D0000-0x00000000029E0000-memory.dmp

Filesize
64KB

Download
memory/4796-242-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/4796-243-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/4796-244-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/4796-245-0x0000000002B20000-0x0000000002B30000-memory.dmp

Filesize
64KB

Download
memory/4796-247-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/4796-249-0x0000000002B40000-0x0000000002B50000-memory.dmp

Filesize
64KB

Download
memory/4796-251-0x0000000002B50000-0x0000000002B60000-memory.dmp

Filesize
64KB

Download
memory/4796-182-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4796-181-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4796-175-0x0000000002760000-0x00000000029D0000-memory.dmp

Filesize
2.4MB

Download
memory/4796-173-0x0000000002760000-0x00000000029D0000-memory.dmp

Filesize
2.4MB

Download
memory/4796-158-0x0000000000000000-mapping.dmp

Download
memory/4796-277-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/4796-278-0x0000000002B70000-0x0000000002B80000-memory.dmp

Filesize
64KB

Download
memory/4796-280-0x0000000002B80000-0x0000000002B90000-memory.dmp

Filesize
64KB

Download
memory/4796-281-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/4796-282-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download