03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
Size

4.0MB
MD5

77462b3e8bf2b5f5fbbdce2ecba6b704
SHA1

b7af4b6916835b00479e8a232688ff0e66c6ec5c
SHA256

03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28
SHA512

ffcf52b0a49e48ba6d8607a250c15939a676023b5fc75db82b47c1a80ecf6d7c39cf52244017086d760c8ef2120a70eb62862320d89b68c6668279d2efe54721
SSDEEP

98304:Akuy5sTvkjJKgeiKdeU7/OaxyE7TBY1ZXFv9/nLXca:gvovydeG/Oas7FVrf

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
372	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
4872	GOG.exe
3560	GOG.sys

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	GOG.exe

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened (read-only)	\??\B:	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened (read-only)	\??\A:	GOG.sys
File opened (read-only)	\??\B:	GOG.sys

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	GOG.sys
File opened for modification	C:\Program Files\7-Zip\7z.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	GOG.sys
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	GOG.sys
File opened for modification	C:\Program Files\7-Zip\7zG.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	GOG.sys
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\GOG.exe	GOG.exe
File created	C:\Windows\GOG.tmp	GOG.sys
File opened for modification	C:\Windows\GOG.tmp	GOG.sys
File created	C:\Windows\GOG.exe	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
File created	C:\Windows\GOG.sys	GOG.exe
File opened for modification	C:\Windows\GOG.sys	GOG.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\WinX = "1"	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\NowCount = "0"	GOG.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe
4872	GOG.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3876 wrote to memory of 372	3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe	82
PID 3876 wrote to memory of 372	3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe	82
PID 3876 wrote to memory of 372	3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe	82
PID 3876 wrote to memory of 4872	3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe	83
PID 3876 wrote to memory of 4872	3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe	83
PID 3876 wrote to memory of 4872	3876	03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe	83
PID 4872 wrote to memory of 3560	4872	GOG.exe	84
PID 4872 wrote to memory of 3560	4872	GOG.exe	84
PID 4872 wrote to memory of 3560	4872	GOG.exe	84

C:\Users\Admin\AppData\Local\Temp\03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe
"C:\Users\Admin\AppData\Local\Temp\03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Users\Admin\AppData\Local\Temp\03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys
  C:\Users\Admin\AppData\Local\Temp\03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys /zhj
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops file in Program Files directory
  PID:372
- C:\Windows\GOG.exe
  C:\Windows\GOG.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Windows\GOG.sys
    C:\Windows\GOG.sys /zhj
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
4.5MB

MD5
de8d93037f647e4f093e6f334b931dce

SHA1
08ad43c04c476f245e27bd36fb3752dd0302dbf4

SHA256
85eb2768bd2208fddb268c8c2fde3b7c8343298a87901198388e95e813545b3b

SHA512
a12282c9d9c4e6e6f8bec3661c24438aa9f5808f3469df6864e29c7258b38f496f93c89d70d24f407141d793c62ae33c0e22db4d15e2d8d4a3ebb2b8db998772

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
4.9MB

MD5
fb2804de257886703b1dcfc4e405ce26

SHA1
00007d009008fb12bf5221f4f40d6e886a811dfe

SHA256
4697b9fd5c70680a96a5e9d463a5fea5fa8c35b353f7ffc7c6408ec78fb1624e

SHA512
e03e2513733a4df9c57658609d67b1ff9ddbbe1191134fefe1967f42f79abbd9e00c5d4d66bc03e876dc1b66e88c2e4f3dc8f34ec5b3e76bad2c16e7617aaa77

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
4.7MB

MD5
fd870ac0b7a1094033652bab2ba5dcbd

SHA1
d62673f9dd0f9516de200b83b2ad304817e5fa1d

SHA256
45d5259239f624aa1d74c7fc1c3260986324b65313de7ee67bb30337af226edb

SHA512
5be631f36470af741ecc36d49159c6fb6c015934ca27dd02a53e91b4927020a66f1c5232190f355f527c30d29a40e568193bef959f691b2927212e4807b13f08

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
4.0MB

MD5
7f04c96aa9785c35c0e21fd588a59d80

SHA1
4904beebf07dfb2a03299d877683286dc0f7020f

SHA256
a89cac47ac4222434b7b637ede7436e80453a434f739b7d30878e4c1bbbcc516

SHA512
1eb2312a0600e075a5a208efd2fb712fa7c1bf1d6a2763b63099e253569dbe6c4ca716a30166d6bd30d0f6fea401ca44ecb117b224df1e74cfe75361880e3ffe

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
4.3MB

MD5
7e65d2581194ce64b86d4eb34b4bb2a0

SHA1
f6085cad33e84681099eb53770bc4bbbfdc1df51

SHA256
8439ce2aee9abff3f8afa89bb6dff4447e07b8d36f9ec0974a25859e12109a97

SHA512
ff387cc103ece70552b1a53408f4e2004e5b89e75d38a262fc7306b083fb842e143b7fa80d3ec92614fd4f9f6bd6b5b896cb59866a2f93f2fa1b363852efc66c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

Filesize
4.0MB

MD5
d5d16ddc468ec3d5d85230e63e8ccd19

SHA1
68251b65ee54891f63e6317bd2b9359ed440f281

SHA256
55ddc7f99e375b30bb62adeef8fee59009491eb8a93fcaff57ab747b62814736

SHA512
aed1cc152ac02fe1545e83215522d4d722eca740337d99d3d3584476c112b850a470824f8b64cd6a0e42e8b90f91ac21abfe991c8f9fa35fc971a775f13bb333

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
5.7MB

MD5
6f1740e98c82344991d6463adbf9c4b7

SHA1
5c368940e2ca7c72288c07188fe189f598d3324a

SHA256
c1666c0ab0a10ea362ee315e2a5e00c97a89aac738925a6d26ef470fed4a1f2d

SHA512
c67a93e8e056f2de64c7cf3d95a07bc18baad425ba66bcf3c7255a315b38760f8bf098a01655c3ca9b7257cbd893f4f1120675a2935ff035e83ad4409238aa45

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
5.1MB

MD5
0e4de9801c6f88063af779cdd37cd7c6

SHA1
a38e2c880a0ba7816cb27f1d95ae7a45f9a53921

SHA256
666db4fb9cca0cfbfb1e51a2029c600bfdc2f4b368b11d01c7bd95d4cba1e434

SHA512
9525df3370ce003b9729c885e8ceba002d2b4692f560ee1e4db844e3a95918f1a4caed25953758d95027fc5a9fa434f0571f7441b0131ef03a51a0438af0c9d9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
4.0MB

MD5
9bbc0b74407d4d7c8f442ad22ce4876d

SHA1
d96c5921687ed02a0ee4df3a90eba39caf4e35d3

SHA256
084c231ca5854ed9f19f9908ce8e96d7c887b5f3e294df26212f059a081296fa

SHA512
58a1aea9c918e4a787330eaec1e644704a5da234392cc21a6a1c5ba95c34521dbc54ac4e160ffc7c9db34c739237df2d96878b711a590f1d5b002a0a4e6eddff

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
4.0MB

MD5
df808bb1a8345e8271bc4526eec73b25

SHA1
dc6b6cfd1f545c139ce289bcb0169f5e5fcd9e43

SHA256
422906729f9f90b2ac69539ddc1fd6dadee5a8b40f64716049f3649593efd592

SHA512
d608220044d329fbe86a73483be0f12b8ed56090c523d712b555e234a7431ae23fec6349ad178491dafc9544f00039fa85445d1629658ce9eed87f831dbb2052

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
4.3MB

MD5
20d14534bb01034b8ce0aa8121aa160f

SHA1
5ba65192d76d9b1447a57cc5759da42616988084

SHA256
dda0e77aeb8811b9da3ab944999c02183b595cc4d2982902430936fca955dc71

SHA512
5c7f88163a5894933e9d76cb3116da9144439faf617dc06cb76f66a57c7b246f073ccaa860cd0142ac5cd47b70587872ba6f62e7326307f5fdfb734c707a6175

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
4.0MB

MD5
1c032f8a89b656e4e702904e8c4b8c61

SHA1
013fd5e810f09ef1605bf1320bd98ca9b301072a

SHA256
9e366b15e16d27a9ca56c1d754cab8face56d254a9d98243cfc0beb919b2f0e0

SHA512
8dacf2bbb9339962731fab0742b76d801a5d6f8009e4c0421b6667c27321ea3052926e93e005507e6ba77d6f1b68e80311349c7d329796d54aff2909a90c7a47

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
4.0MB

MD5
a65a5d782d90603917d0fad6410ab2a9

SHA1
1def1b28ad742c6a1c11e24c3cfd45aad09fb7a1

SHA256
31416e8c117fb1139b63461e500367f8452ebd3f933a6a54a80f61acfc13e953

SHA512
74b57a69ac0dec4e53da446778ed70569bb7f16167ea2a5229371d9f39d8767e7129cad773e842677303fe10c6db50ffc0bc4fa01e5c3de6b3aa0cfff0ced4f3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
4.0MB

MD5
3496dc3aaa164b645dd2472ff104e1cc

SHA1
46c01e67365ba49896a73fa3113ae02d0571b90a

SHA256
9a027444465cf7a8cb82d665ea64f3e93646ef328a07b48d851ff1311ff381b1

SHA512
a917c30f3bcfab7d993feb4047c9b644e3960387ede8661d7cfc3578eb1dda801ad159a3ccc557d01502c93c44d7278a70eb562dfda5175e62e6f2f83d34afed

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
4.0MB

MD5
3ed1a3053297e615d817bed14820007f

SHA1
73ef73abdc2a2ec63c346762765799692cc43fd1

SHA256
5e753325a0f18aaaae8ae9baa1ffdba94aa7fe37ba07e752887285a8dd1e2b54

SHA512
37e006f901aaeb17ce15a67b79fdbef69c405d14b587c22ff83ac6a1edc2b89f530e234c4bd7fad1378ca83f02ec980b4e3f04b63e5809116b3fdf0f2ed78891

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
4.0MB

MD5
35ef1f1be6da5dd528e41b19d69e02b9

SHA1
dc6adb56c0d65aacdd04bfce96de6eccba7fa356

SHA256
3eeff4213df74eba8d3db53774980c2732b4e650fd36cce6a9990ae4df6d1350

SHA512
0bf321a22f255cad19119598a390d765e950d549fce2e7c781e7c315b3a8eb4e823036bdd24b74e46b9c6874213d3bad2010e57317bdd57894de2d0e2e059450

Download Submit
C:\Program Files\Java\jdk-1.8\bin\kinit.exe

Filesize
4.0MB

MD5
30dd0a7820c45c4a97bb8e78ecbb0597

SHA1
adbf4eb7943f10032e16f20ec10b864f89418871

SHA256
36ea0aa7b510b78acb62ec3167ad1e3f4b2d8c7a297fee900ad5c52a030eb7e2

SHA512
b3e2482185e397dc12902a42608a7ddf136a4a8ff64371885c50541e55263a5668edc406cd4b89df901f4c5b786cccb22892ac5fa985f8aa0f3abe120f8314f1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

Filesize
4.0MB

MD5
834480a051bd7a4c938adc21d706430d

SHA1
0b8d878bf19e42ceb7e6b58f4440037886af37c9

SHA256
0e37e04fb429a900d01df24d3c536cd4912358b3abf335b32c4896cf7931f58a

SHA512
7d4f990d9791d41e9be812d1c6dcf926ab6f33306c481766548ad2ae0a4a3a65f28be02a518655f1f0dfcea649f86223da3e30eb4db9b788d16d3ba11461b0b6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\pack200.exe

Filesize
4.0MB

MD5
efc55485c95cdac7972a0034bcfad4ee

SHA1
769ce82756e240a0cb6909f13e09b993b39bed75

SHA256
a860694203719e032801017db7d5c955cfdd2650012ab712f4fdd25b8ef6aefb

SHA512
ff433b2b46c83937a854cef6ef31b165d0e2d872b4259c54f5d9f990296ea52061938537e48a6747d164441fd2289c4efe56c9dcb1ffa41656a08dd0be949bbb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\rmic.exe

Filesize
4.0MB

MD5
710d56c13e92af2bb47ed58970256a0c

SHA1
0c8148cc064ed007cf2897eff824f63180aee72d

SHA256
2362625b4711ae410820b786cf0e3b2cc289bf0bc1cbed43ba6ecc820a5932af

SHA512
8d5dfb23d77f19c390d2d1a1191e2acf707e50553e7f8c4c6852fd94f18e137fa1211a568418330d24758c05cf81fdcc6daa42262ec65785fbb32db9dfbc231e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

Filesize
4.0MB

MD5
35cd442adc0c9f5a3dec3da28b787def

SHA1
da46d46d0058d197259b00eb3d704562edb0c13c

SHA256
37857f56b3447b0def2a7eab923fb6e84f115bbfdae7458b3f79eb53fb235762

SHA512
5b3cc1223bb386038ad790f963c1171bfe46b5638653d7e423fa27a1093a91fbaf2ad0c023496d23844f97a08fa4b8f64cfd8385a7d60f931a0e71c5821ebdad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe

Filesize
4.0MB

MD5
ce9398d95a3afb8f0022a2f3b867a00f

SHA1
d429ba6bc635a5c880a56738e6b8b26dfe41db11

SHA256
34982bd282406d1e9ea45e9285055b8708e4765b54d9a437a3f36813a0c5ab4b

SHA512
ae1cd27bcca1c0c43351815a9f0d6cfeb37dc785472485f12d239b3435b0375f496fd1d209f1f5e9b24e7050ca092a0cff9852a90d4758176767b20927a0cca2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\wsimport.exe

Filesize
4.0MB

MD5
a04bbaa8211a1766a7ce9a59a193e69e

SHA1
8a09265e3a06da2f49618cc17d86efdc9d58e078

SHA256
80373471d824cd647aaeedaf52cfc22b6eada1151d695506f191b2fc3d0c9341

SHA512
7b3e2490f93136eefc54ba92b12e3dc7ea63afd81d55d554343995a9b110113590729e12bf60f934d324d83919143175e829827b6cbc9e44b20457ad0fd9d985

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

Filesize
4.0MB

MD5
8d8a620b34e720d4513ff92ca719a5d7

SHA1
5f5f494de82b511d628538e6c28b197b13bf4ddc

SHA256
b495c8856a04edddbc6b79d13a9a2c80bc03e0c818380b2e997da116a8d80c62

SHA512
01ea180719c484d7872788dfd90f280ebc129cf0519274e6d8c627f1a3e097d0e49138bbc58aa90dc044bd1023d12b7adee5e568fd973b5e4d5d042eb6c3652b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

Filesize
4.5MB

MD5
bb15a022f21f0ed9f1d698f26dd09444

SHA1
76f7744b33064add6e883c59091d9d3d7f7f0c73

SHA256
512690eca7a93fb69ecd8ced06283b841b37b08b157a3371a6305e9c520c1d3e

SHA512
0be342eb119712d5d061d2bb7d2e46ea9de2aac85f80e4c6302ecf82df73025690da6c73a24c5713cc7432e86c25287c4204827105c7108273b0757725f4d2f2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

Filesize
4.1MB

MD5
692e0d570bf80b75d400a486d7371bfb

SHA1
1cb584cfc0be42d11066daa0c67c73ef2b03561c

SHA256
6c8c0b51ae90907f9864dbd28d69ac8fb59a3a59290a5c26950a7d97eab1e311

SHA512
b27d6e80567cd68bc1aa3f6407d331701b73e58c495e71694867205c44230adce21122308d029a6cc79b596fb1549927c3b05cf1ddcde8f3be2d3cebd5e7617c

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe

Filesize
4.0MB

MD5
71c8becc5456fd88f4454a43a3af72db

SHA1
24e03d33529669a00f50d1980fef1ea649b89164

SHA256
91a80722d9e7194f31070a5d8b66d20003c64d1427b0c7a442211da16eb1edaf

SHA512
4c44ecd7115a6d8ec2a360b7e1e98ea865dc726ca565bd9b81a82ed3d2d3f9841cdea058fbbd0e17c088454e05b744d55dc20d46d5ea944c059ea680c14b4f42

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe

Filesize
4.0MB

MD5
6ecfed95b8ddad08824c2b5653a09cea

SHA1
67bf06a88b6bf2f14c92b6a5faf1011b49b77692

SHA256
634c2780077f623d9c2a4cbd679458043aada248403f24cb34afe0c8e056ab89

SHA512
1a0f34f00c706a33a595fa14bbf55880f8451e94a77a0dccc9d8069c18575a88940ca502bf29b7e5491ad164aaf753f7a5c671539c64f0535aff585e3a7680e8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe

Filesize
4.0MB

MD5
5046e7ccaa94e78bae8c3675faf5898a

SHA1
e2b7087928dfc01417fd30186f41eefec37fa766

SHA256
f31edcf0f62539376ee5dca034fa3cb7b8ee4580335a9fefa23324a26557b571

SHA512
ab53f1364e761fae962c47fd63665f7a560b83716a83fc35e3b6688b0963b5c71e60f4a573bcc1093ecad8535933a1764ee1dbdf814602bd24aead1553798328

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe

Filesize
4.0MB

MD5
361c0944b649f26a0356ba036f55bf06

SHA1
5e92eb24d2ecfe03fb2f7f4f231e0f07ca1139e6

SHA256
c55c5e9b34db6ff7eff961914d2561dca47428a0e24af7650e2973b627ef247f

SHA512
eb7716284a90665e7d9e813629622ac799b12904e23fe0876c9f0b26511f3d0735afdb483a678ba4f9a4a0c4ddd61ea438b95d7106d95a6ff7757efe42e7ff55

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe

Filesize
4.0MB

MD5
5a3b2e76493634ff07b4157606aad2a7

SHA1
6ac709d5eb5d64c12fdbc29e373a08a50c392970

SHA256
b1fdad7e59b2fa47baf785b9b9ccacf341016bd4eb19dae3bc523a32efd2af18

SHA512
8356eafbd294e5672cf282e6f6dd050b70503a3497390b1fde008a5439cf43e3a91dc593e3285a0585344b4e097e07a4f286512b996430b4bb2cba3b7cfc4505

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
4.1MB

MD5
6983f63b3719cb2b5a2b3ebba8572dae

SHA1
4006c3f4d92c96bf8a6d5689b886479b566de89a

SHA256
cd1bbf0b4b2f92733bb1b1aac0d86ce35932bbcae03e7e2607cbb65aa70e0dd8

SHA512
2a9d463702d16f78065dbd8eac34de68c9b58660ad88bd8116878d86275de7ee9156e363131316e5015fa341623630c6a870a69f023558ddd4c201983e77f282

Download Submit
C:\Users\Admin\AppData\Local\Temp\03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28.sys

Filesize
8.0MB

MD5
a7f3711df3c2e9a1965e420bdbf59491

SHA1
d7eb67f9582e67fe9c059f28e8f0d914ad425f9c

SHA256
d62839a873d7e581078c1b5d245c749ccb01f2acb901bb7b7037a8c0e152c697

SHA512
f5c982cc25fcbbd90501a478bd8065b69d1ceb35c2a86ebeb13eb4b7844f5819c98c6db7edb26ecee8ea0537dfcb3dd6aa4017e74794db9b0a3d96eaab0fdeb1

Download Submit
C:\Windows\GOG.exe

Filesize
4.0MB

MD5
77462b3e8bf2b5f5fbbdce2ecba6b704

SHA1
b7af4b6916835b00479e8a232688ff0e66c6ec5c

SHA256
03eadcd258155a1eb59cc38cc7e8054e01162d39467ffdc2ea29fd543b183b28

SHA512
ffcf52b0a49e48ba6d8607a250c15939a676023b5fc75db82b47c1a80ecf6d7c39cf52244017086d760c8ef2120a70eb62862320d89b68c6668279d2efe54721

Download Submit
memory/372-160-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3560-29-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3560-162-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3876-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3876-31-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4872-13-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4872-161-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download