ce27c3f2c36363b75bc88c8a52ee1ee2c79717647b292ca4cfb1ffe74d9dc0b6

Analysis

max time kernel
126s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

METROCRAFT2036.exe
Size

1.3MB
MD5

9f5ae9b3a709b8df3ec6b9d18c930d2a
SHA1

711a0c3fb091d1a30f14afcfa0426ec6e530fe15
SHA256

ce27c3f2c36363b75bc88c8a52ee1ee2c79717647b292ca4cfb1ffe74d9dc0b6
SHA512

7410be530c89a998dfb697fdfaa65e5c4a489746e40265e9212e4ab3813fea83bc8b89409b3b1a6c4416aae9b510370d4b81bc62112dae22dff06dda57eee4d9
SSDEEP

12288:i+oefbSFWxONMC9jrb9jxHE2lc4ltiFN9kUiC9yumXTNT6ebBPvQL32ikCaUS4cG:/ogeOf+c067iCnmXZT713y3k94cunZe

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000\Control Panel\International\Geo\Nation	loader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000\Control Panel\International\Geo\Nation	METROCRAFT2036.exe

Executes dropped EXE 2 IoCs

pid	Process
5100	loader.exe
4060	javaw.exe

Loads dropped DLL 10 IoCs

pid	Process
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
4060	javaw.exe
876	javaw.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f463a5c000000000000000000000000000000000000000000	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "3"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	javaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	javaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5a0031000000000001590fab10006c61756e636865720000420009000400efbe01590fab01590fab2e000000d83502000000070000000000000000000000000000001d4add006c00610075006e006300680065007200000018000000	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	javaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c00434653461600310000000000fe58b575120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbefe58b5750159f4aa2e0000008ae101000000010000000000000000000000000000007e054f004100700070004400610074006100000042000000	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 680031000000000001590fab10004d4554524f437e310000500009000400efbe0159f4aa01590fab2e00000065340200000009000000000000000000000000000000616206012e006d006500740072006f00630072006100660074003200300033003600000018000000	javaw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1266786182-1874524688-71015548-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	javaw.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
876	javaw.exe
876	javaw.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
876	javaw.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5100	loader.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
876	javaw.exe
876	javaw.exe
876	javaw.exe
876	javaw.exe
876	javaw.exe
876	javaw.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 5100	4356	METROCRAFT2036.exe	84
PID 4356 wrote to memory of 5100	4356	METROCRAFT2036.exe	84
PID 5100 wrote to memory of 4060	5100	loader.exe	92
PID 5100 wrote to memory of 4060	5100	loader.exe	92
PID 4060 wrote to memory of 876	4060	javaw.exe	93
PID 4060 wrote to memory of 876	4060	javaw.exe	93

C:\Users\Admin\AppData\Local\Temp\METROCRAFT2036.exe
"C:\Users\Admin\AppData\Local\Temp\METROCRAFT2036.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Users\Admin\AppData\Roaming\.metrocraft2036\loader.exe
  "C:\Users\Admin\AppData\Roaming\.metrocraft2036\loader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5100
- - C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\\.metrocraft2036\\launcher.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4060
  - - C:\Program Files\Java\jdk-1.8\bin\javaw.exe
      "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -Djdk.attach.allowAttachSelf -XX:+DisableAttachMechanism -Dlauncher.stacktrace=false -Dlauncher.dev=false -Dlauncher.debug=false -Xmx256M -cp C:\Users\Admin\AppData\Roaming\.metrocraft2036\launcher.jar pro.gravit.launcher.mETRocRAftCuY2
      4⤵
      Loads dropped DLL
      Enumerates connected drives
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\+JXF2448929156887431841.tmp

Filesize
51KB

MD5
b808ba56eab563be238bec1f8b563c02

SHA1
18d6602997bf6a4f53bc7dfab0072af664d26ae6

SHA256
36de62cf8b651e3a05d2e93352992fcb684b02ee72109fd7e2a3c134d57af4f2

SHA512
fc276ee254197bf6840377cf99aaba46cacb73a1ce3d7c948a7d565b3c119f57393aaf7d0e5747b4cd3a26381533b15ea9216e202670491f2633118288597b46

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF4019757760218430330.tmp

Filesize
51KB

MD5
1c59c05425947b48bc99fe1b85aba3fc

SHA1
100187611b9371cd0561b5ad8db6a9f14eb4ab75

SHA256
b394fe0c3a3aa85784e9928b3a0288c578b438a0db7aa14fbcc686da64143444

SHA512
7e74ae21cfcfae94377669f97b8be2321f1c76a43254f2525360f566ac202d6308d10397ec87aafc366354fc3ff4c416fb1e6de95e81823a0e090175b6e83df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF7572233781799960821.tmp

Filesize
48KB

MD5
23552690753fe3f817066a31aff046f5

SHA1
39f74a8110ff452c6b9085b5b6f78b05ed81da45

SHA256
f7d9af1ae0a6be473c2fd51aa7df36acbd29a0af6390ccf7fb60e7fc56154aaa

SHA512
f2bd12ea42ac5956fedfa054d493988ec9c6b09f95af9551b3e5013438d1b5d4d604e48c39155909734c083b31b64137c273601d326f1ac3268694a49ab1d5a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8697462634130547140.tmp

Filesize
48KB

MD5
d998cee4ab5d8f316932ffd1a0dfe496

SHA1
643cbf68028056e485f69f1c43cdb9bdc6186823

SHA256
d29492254bcf82886fc9a1e9b47215ab82ee8579cc7765a480633fb4a99c5507

SHA512
fae5896408c4d7273fba3a7fca0c47f9cb93f4e747d9dd0b4162f152594fdf8a473c9fc74747d8b8439390c7bb3154905fd6e2314bd7c38c1b875efefd610dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna2879979727327870757.dll

Filesize
248KB

MD5
34d12b1e2af72d9bb267bbc8c0d53e4a

SHA1
d9ed8776645f6b4f52df16132450863c47ea92d7

SHA256
13b2cac3f50368ab97fa2e3b0d0d2cb612f68449d5bbd6de187fc85ee4469d03

SHA512
c0a063477cf63a8b647ea721842968b506d70ea22c586a412707d7293b46c218b6a510f34b7dbedd3ed29a9d4b5dc5c6a1995403d65884b17348a9545e580a10

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\DotNetZip.dll

Filesize
461KB

MD5
a999d7f3807564cc816c16f862a60bbe

SHA1
1ee724daaf70c6b0083bf589674b6f6d8427544f

SHA256
8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3

SHA512
6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\java.dll

Filesize
155KB

MD5
ec3c2217ab955e02c55ebf853e15db4f

SHA1
56f813a580a34c2da73ceb0a926e7b55c38e54aa

SHA256
c58b775b921ddbbc9caab42a3ac8d4a4e94fad2017b4c8cf045c0818d7f0641e

SHA512
6477deda1ff6627b171910fce53a01c5638f7edd34ae70df783433cc98321fed884936491fe428fd20a9bb8ae57b24048eaaafa4b6fe67bb795de2ea312f1f43

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\javaw.exe

Filesize
203KB

MD5
1da248eeb6653344444312e5927754ce

SHA1
478d5bd8994608126905b240685224fec2e8fab6

SHA256
5b7551f08dc7db1abd352121bf98ff716f0e6ff577f44970967354b9079f798a

SHA512
35eb07e63316bd98d951843c81a20455ddac5d2df16f0d78cdb5bf4d63009400b9e14a995315c9793ac79c3c0fb0dc525b289ccf3d4a39fb7f8cdc769eb87b54

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\management.dll

Filesize
36KB

MD5
3af335b65bb56c0db40bb9b3030c55f2

SHA1
edf9829ece23b1d1ec9bc07dc1ba84f7e1638bb2

SHA256
e74fe6e4dc07cff91147fcab53eebb9a9bbe8c0003e0416b921152a1e74c94b4

SHA512
d527681a5e21ba349695a6040f8c59e82ffd4500926e89e23110a290dc1c650c2d6d7a538702ffab867ef461357a6910a356e5b8abaab6d2b2cae05dd8027258

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\net.dll

Filesize
96KB

MD5
3a53b68cf42122eb2b7fce4f7febf6b0

SHA1
7c3d545826c76c59b04d47665c4b7abfaea947f7

SHA256
cf1b39ad15d8fb9c659e6d3c25db305a8f6fe6169bafc8de2b93d24605a16d3d

SHA512
59004edf39ce35a9415c38f8dc502b520c8fa58699be748c8f472546589feaf504e97bdd7174a0bac55d09464de3bf2bd091fdf8801d854f8405ca4d559c5fd8

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\nio.dll

Filesize
60KB

MD5
178e22db4f8c36135d2bb66bc0c65539

SHA1
e8a794445e637d644c046d1e5511d6467ed5ced9

SHA256
ed40fee234dabf83a930ba0d57fac898e8de212dfec93e613530a995d11e4191

SHA512
3008a8f966878977e53d51a004e110cafa454bd966497a44e9c88562f016da21fe1a1faae431fa5aa75578d0eaf718d960abe0987502a33cfc238c1b5d41e9a2

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\plugin2\DotNetZip-bmht4wx3.tmp

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\server\jvm.dll

Filesize
8.4MB

MD5
91a3e79d8cd0b7d32e1c0f8287990c7a

SHA1
075b957740003147306579863da61de73bf90d81

SHA256
721540c459d2dcbe9f2f775ffe3c73f42db3f71be37abb647e594d637ba42ce3

SHA512
5587885b448540186ae2fc7a46bc5066c920727f3c65c0c8a0a157ebaa34f4627dbeb21d80cb2123c38524502b034461d08aa2fab1878495e2592cff5965521c

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\sunec.dll

Filesize
133KB

MD5
9ff5059940af56c83352bfec471f763a

SHA1
d5cb7f909bac29fdc4b3d615033af958bb49d6c1

SHA256
a1b73a16ea9fa99f0e34a442a798dd3d339e2b71e0366f07d3f90ac71e41fa20

SHA512
4e32480e5d60d242460c54d0db8ac2a67f8f934821ce6aee861ebb34e7f581379ce558441131f1c4c7b1df37d2f574d315486e764c9c54c6d42173f301320ab2

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\verify.dll

Filesize
48KB

MD5
ce51aae82e70edc9284cd3bba2636d16

SHA1
4cca2befc26d020ed234d4ec74e12c565c809c76

SHA256
65864eb4ea76d1678fc111549469471b9298ce6a125c4cc33c073fe54081b85c

SHA512
520149d0745538a21d1e4b402a57b8b7de94aa7291e92fad8160730fa071fefa1f8b74474080c45195a4a3450c80bb7c1cc49c84705321244e120e2d50e4cb9b

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\bin\zip.dll

Filesize
77KB

MD5
fe8cc569b1564e0a8d4dd4ab4e756c78

SHA1
719f60180daf2084dc17fe67dbb797360aeaad3e

SHA256
aded945e231a5f23405bd45fa71767d2d1ec85f221bbcafd2cd764a345a995f9

SHA512
0985a7274a5ac96819234108f3b23583a02bd000fbb35cf9249373d3504dd5e2353f51a19fb06f093d2718c8d64d7581f547b6521232a459abbd75214bb2e49b

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\deploy\DotNetZip-4hh4gpiw.tmp

Filesize
3KB

MD5
880baacb176553deab39edbe4b74380d

SHA1
37a57aad121c14c25e149206179728fa62203bf0

SHA256
ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

SHA512
3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\ext\jfxrt.jar

Filesize
17.4MB

MD5
55a05159cb6cfcb03e0b8097366b46c3

SHA1
b55ae9a098e46c75de2fcc25a7879999d6e91fcf

SHA256
a965d88450f8d2f88c5d8d67ad7ca5669ef7f6c76c20f072e37fdc04bdc982b3

SHA512
f470071150154d6ec2494e1a7b6ab536e15909649b6021e08ca50091f2824087e72db347fe91b215899075a443155409c7d32f74f9581fe6ba82b1682c97fe09

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\ext\sunec.jar

Filesize
40KB

MD5
fb191d1b00134c235f263c18188dd948

SHA1
bf1c817820341a246f7130fe046e8310b03d04f6

SHA256
6f51b006ffcfdd1a29a3daa0a53a2b485cbbe111866f9ca4ad93dc3e9f57b5b6

SHA512
2854d93e2d663e050dafb683077687d864d4ea63e5f776f38ebaade4b27e9740aa28305e47b8ef54f413e3247dd89e72172561556ed676ee38b0c2608e03725b

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\images\cursors\DotNetZip-znnrsh4b.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\jce.jar

Filesize
112KB

MD5
8e442747088544e5ffd7505479fe059c

SHA1
5460adee09cc5fc8829c0acfc46c34670a7d70a0

SHA256
da325b8683c9b3b2b68dfd395b2797815cd7d915040a96c459380151f7e4351f

SHA512
7c76da68583fd63c89d50ec8504009f105db0b4bf9a6f2a9f23e903e0f89bf42b9a8b980b1abdab109a0a359d8950a915a8265776ace84975ada0b25203b8eef

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\jsse.jar

Filesize
659KB

MD5
949c68766d7573aa5c9766557c1a114d

SHA1
009c21124cdb8538d2f37a5467747e15eb2ccaec

SHA256
7e29bfc2f53a7d98e9e6d4c9b1ea7ad66d732460486451e15ba9600ba86a3942

SHA512
f3d6dd52f011721f2ff71790ab4a810dee858373d8c5d7182fe79fd649715e7dc6a21cab0dcdb5987baaa2fb240766afde19e3bf7f1ccdd7603be6306d165c51

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\security\java.security

Filesize
41KB

MD5
18097feae2cd579f4059fe5ca2824b35

SHA1
816f052be4e5195e60ea546cc65ecb3a0d4b8d1f

SHA256
8a885e072e98bd539fa8417080d5067054ea93848e0a67eb6fc01505ae5d6260

SHA512
b28d6695821a058809117d4c0ed6f310f97d5ed92e52bac123254441e91338808d4e19e16fdc54fc804ec29a6864e54f95419c0b32a5a8e17f26e40340f60e79

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\tzdb.dat

Filesize
103KB

MD5
2542aac2e89ecd83622b251ec92ef41a

SHA1
b59c07e3619271a3b9861e999f4b138e971baf69

SHA256
0daf08b73bccedfff142dcff54e8c9558bfa7a666c395406ca4fe1eaec9b00be

SHA512
351c83765af97ebd371f05f91bb7c61407b72c6c2f73925d64c3a4b8e2bb666838364c2a7a67ca05318ee535e96bd0c85d0f6639b5e4be02af677ab0841e0fad

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\java\lib\tzmappings

Filesize
9KB

MD5
62bc9fa21191d34f1db3ed7ad5106efa

SHA1
750cc36b35487d6054e039469039aece3a0cc9e9

SHA256
83755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a

SHA512
af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\launcher.jar

Filesize
9.1MB

MD5
bff528c0995bb13256a27dd6c9c18629

SHA1
a59e3c3e61fb6b2f7c5659cc1d0914fa3cada9bd

SHA256
0f248d88c5db32b407652bcae5bca5e079554713fbb4e4a4bd47c14f4c0c59ba

SHA512
6c75663a7bedd180b9b8fd5319b7d370314300cc7d4305d3cece0b0f1d8b3ab46ef7682ddb91de4a6ebfe3b06093d0cbb70ca38f5c3d7707127a4742380a12cc

Download Submit
C:\Users\Admin\AppData\Roaming\.metrocraft2036\loader.exe

Filesize
1.3MB

MD5
9f5ae9b3a709b8df3ec6b9d18c930d2a

SHA1
711a0c3fb091d1a30f14afcfa0426ec6e530fe15

SHA256
ce27c3f2c36363b75bc88c8a52ee1ee2c79717647b292ca4cfb1ffe74d9dc0b6

SHA512
7410be530c89a998dfb697fdfaa65e5c4a489746e40265e9212e4ab3813fea83bc8b89409b3b1a6c4416aae9b510370d4b81bc62112dae22dff06dda57eee4d9

Download Submit
memory/876-1129-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1145-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1206-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1148-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1147-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1138-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1127-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1123-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1108-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1105-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1099-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1020-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1027-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1054-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1062-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1077-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1085-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1091-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1095-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/876-1097-0x000001E36A9A0000-0x000001E36A9A1000-memory.dmp

Filesize
4KB

Download
memory/4060-1118-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4060-986-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4060-988-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4356-18-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/4356-1-0x00000229695B0000-0x0000022969706000-memory.dmp

Filesize
1.3MB

Download
memory/4356-0-0x00007FFB5ED83000-0x00007FFB5ED85000-memory.dmp

Filesize
8KB

Download
memory/4356-17-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/4356-25-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/4356-4-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/5100-978-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/5100-24-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/5100-23-0x0000023C21A80000-0x0000023C21AFA000-memory.dmp

Filesize
488KB

Download
memory/5100-15-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/5100-26-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download
memory/5100-21-0x0000023C20340000-0x0000023C2034E000-memory.dmp

Filesize
56KB

Download
memory/5100-20-0x0000023C20370000-0x0000023C203A8000-memory.dmp

Filesize
224KB

Download
memory/5100-19-0x00007FFB5ED80000-0x00007FFB5F841000-memory.dmp

Filesize
10.8MB

Download