fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
Size

368KB
MD5

46fb854794dd7e8a562ff094e373c619
SHA1

507d628b773877b1d95028ca896a68c766fb4c4e
SHA256

fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709
SHA512

9e5378aaf7774cb58e646b466e7d12f05a1097ee3cf1613118083ca80a90cc717e0759ba1ecf5a7367bfea59e33190e611e95416bf091a2c2e5d01815dc12471
SSDEEP

6144:MajdMJyFRe6azHqTG5WbWNF+WR4VyKh6gks2YuypIGR:x2JylsKTPW4VyPgPruypIGR

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2728	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
4496	GOG.exe
1988	GOG.sys

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	GOG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	GOG.exe

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened (read-only)	\??\B:	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened (read-only)	\??\A:	GOG.sys
File opened (read-only)	\??\B:	GOG.sys

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\7-Zip\7zG.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	GOG.sys
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\GOG.exe	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
File created	C:\Windows\GOG.sys	GOG.exe
File opened for modification	C:\Windows\GOG.sys	GOG.exe
File created	C:\Windows\GOG.exe	GOG.exe
File created	C:\Windows\GOG.tmp	GOG.sys
File opened for modification	C:\Windows\GOG.tmp	GOG.sys

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\NowCount = "0"	GOG.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\WinX = "1"	GOG.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe
4496	GOG.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 2728	3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe	89
PID 3580 wrote to memory of 2728	3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe	89
PID 3580 wrote to memory of 2728	3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe	89
PID 3580 wrote to memory of 4496	3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe	90
PID 3580 wrote to memory of 4496	3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe	90
PID 3580 wrote to memory of 4496	3580	fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe	90
PID 4496 wrote to memory of 1988	4496	GOG.exe	91
PID 4496 wrote to memory of 1988	4496	GOG.exe	91
PID 4496 wrote to memory of 1988	4496	GOG.exe	91

C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe
"C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys
  C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys /zhj
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops file in Program Files directory
  PID:2728
- C:\Windows\GOG.exe
  C:\Windows\GOG.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Windows\GOG.sys
    C:\Windows\GOG.sys /zhj
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
826KB

MD5
a3372c3f56e517247402f91e39f8034e

SHA1
6c6e96ca625f430b8306ae3f78dce8904e7e45b0

SHA256
3528a8ad223394ce4ef731d5ed7a14091b3b86d1173b43ee852ea33f59b07415

SHA512
f373088658083412216e7320d0123afeaa11c6cdc7603e3e041864bf09e0d57622d91f471e8853bbb789dc14b0d7eabee4429794e726c86da26b0b7ac9e89aa2

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.2MB

MD5
ece5f9737f9ac425176b61e52cf70189

SHA1
f43182be5f2f01d06e92fc478844b173deb9d1c1

SHA256
286cafe6d0b2e264bc656455b5478879a54dc424a16df9fe4368a786bc1deea9

SHA512
c963625e62174328f8a9b90d1b7aa3170051e5e4a0bcaab340f64e594f0855957ba3848a55ebb3e4e7dfffbe04766926236752db8d880021b9e77975837f0895

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
936KB

MD5
c38b5f8ffb44bd07e23d6b1e1b9fe3d7

SHA1
8256071c83417ac65513d6cf185ff34fead50387

SHA256
99d0ccd9fd6f78635942a7019f55ae7a3ea6fb091b83630ee23f39261e3f152e

SHA512
bcdfbbf012a3dabf15eef03c73b6685d6ca5a3af5de013a0d2600a2c4b39e8c7a60fbc0c24dae640f6ba0350d9bb4cee7aed9cc6a07fd91223643adaecebffda

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
383KB

MD5
bae0a40a7657e4172d89a56ac7cac233

SHA1
97071b7929857d66c5d5ae8662d977ca488b103d

SHA256
988bb42cbc349a3592ddd5616fbba237d9b7c14071b3ddbc8ca820afd17bba98

SHA512
3c899d0262e122820a9414653c164abb71fec772b24e88c0f87b221bd4eaf81eef6774813e954d0548fe56479e4c95e7e6d2563373b9b73c28114607c62886ba

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
649KB

MD5
011a3a5881730426ebf3d29b5fb224e9

SHA1
cf84dc695e495e1b24eb1f504c09a13bfc018715

SHA256
3a81ea9841527ac0cd4fa2d4c53bab8de3f94c73f4cf9ddd95334e33fda782c4

SHA512
0f6b18df526f51ab7b81cbb8169c4b93c9fc46337a6fac72905a021cdbbd61f6bc218d81c72f2e1736ff71b7faac452348dc9b6cfb579a96556627af13fa95d4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

Filesize
415KB

MD5
281cc17187a52fed27d98a9c8aaec8a9

SHA1
7c0f17b8258124f675e0691c8efc1203430ca937

SHA256
141f989f773eddbd68414f427ece887260dc6147dae11af1a2b24dd85ca75978

SHA512
ef933dd1a3d7fdac546d2b69a2a1fc37f0dbe47c07d83c729d11223cf6d52b9bd311579e59f2cd6971a8ec736dc69481375722127a7c0627550c2cf235fe84f9

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
565767ee0963988a70c8b31d68ce1d8f

SHA1
83d08f123c83fc9d291425dd121c79f3ac22e438

SHA256
e02b464e625160bff27e6ae6be0c877dff2fbb66910792d677919e328eb02039

SHA512
28bdbada96cdda7750f2dfc3e314b7334f276cde3d59b1a320e04273d36694539e9de6af48f652475b23e08936cc37d1096d70ed1b9839cda21a569ac35b3448

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.4MB

MD5
c4e2764b1a5f4b6602558d1fcd45d820

SHA1
669dc969db51264d7d9a6be099780f5a4c346e78

SHA256
f484a8d16ba19095a2f0202635d91c084120cbe9380018005322f1c279e431a4

SHA512
c49db02ccb99237d2156ba48dbf1c066bd3677a84ec88f0c592158b7bf9ca4d198d685ecdc82d23e11d07d8bd770ff5cacf4e5de6f9d9f60bb179f26730c2c48

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
391KB

MD5
0fe4e11f02a783798c9f70abb70bdeb5

SHA1
be7d0e9ca966b9bf185fa41ea1ea6d0c3ae6499b

SHA256
e803f5573b40a5cd71aa098e7540d3df8dcec65bb89c30a5061116f7f6c2e162

SHA512
a86617c7137add5f385616e55e06223c13e56286fbffdd5990386c630046be110f80ed3589eb0b53e4fecbe5b810415748d43a48091c2a9867e820430ac40410

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
391KB

MD5
1be8863cfec606dfb3780f9c690aad20

SHA1
f2f92948f19b9450397bf5fbc1d3895f50019d5a

SHA256
d431b2c26b0f16b98a76a202edce4bb4e1f0a1214366c349977c707d67075b72

SHA512
0d71794ef3f0011a857745488b49cff8e969151208b3a26610b54248279e97c47de9cb216d83fda20f23dfbc376b8b56d601c5dca1de21c670ea58a94462b494

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
391KB

MD5
cc4588f2f3f12864145d72037ca01338

SHA1
eed5389bd21903008e6e3141b6a3b35a577396ab

SHA256
72a0e804431cde8ed85def52263bad9260d4835e3a077e105671ec10236f484d

SHA512
71df0b53c5f8365f385194a8e62a31e51033fe71d2ef9d5c2790a768bf301444bcca0abb0d1977e01a04f73ead9b4913d5808658d3c39d7a0612a9ea4a45d537

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
391KB

MD5
4fa838a7c74386b97fd2c12eee86d200

SHA1
b7d03529527dbc72cbf6fc37f6fbe850f03ac103

SHA256
5c7fcb005c146b85154069f5158b1c23520de562cfb37b8b364abbf0b3586bfc

SHA512
5ffe106463019a9b7b891a234ea3d9cd46b952ce2a903d1025ce4109d64d7c381470af36d687c0b580064418ea2d0027dea4f88d5283c6ebb1b45ad17d8dfaf9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
391KB

MD5
f0e6fc65d38a02669dfcb410550fe27d

SHA1
48a1139e1818a892ac7bbac2e1167e715bdbb307

SHA256
fb75e77c12a42673f93ac8f58a782eccf6a48a6ca907ab34bf5c811ef7dae712

SHA512
7238ce17ccf54eb2abe4c6f579dad4884bad02d5e3cad90d28ea9c10b51ab73adadf0f8130bff179013ca38952c6a50f755087f9c0724092079a1d7308f78b1a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
391KB

MD5
2951c8f15b99d0cfc6429cf8bb613eec

SHA1
68e6df31ad69e118f959e61fc3f5851f88020a36

SHA256
adc11493de182bd32e06fdf3367cb2cb86cf3e9e9c024db3db88b720bdadae80

SHA512
152c67378acc5700d69088f3b4e3e58206b3839099f93fc3b2d39768d97a5e7a6cd711239baed04f8b2426de8c8cc7a6f2fa0da947a35fa5db2144db4a9a131c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
391KB

MD5
9dbbe376c776a65d34979c1af2a84517

SHA1
2bdc1f07f4607ed894974b850c1d93d319eb401e

SHA256
d9886b10ebf5d4fed46ca928f3f1e1b1d612e46ccb8b7d195fb41916edadfa0d

SHA512
88a061cd312ba6b7cdde6ddbc59d6d3f7b8b70cf8e4e26aaf4a3bb73d5c9a87b8405f66edeeb052a3c4045f58069c5cad849e6fe3dc05a9d920f04236f99784d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\ktab.exe

Filesize
391KB

MD5
4ad49e7a2cff5203990b65c79ee22f5d

SHA1
8cb450ec6fb656ef831138546e2fbcb66b1ede9f

SHA256
22cf08a29d365533317d945963dc227ff756675d2fb33a1be1e1e9e406eb62fa

SHA512
65a9e90c17a9931eb4b1240abc0def5811d7d6acac11e8f1561935f98d5dbcc8cac8e84a3fcbebb645102eb0c8894e176bc91a8b4aebb3d1c591ecc76209d76a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

Filesize
391KB

MD5
2631677be21a3944734568f9dc04d1cd

SHA1
3561efc74351e104a88da3c6d376f20fdce37069

SHA256
952797c5fb5283992a553a6bc57e9c21354c82ce434cfec36869ad0ecb0a48ef

SHA512
462abf097d1ef3c27537bfa81c29201887cf3d9c4adbdf492850a57e1b1ea2109f4b104217782bc2354a967e70d69ba499a9ca827f800f5611d0bedf9ee3fccd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\orbd.exe

Filesize
391KB

MD5
4e3049d6adac1e5641d4ae0dae6441c9

SHA1
aec469fbb6d5d009fb66cfd198e07ba6849287c6

SHA256
b19cc5983f262e0c1c4da11ae87a340876c82da1706ae15c6d6c830cbcc7c276

SHA512
7bd1e16adde0bfad36d2e01b7325c0bb3770ec3bbb80716955739cd9a1b79c65a1f407766627bc758990c93bf320a5f3865d07086c37dc1af1ee0babd2411e29

Download Submit
C:\Program Files\Java\jdk-1.8\bin\pack200.exe

Filesize
391KB

MD5
4e84ad826258152ec1b4f65b6db0bedc

SHA1
2c57bb0b18259ac1b91ccfcfd5d4af387866634b

SHA256
3369272049784137b6102bae16bd120fba4be939d68988c5078b223c7d6bb256

SHA512
22b19ed167cf47d107ae1df0af2455bffbe4cc1874efc6530c42f775ecd52046a0dc5d57ca0ab48cf1f16baada97f2d4cf92388a6f938d2adbe2944a053cb234

Download Submit
C:\Program Files\Java\jdk-1.8\bin\rmid.exe

Filesize
391KB

MD5
9e72e93a02b5ae69a1cfa0de4b7d22c5

SHA1
041fa034cad7c40cee4cebcf2a075379f96f64c4

SHA256
1918d5c4d350726c46f92a320ef25cdc35df2c56cc5e68b5ce55f33073f061e5

SHA512
754d276a659113996775fe9c1f470c2da7b3c5a4cdb2f2eaa8564eaaa743909b67fee4b2f23f70bb9ebc3f24f46b8dedd3a9d008e5dcbb204967515865c6ddc1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

Filesize
391KB

MD5
b219fbcd3ecfb9377111891ae8ade07a

SHA1
80e74afeb0baf01b17e0aaea3cb5133722ea38d7

SHA256
9550cc303cea0e02ee8ec62b7f629bf4ea540a0fe3cb900035eda258c9367e3d

SHA512
5a68b1a7fd5bb4ae346341aa1baf88686dda73cb630bd2f9875eb143f547ee8d5ed94a6df8fc721b66983b317185dc746363be536c282c411cb73e89814dc99b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe

Filesize
391KB

MD5
1bec4c3b5ba15691094c20d8673e78fa

SHA1
1c5bfce6057acf2603819ee25c1e0430367804c5

SHA256
c20e66a36b6d107d78904fd469d78a264b55d98b1f24388e250a5d70cf258448

SHA512
1b7400fee9cc4a4bf61e49a9a96eb86c36691f503361779d51ebb95b5e27309f2494f09a5a50b59470489cd11d7f4c4c9167e2f8ad131dc6f91d5b89aa47c073

Download Submit
C:\Program Files\Java\jdk-1.8\bin\wsimport.exe

Filesize
391KB

MD5
139e6753ff4db1b7dd9d3c25948eccf7

SHA1
022826e622793bf1196523b6c58a14182f1e5a3f

SHA256
d981d3830c299fb30251906db58a7285db4ccb03fc786b223e8d3b10fd320478

SHA512
aae494df0f3aa790767dec7b1c64f6d866ad2bb389610e1fe3345fc9432ffabfb8e43951b042f6393704f5c31d2635c0cdad35939a532ed7cb2eaef0481a9632

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

Filesize
471KB

MD5
74f058a0c814d33b9200d56fa823e4b8

SHA1
b60d5e3dcb48f3ad521a127373b5de431878f713

SHA256
9fcc5af234abe57e414e03d172301fe3a030e063aee84162d83faae2c4216ba8

SHA512
92e82f130064c353b39d68835353e5f940aa664e9d6038f32bb9373b0ec97165c95394da0968d34907987ecde5b7a316f9aabc11206210adef63dbb7f1f7605b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe

Filesize
391KB

MD5
b674deb3d40d94bc3734c563aa78f90a

SHA1
3dc4b852d8afe8d812a369ac59ae99417760c644

SHA256
734ed7113c962411f08d6cb79eb3f265b94900ff0b229cae80ca8c8062b5f101

SHA512
514b25fd6280ed893382e51ac8dca3bc962c1c42f9db5a5073a18762039ba3eb8c7eb2a5d04b4330d171361ce6b72c41c8c7d40b8c11941fb3f1c5584d56db12

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe

Filesize
391KB

MD5
427e8df1362003eac8247ee44496a9bb

SHA1
fdfce32c8effff8e38091411d5ee661b24260f58

SHA256
875a5964180dcadebf90b45e7ad6c3f5474305c1bde7cab91046bd946a1e7209

SHA512
6048a17ce98f5b0fbe49d7ad00d0fe32ea1f8037a0caea503ae94691801f9b7cea74576b320e93f4b18e931418ab6225009fcabb063feb8b58c2ac7f0704fe8b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe

Filesize
391KB

MD5
a42b9e0944f8b982d73ea9063e1fa234

SHA1
9fefd566913c9563073aa90fc356a3d9efea6fe7

SHA256
108374e1374abdead09f7e1baf578d1ef2ccb89243826f7cbc9fc452c9720d6f

SHA512
d035d23e0a084bea6f6a596cfd32e0fe9b1f8c388f5e0f56612c30719a44c85fdfafa82f65c694869654e0f201beb8cd77200ed4035e12ee2e89ed5b8d941c41

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe

Filesize
391KB

MD5
14767429cebd6c812f769e7ccea55529

SHA1
76d76a303314cd9e9cb77941eb549b36aa3952be

SHA256
128047ecbfa872917e7075cad6be6a2f29a09c5193d8ccaf9861f3b8a98d59ad

SHA512
9b065c349d70dc973031d1b40e123a8c0a40cb353f8b09eb5f343e56bc25096986772c7af52cf461ca50c508d2971abe095a8c31c0dffc8063b36a2a44174266

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe

Filesize
588KB

MD5
4b91b1004ada68cf99e77e32869a7621

SHA1
4f604f9a27749c86e083be06f5893ab1ba91d0ad

SHA256
ace88c6548078478351d278fde31666d1a07e7a6b1a3555546e1a6ca3cc35b0e

SHA512
21645e4f0517e6f85e610f3acc2c339ad51c3ee9d36e0de3ebe5a50f24e9afeaad5aec520ad3bec6554a6f6e5e788c11ed54b845d591694579ed54f7dff7c410

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys

Filesize
736KB

MD5
f658bbd974b21ce23a830fd241641ac3

SHA1
988405963f3d8a63e10fb694d1b911e18fe4949b

SHA256
af46acc26523158c3cb9c0ac072538c6c31bf87ecba468783b6b24a615fff171

SHA512
7f81d3c287953fb54d3f6e6c608282c2ae3688e8ed05277404199bd96057453d64f34a5facc76ed88b5de5ffc67f0f5ccd226dbd29fe5c6ae8d0b5582e013ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys

Filesize
736KB

MD5
f658bbd974b21ce23a830fd241641ac3

SHA1
988405963f3d8a63e10fb694d1b911e18fe4949b

SHA256
af46acc26523158c3cb9c0ac072538c6c31bf87ecba468783b6b24a615fff171

SHA512
7f81d3c287953fb54d3f6e6c608282c2ae3688e8ed05277404199bd96057453d64f34a5facc76ed88b5de5ffc67f0f5ccd226dbd29fe5c6ae8d0b5582e013ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709.sys

Filesize
736KB

MD5
f658bbd974b21ce23a830fd241641ac3

SHA1
988405963f3d8a63e10fb694d1b911e18fe4949b

SHA256
af46acc26523158c3cb9c0ac072538c6c31bf87ecba468783b6b24a615fff171

SHA512
7f81d3c287953fb54d3f6e6c608282c2ae3688e8ed05277404199bd96057453d64f34a5facc76ed88b5de5ffc67f0f5ccd226dbd29fe5c6ae8d0b5582e013ebe

Download Submit
C:\Windows\GOG.exe

Filesize
368KB

MD5
46fb854794dd7e8a562ff094e373c619

SHA1
507d628b773877b1d95028ca896a68c766fb4c4e

SHA256
fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709

SHA512
9e5378aaf7774cb58e646b466e7d12f05a1097ee3cf1613118083ca80a90cc717e0759ba1ecf5a7367bfea59e33190e611e95416bf091a2c2e5d01815dc12471

Download Submit
C:\Windows\GOG.exe

Filesize
368KB

MD5
46fb854794dd7e8a562ff094e373c619

SHA1
507d628b773877b1d95028ca896a68c766fb4c4e

SHA256
fe84820eacbc46fb1a8ba3c920e3771c691bd5ab149fe5538ee6119403e2d709

SHA512
9e5378aaf7774cb58e646b466e7d12f05a1097ee3cf1613118083ca80a90cc717e0759ba1ecf5a7367bfea59e33190e611e95416bf091a2c2e5d01815dc12471

Download Submit
C:\Windows\GOG.sys

Filesize
736KB

MD5
f658bbd974b21ce23a830fd241641ac3

SHA1
988405963f3d8a63e10fb694d1b911e18fe4949b

SHA256
af46acc26523158c3cb9c0ac072538c6c31bf87ecba468783b6b24a615fff171

SHA512
7f81d3c287953fb54d3f6e6c608282c2ae3688e8ed05277404199bd96057453d64f34a5facc76ed88b5de5ffc67f0f5ccd226dbd29fe5c6ae8d0b5582e013ebe

Download Submit
C:\Windows\GOG.sys

Filesize
736KB

MD5
f658bbd974b21ce23a830fd241641ac3

SHA1
988405963f3d8a63e10fb694d1b911e18fe4949b

SHA256
af46acc26523158c3cb9c0ac072538c6c31bf87ecba468783b6b24a615fff171

SHA512
7f81d3c287953fb54d3f6e6c608282c2ae3688e8ed05277404199bd96057453d64f34a5facc76ed88b5de5ffc67f0f5ccd226dbd29fe5c6ae8d0b5582e013ebe

Download Submit
memory/1988-29-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1988-159-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2728-10-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2728-157-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3580-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3580-40-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4496-158-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download