46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 09:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
Size

1024KB
MD5

4f8cf66ec92cbb69068a908ad325e604
SHA1

cfddb5f5c597ddd157e0007d00096e03ec8e0072
SHA256

46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877
SHA512

e4a6bd27092021e9021d7ed8913306d2bf6a331d664a2953aac1514e2adcc264f248c7df8b9340927d72561b5b51b095675a725f2d267729c6dfe2aca0ccd879
SSDEEP

12288:x2JylsKTMW4VyPGDSBQkoZnkDf2So9tp8LUlFl5FpU:x2Jyxd4VR7of2SI8LUlFl5FpU

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3452	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
5204	GOG.exe
1512	GOG.sys

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	GOG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	GOG.exe

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened (read-only)	\??\B:	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened (read-only)	\??\A:	GOG.sys
File opened (read-only)	\??\B:	GOG.sys

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	GOG.sys
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	GOG.sys
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\7-Zip\7z.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	GOG.sys
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	GOG.sys
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\dotnet\dotnet.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	GOG.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	GOG.sys
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	GOG.sys
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	GOG.sys

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\GOG.tmp	GOG.sys
File opened for modification	C:\Windows\GOG.tmp	GOG.sys
File created	C:\Windows\GOG.exe	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
File created	C:\Windows\GOG.sys	GOG.exe
File opened for modification	C:\Windows\GOG.sys	GOG.exe
File created	C:\Windows\GOG.exe	GOG.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GOG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GOG.sys

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\WinX = "1"	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\NowCount = "0"	GOG.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe
5204	GOG.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 3452	4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe	90
PID 4908 wrote to memory of 3452	4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe	90
PID 4908 wrote to memory of 3452	4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe	90
PID 4908 wrote to memory of 5204	4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe	91
PID 4908 wrote to memory of 5204	4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe	91
PID 4908 wrote to memory of 5204	4908	46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe	91
PID 5204 wrote to memory of 1512	5204	GOG.exe	93
PID 5204 wrote to memory of 1512	5204	GOG.exe	93
PID 5204 wrote to memory of 1512	5204	GOG.exe	93

C:\Users\Admin\AppData\Local\Temp\46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe
"C:\Users\Admin\AppData\Local\Temp\46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Users\Admin\AppData\Local\Temp\46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys
  C:\Users\Admin\AppData\Local\Temp\46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys /zhj
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3452
- C:\Windows\GOG.exe
  C:\Windows\GOG.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5204
- - C:\Windows\GOG.sys
    C:\Windows\GOG.sys /zhj
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4360,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=944 /prefetch:8
1⤵
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
1.5MB

MD5
bab40b0e5293fbb5b0f7a3c61feb4ebd

SHA1
3e4fa14e272b3dd20c4cfa7bd83a23917fb81db7

SHA256
fec9daea05c9084eaaa10b1cb938ed00b96f992e430ea0591e7f1ce97d22150a

SHA512
b43e67683d056a145f21c6925b85010b783704237d45b4c0604a542a77186122e63d2125273b3d70aa96ae60ee70b54009b55f8377ee325a98ed60a365879afb

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.9MB

MD5
d23afd5b2fe1f95c9d65c564e7779ea3

SHA1
df72db24dfbf69512f71e4fc93d85f84296ab8e3

SHA256
9fbb47011b5a1a407ddc834f198e303b56a39a6c0b1508549bf6a458c3b0aec9

SHA512
4c5af42358e9d5e9d4b81dc6674f0c4ca7f46ffa03d89e0481ab0f5ce53ed609bd88873e889f18d18d8ed3b946589b1c8aada6b9afdc46d33838fe593611bc18

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.7MB

MD5
ed7286ee99ee1ff123b9d7993ab71e22

SHA1
33683fed804ef98a75c2f1d4c4f33b77c21052a7

SHA256
48afac6ae0441c64378dbeb5dc87305227e0e924d80ce3b1bd2fd7fa903b7869

SHA512
1e0acf6a18229e8cb1ac930228db4ceecebde13d2401231c00598d646a209beb7f2a6ed8582e9112b68aee2b7c90fcfc6e1e6da13c573185070fb9798205ff96

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.0MB

MD5
3a843a88bcb0b6a68e026854605b5c9e

SHA1
6119e6a9a603b1fbf02508b8995e0bdf6e0845f2

SHA256
448c1ae28e70fb6851b1942015b078be5912ed12f8e18f8dab27d6f3d3548ecc

SHA512
c7b659e3a19c70bdd97348895f143ac28d2476386730907b48eaa3a649c65fab8b82676dc756f572ac0b239e214ae8221a439b781a364e224fcb7622944037ad

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.3MB

MD5
099ad307e6861c8ac9c2293067adb7d9

SHA1
0a916eebb8c1ff1ca5ff1f3b2315b7c657ccaa90

SHA256
59784f4884e53a88fe5bb94f76674d7f49e6be5db145385b482d86947127430d

SHA512
bcfd1548725157df67ef62dc7f3ec6b200187ec6fb17055b20289324846e60531796faa7fdca5d901efbe3b34d17a83252ac483e276d563e11ab6f07b0839974

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

Filesize
1.0MB

MD5
1ecb51954a61cf8fb225f07efee2b519

SHA1
fa3edc708087d98c9c6cfe9bc669887d4941f606

SHA256
57c2c7a2744364952a4a1ad6f3bb4a12cf9eb0def0553e6990e7eb65d677c372

SHA512
2a23b5af562afc2e80ee7a812122e4277944151fbdc3887cc5b43b0a87b0ac90ee9b3c3762e51e785ef61ceb6f8d75d1aab6eb87ef17d54c46dc911384ea6d89

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

Filesize
2.3MB

MD5
8cb63360ec472503a9ad01b5e8d7159a

SHA1
0fd3b83040dea5aaaa94a1957b1d7bd97220ed09

SHA256
a2610f5bccdd194d06e888155c5be538627163f1e58847436680e625b18129c2

SHA512
59a5f778e726c5a28b747e1cda89cb44cc08342ce81b68615010459e4cdc12573af190d124f9ce7ea513dc0c25b5a4cdba82f7cec2c0dbdcf2dec99d0738d246

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

Filesize
2.2MB

MD5
0f8bcc106427b5dade71924808dcc661

SHA1
d7d11f04e5a8ca01a451c949833fcad4d36e1746

SHA256
5074d96f681600f5d0507270854ecf6c6244d13d2f0d17e32464e3804554d712

SHA512
51beed3a465ba3f66da091597cf360a08460e76ed1205799e2acb584b0cfe571e10f6b5ba2fa4348354d314a18ef0cf0016d7c12ef3262440076ce0f4a320025

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.0MB

MD5
2c9d1fc7954c7edebe6294585a5b6235

SHA1
fa36ac437efa6c6263dee9ad06d9035a660b3e32

SHA256
68af26bcf6b48a12e2cc8522e5f8de2613066bc9040e4473401f7a61f0c2ad08

SHA512
9bdc05fc6beba4c5ec88440ead0adc7ab895fd6429b52a9f97a2c2be678bf9c57a9e48f4b0513325b16fc5a0d9a55d07094b0d1dd62ae12d987ad2f3aed96224

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.0MB

MD5
1b0b1b8d776f3cf1cd9bead3cc41c192

SHA1
a61d24a604cbe2a920dcb30a409b927c69d275d5

SHA256
ed087657c70ec894be937549848f2dd631d256506d718cfb735ae4f202857635

SHA512
7f5e219aa31a555d1071a047a8bb6f60613dd39f54eb045fbc25cfbc0d1305be308eecd3d95e7d0ce4949fa70ad54986785f621f27e66ade8003d8609d43ab5a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.0MB

MD5
accd995b331c19b4f9e327927436f2b3

SHA1
ebe9715c141f64cc9af9389dd8fdc4c3c6110fef

SHA256
02e9e557f8244e0a0baa88bb6f1f8a3eb316332da4ec994a3ba571b995aaa9b7

SHA512
74c21af27536e500b1f926f8568377cab8b19d4269b6a774003ecb91fd26e6425cdde2fa9d7e4c56cc975748976d06f91d58b0fe0ed3225f19d83a24660039fb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.0MB

MD5
955ea26fe5972c9d31afd765469b6b2c

SHA1
4090cfbd4454844903fb56c0f42851fa9c7fff11

SHA256
a903c0987eec987d779dbe0feb04325f109559c888cb2dc3b99f5deea32d8231

SHA512
141c6a5210b69068cfff23e46f9cb4fab13c4400454350a6b3e8d260a3013f838090ac566cc2713e43827c840db956206f04cc3b731d5ef871901b69fe6d672d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\policytool.exe

Filesize
1.0MB

MD5
01295375b02b576885f0922233905630

SHA1
2aa233f8cebb2d1ec509a6b06e1997b34f18af16

SHA256
88503a7da016082b6405a2924c2bf81befdaacd3856350e4952e4f86ba0c7324

SHA512
baa9d9dbdc4a4d8d443a7574a596da1f40eeca9af9652386d73ab6979f4ad3750749b918eb004b897d73ab06693f4fbbd8c99762c8aa542db6cdfe62c06bbef0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\rmic.exe

Filesize
1.0MB

MD5
2a39b1f71a18c7262f042418e2f88059

SHA1
4393243c28ce307894fd9241099fd5802b47df29

SHA256
ba6bba3dcf1af83e12515a1de30b014ff9aa9476e0f2e4d7de1a9d0d94523d96

SHA512
ee6f7d3e68960ad1b97fdc20c52b099172f507d7499b0ab5bceabb76800f9ebf9c6f0e0765c38ae6fc1913747c07945599aa3efab09a731c5a338f5f1fc72e93

Download Submit
C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

Filesize
1.0MB

MD5
d831f9c074a7a9da4a8c99805cc01665

SHA1
ae472e9486619766340c316d95874efe6e3ccbb1

SHA256
a4976ff06aca7942ec342f8587ec3a6dc21c7105833fa6af880e09ae74591d3b

SHA512
d9c48f212f1cca747565a773ca0ed6fa8745c50f1fbac44bbf2f6f889eedbc689834ed7ac1bcd6d07f10299c01aa0345d1a9fb53c43e2a754c8d527dec274fa6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\schemagen.exe

Filesize
1.0MB

MD5
8a38764da998e6193a3a05b23c8cc9c8

SHA1
4bc16c2bd976e95d8ea4b3c1af2cc366e05c3160

SHA256
272f9ba481d19e150bd312f46e920016cf5cb253e678d900c028978d214bc29d

SHA512
b3814651e0dfbad8d05d1c1040cadea3e6446d2ba3c447b6c3916e861031a67f8364a586c16284324fdd47a03ff619c49da2d2b79e975aa549a3820dd0814a12

Download Submit
C:\Program Files\Java\jdk-1.8\bin\xjc.exe

Filesize
1.0MB

MD5
d79c355570535f6de5b901dbb9b0ad2b

SHA1
81fd8dc2d762def8885396e92655e69e69dcabdd

SHA256
9948d673cc1c848103df238dcb1bba9345efe0c72325e3db961d0b01aee8218e

SHA512
e9c1dc818e0d2ed59f70ec00acc5aadee9c177f12767c52a39290320bcae1a627e1ea7ef179a574d6e0e78a92d49ffd3bd300e468c97f987e332c1142d49eb4e

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe

Filesize
1.0MB

MD5
5e3cf255533b879255af2c4d80be923c

SHA1
7542c62e0816db384ec1222348cbddd958edb930

SHA256
08414b624de5c1ebff174568b0d9ef47c003dc861281ff7e1110a5897f8f3f20

SHA512
3ecdb0e6154591a57c558aaac1da702e3b0feaea0b2bce8b30505c0e1051abcf11f95d5b18ad171f74ce88b85a6b082fb5ac05d8a2a5933c367e7514ca7394c8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

Filesize
1.0MB

MD5
9494c29067d30530ec67317811cb1ccf

SHA1
64fc849329dc44abac63fe89bc07f43aa6179954

SHA256
8d72b9a833df4225c9d71a02584212b849c8e0374875b7e131252d15b03f2118

SHA512
da4329f260e99851819b8db6c4995041e432066b87d5a2d5b4ca835e0997a1cb53257fde0fba0698101548611c2c4629b37df34d528d5af71bafaf85bf55221a

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

Filesize
1.1MB

MD5
68d98fd0350ec1a13cf650b96a80d105

SHA1
8563e6b233d0adc43cbc05f5528a71df5f2c1991

SHA256
235d85963f75ff3c012bff59168cedd96f5a59ac2dfd530ecfcb10e021c057a5

SHA512
a719847ec2fb091e7cceb97282d4cedd519b54e1c2a660131595db25f451b3409e6080b97666bdebfbeff70cde7527505abfffbcfe4ebe509a1a899c94ed423f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

Filesize
1.3MB

MD5
3ff0c063d3c8eb1fa0be3433344901d3

SHA1
f7cc96b78ca02ffef10018410e93db11d49839d2

SHA256
91cf5e17c54f86c1f3a1b9ab9fc09e8762dc74ef87981824728f1fd2299f53a9

SHA512
f250ff8b61bab6d854cb847067742f42800f2f5573cd187675b23e65de201f7bd96d7cc8f21766fb5430ac0a68e8d5eca2d1a386fd85a9e7b0a73c9b3411f8a8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

Filesize
1.5MB

MD5
b91c4051e88eae97830fe4077b7dbd75

SHA1
669ac376f70253ed263794d1075c701963617d67

SHA256
f847da98434ba778963b25036bc758a85832e99efd2a20ef1240e9f02b257dc7

SHA512
5c4559ca4c0464e5c6dbb01493b1cf61a9c89f3ca2746c9bb8c2fc6ac651803eebe987d1e6ed2e3bfd43605f5bf8f656ccefe1735eb1e62b1a5158ea5751a2f4

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe

Filesize
1.0MB

MD5
3f9fc79e487547a4fc496a910c93d485

SHA1
1d5280439952b5ea4f2aed5e9592f9e6243aba1a

SHA256
c5cae60ae05f4e18555377036ed72998d331c73321567f95bf6265c0f9977a50

SHA512
bd3e83f8657661e94c12e6718e8e1a8e1dc07057a38d8cb9935378d909e451f236f0e1c007c5aab6c6a73ca210fb2fc8de7c287fb9a130a64bf0045cc178f7f8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

Filesize
1.1MB

MD5
9f2cd2e127617b0e92293d0783c7a689

SHA1
2e0fd2c214dbb1d6e8e271e9478680dfd90d3dd3

SHA256
1346cca1d97db596dba94a0b78708d26e3df959c703584916c8802e388679232

SHA512
1bf381fec9700148d79581e315271939b3d424e557ebce6965a5a66b70524a98221ea0434a40fb23d189f254ff9423dd0cf0fc7b938c98c03b3ad98eb6c5dfa5

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe

Filesize
1.0MB

MD5
7794ce27d4f373a564667c322bd8f3cb

SHA1
86140d2dcad606f1c8c38d604b1d70292efc6037

SHA256
ba1bd16b2b76465e26df7f2ea09e47d37bc96f2fab9121974c35cd1027a7246a

SHA512
6272e6d88f383fb47183b08f9d9c0dc01529c99f4740f392b19e7fa80a81d491bd346bdcb181de2c6339c5af42f2a7695a0ae1c78609b0812e7e97e7f075174f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe

Filesize
1.0MB

MD5
f4b38a05e51c09c5faa103f188f4571d

SHA1
b624ebf72883224e704bd779fc0c3ab6bde91086

SHA256
4157465bf823d5928c1bfb0b0a03dd36ada84e50b97a94f352f495c2495f4d09

SHA512
ee0fccda3ec39d6098606e8026906a007f62253bbcaafd93cbe268fece864e0719c0ded8ab6d1910731e540e9c897369c5c9cd364bf5f831ced200c422a08659

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe

Filesize
1.0MB

MD5
17933d3ba3b021303ad7017404cd6a71

SHA1
68434f06603b26946c6d4f0a9c2c97511ceb73ad

SHA256
3b0887273653b4e9337c18d7ace1eea24c007bb03c6adc1a02f3cad01f3ed164

SHA512
790fa96a4446580d3384eede90521a3c316108fab97c41254b872c444ffa4bb5efb1b77f40751fcd38c5a2324db6b0b56f11c03bfa4adf88f672134ba4366aef

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe

Filesize
1.0MB

MD5
26171b150f5495b72c6423adc89451b3

SHA1
bd4dc53fa33312df06c69a1352217d2579606abf

SHA256
da233c29406d1d06cf3be8303f29f94e545f76ce5ecd0f13e460f41fe0544ba2

SHA512
c87516af6a1ec6e38575b2d124eccf7d28906783e1c493be55a8e584af35e049a6c743af86e416949d475ff34e6054277b5ad856955511163cabaeb43577f155

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe

Filesize
1.0MB

MD5
611d732300784116c87e066322613486

SHA1
b8cd1908a6a814c2d03d414abb0432b8ccdb36b6

SHA256
41d266e13aefafd31b2537e2b5d8e4773222e1921fa8b8430abb7860f1a0253d

SHA512
d54df00e8b701150eb9f9dd6a3e09b9e13b5dc4b7de3021f9989554ab4e62cb644d191f7f8d0b5cf5572bd96a663283bcf66e6e316d516abaca36fbff6f47948

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe

Filesize
1.1MB

MD5
98292fd7ceec4b3a2b2b3baa89456840

SHA1
58a955d237271687a461e92f5d929f329cf5ac78

SHA256
0d071b1649ae594e4bde91454dadf2dfb1aad3f11de30d24f28347efb342d661

SHA512
46bd37644e7998b417e2964c200f67749348d6c53537e9eccfbc5ebb7bff5e1fc785de2814dcffff6820e11203786fcd99a05f352752ded38bdf4e4bc430438f

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe

Filesize
1.1MB

MD5
0e1142dbb5c7de1c4e5ffbb0f114bf22

SHA1
5cd3642f7e6a5e29431d7c5f90bcdfd7169480aa

SHA256
7732ad4e47d06549ec244508c6dd816c99a3dd900d90c0a0d2be2f4faba75b28

SHA512
8cb3b7f1fd14f7cb5a88af80dd189d89c5524c83b944eb911b6059d31ebd554cfc7edc54c0756d547b45edaa01b45d0edee4b803fbc9c1fb43c90c22264a114e

Download Submit
C:\Users\Admin\AppData\Local\Temp\46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877.sys

Filesize
2.0MB

MD5
c4fc72bf1550b6f2e6cfa02507baf71e

SHA1
166b227340e954e55125aa63140b079288fac3cf

SHA256
d88d4a9debd58a1de2677865022631aaddfb4ac52b3e6e5ca083bef426499a33

SHA512
5086f567e118ed915ddf74a64e5497e8b9a3f70087e0fb1c4f857f043377fc4bc7d0c83a2a9dfc213c299fff393e4a4a1bcd9e7b09d10f19c56b248483d88375

Download Submit
C:\Windows\GOG.exe

Filesize
1024KB

MD5
4f8cf66ec92cbb69068a908ad325e604

SHA1
cfddb5f5c597ddd157e0007d00096e03ec8e0072

SHA256
46c6eb029bd3dc328a327dbac6febe55bf0e047c615f8dcf4ef537368ece4877

SHA512
e4a6bd27092021e9021d7ed8913306d2bf6a331d664a2953aac1514e2adcc264f248c7df8b9340927d72561b5b51b095675a725f2d267729c6dfe2aca0ccd879

Download Submit
memory/1512-39-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1512-162-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3452-15-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3452-160-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4908-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4908-53-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/5204-16-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/5204-161-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download