89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92

Analysis

max time kernel
41s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 10:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
Size

4.8MB
MD5

9e69a054a4f8bd2955f38b5c6f1669f1
SHA1

a9c82ac9b649760ec9c31c8f631d59f1e3727410
SHA256

89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92
SHA512

37408bde6e6806a01caaeeab9d702735f71e60f4ec0078b377f46c7a11a6ebc834492d8244d8a087cb50a4c46c9c35fa66654ea2ca07b56b50ad5cd5cb737f3b
SSDEEP

49152:Akny1B/KCGZd0qgNEf16lhulJLirHJIZ/K0tDAy49uO7G6XSq4vFWVRxYOKKJY+l:Akny4WQtZ/K0tGOFWVRuLftCTx

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp
2312	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
2916	GOG.exe
2780	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp
2180	chrmstp.exe
2160	chrmstp.exe
584	chrmstp.exe
2420	chrmstp.exe

Loads dropped DLL 54 IoCs

pid	Process
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe"	GOG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe"	GOG.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened (read-only)	\??\A:	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe

Drops file in Program Files directory 62 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\GOG.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
File opened for modification	C:\Windows\GOG.exe	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
File created	C:\Windows\GOG.exe	GOG.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GOG.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\WinX = "1"	GOG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\NowCount = "0"	GOG.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2924	chrome.exe
2924	chrome.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe
2916	GOG.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2724	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	29
PID 1120 wrote to memory of 2724	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	29
PID 1120 wrote to memory of 2724	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	29
PID 1120 wrote to memory of 2724	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	29
PID 1120 wrote to memory of 2312	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	30
PID 1120 wrote to memory of 2312	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	30
PID 1120 wrote to memory of 2312	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	30
PID 1120 wrote to memory of 2312	1120	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe	30
PID 2312 wrote to memory of 2916	2312	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm	31
PID 2312 wrote to memory of 2916	2312	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm	31
PID 2312 wrote to memory of 2916	2312	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm	31
PID 2312 wrote to memory of 2916	2312	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm	31
PID 2724 wrote to memory of 2780	2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp	32
PID 2724 wrote to memory of 2780	2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp	32
PID 2724 wrote to memory of 2780	2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp	32
PID 2724 wrote to memory of 2924	2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp	33
PID 2724 wrote to memory of 2924	2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp	33
PID 2724 wrote to memory of 2924	2724	89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp	33
PID 2924 wrote to memory of 3000	2924	chrome.exe	34
PID 2924 wrote to memory of 3000	2924	chrome.exe	34
PID 2924 wrote to memory of 3000	2924	chrome.exe	34
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 896	2924	chrome.exe	36
PID 2924 wrote to memory of 2392	2924	chrome.exe	37
PID 2924 wrote to memory of 2392	2924	chrome.exe	37
PID 2924 wrote to memory of 2392	2924	chrome.exe	37
PID 2924 wrote to memory of 2552	2924	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe
"C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp
  C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp
    C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=103.0.5060.114 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x13ffcb618,0x13ffcb628,0x13ffcb638
    3⤵
    - Executes dropped EXE
    PID:2780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7359758,0x7fef7359768,0x7fef7359778
      4⤵
      PID:3000
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:2
      4⤵
      PID:896
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:2392
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:2552
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:1
      4⤵
      PID:2864
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:1
      4⤵
      PID:2860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:2
      4⤵
      PID:528
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2932 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:1
      4⤵
      PID:1964
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:2180
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401d7688,0x1401d7698,0x1401d76a8
        5⤵
        Executes dropped EXE
        
        PID:2160
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        
        PID:584
      - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401d7688,0x1401d7698,0x1401d76a8
        6⤵
        Executes dropped EXE
        
        PID:2420
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3696 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:1
      4⤵
      PID:2660
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:1064
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:2772
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3120 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:1828
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3752 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:2380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3812 --field-trial-handle=1356,i,11190904035514143587,13221858330240163320,131072 /prefetch:8
      4⤵
      PID:2212
- C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm
  C:\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm /zhj
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Windows\GOG.exe
    C:\Windows\GOG.exe /zhj
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\992d9293-c255-4648-8059-c126ad134d78.tmp

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6b00727d8488aea552a9e9b81b8b3573

SHA1
624b3369aebd4a95139ad682af3bcf5616aff953

SHA256
aceee7fe49c9c9c57fffbe2d9f2c1267a8029cce28a379ef70919a1b59d7fa90

SHA512
769cbdcd23ca54bd2ad2ab310a863c9e83dda013f7984f99d3882292a9c2801d8ef80368d6bd4f2ce26faa8f59fd0f100a9509ef651f5274740f7b8fe3ae7543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cb477ae41679ace11c7a42a54736df36

SHA1
37c5e41fd453cf3e4ed1a27bf5592650126d42fa

SHA256
9efebeda96e6ac71bf3d93f258c6e4046085752cbaf9418e9eed735321d564f2

SHA512
bfcfd14ee283e73fdd5b0eac7540d7f213f26f4a60e9634214abbd2cd161099c18179682df7e79f0d8031274146aff1b966bc121e3fa5c16c075df4a29ff1b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
31e2de3935c450bd98a6dd5924c0e713

SHA1
e606b415f21803c311d12d8bdde600d5fc9fefa9

SHA256
b34d8d6d9fc1f5ca79c7c013b78fa7d5180abcfbd60eed154ceb092b52b63171

SHA512
69e7f5e24ef3516c2f07c89d300dc235ec4117f1805fcbb64cf676162267bf144f9833956230c2f9fc71921578afa5672a856902c1810e8d1fb1dfc92ad36b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
95630fa14905d2281fcd615a4105d57f

SHA1
1221a63c4af64146a77c0622f051428c001e2055

SHA256
306602f4d6a53b09125b5cde85ef8da572fafb21d121bc0e1a7cdb7d36299852

SHA512
cff700fef3a05102e25a68548317196ce804ded0456fa26713db1883f16141c584413476d179824512cc6d43cff5638675baaac5365206b7e9b4741e42fd37b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2924_40511019\5dec0362-23a2-43e5-8eba-021877335421.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2924_40511019\CRX_INSTALL\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2924_40511019\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
145KB

MD5
9d10f99a6712e28f8acd5641e3a7ea6b

SHA1
835e982347db919a681ba12f3891f62152e50f0d

SHA256
70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc

SHA512
2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5

Download Submit
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
818KB

MD5
a41e524f8d45f0074fd07805ff0c9b12

SHA1
948deacf95a60c3fdf17e0e4db1931a6f3fc5d38

SHA256
082329648337e5ba7377fed9d8a178809f37eecb8d795b93cca4ec07d8640ff7

SHA512
91bf4be7e82536a85a840dbc9f3ce7b7927d1cedf6391aac93989abae210620433e685b86a12d133a72369a4f8a665c46ac7fc9e8a806e2872d8b1514cbb305f

Download Submit
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe

Filesize
507KB

MD5
c87e561258f2f8650cef999bf643a731

SHA1
2c64b901284908e8ed59cf9c912f17d45b05e0af

SHA256
a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b

SHA512
dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c

Download Submit
\Program Files\7-Zip\7z.exe

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
\Program Files\7-Zip\7zFM.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
\Program Files\7-Zip\7zG.exe

Filesize
684KB

MD5
50f289df0c19484e970849aac4e6f977

SHA1
3dc77c8830836ab844975eb002149b66da2e10be

SHA256
b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

SHA512
877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

Download Submit
\Program Files\7-Zip\Uninstall.exe

Filesize
14KB

MD5
ad782ffac62e14e2269bf1379bccbaae

SHA1
9539773b550e902a35764574a2be2d05bc0d8afc

SHA256
1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

SHA512
a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

Download Submit
\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

Filesize
118KB

MD5
f45a7db6aec433fd579774dfdb3eaa89

SHA1
2f8773cc2b720143776a0909d19b98c4954b39cc

SHA256
2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a

SHA512
03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

Download Submit
\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

Filesize
97KB

MD5
2abe4614a5d80878832fc7e91c8a3146

SHA1
3808489961c56e3cf49f8791c152c7db1085107a

SHA256
259be6f52760b376a5b8b53211e5405fbf4bf2339b63d341df2dd9d7a7bcf041

SHA512
f461297fde475649eb6becf576a932b6eb65f102c3674cfbcd5d4c8027d23e38c46dc8abef0d53d0b6441f5630930d34ffb5706bdaf0c19ee6c4f2cb2e59edc5

Download Submit
\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.3MB

MD5
2161730a7ae00a1fb8c5020a43be949f

SHA1
8db6b820472cdfa266c874e0d3a9395412995aa1

SHA256
07e7896b2304e3b9966294a02d2ed32f41994ee7bd0a284e4160743edaeb9e15

SHA512
aa3659b6184f4273b7fcf1f7d2cd0a5a9129b8856d15e4ca8904b709e85cd432538ce0510ca9777760a1a9d5391671232a79908860e7d665260a54910f6fea5a

Download Submit
\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
1.6MB

MD5
527e039ba9add8a7fac3a6bc30a6d476

SHA1
729a329265eda72cada039c1941e7c672addfc19

SHA256
4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94

SHA512
9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

Download Submit
\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
1.6MB

MD5
ec6386b63c3a5ffe0577905e94262c3a

SHA1
8f8c428d0e7f32c9d733ca28384ded413a060588

SHA256
302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4

SHA512
ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

Download Submit
\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.2MB

MD5
81664a918656ecd5e8eca90cedba1150

SHA1
580d0eb98bb2c838ff89eb54efd86535ee8882f6

SHA256
2f664c756727c321a3a0fb6c6e68842ca1a5f20575a02312ea10675dbd5dc40e

SHA512
7a211a01c674aaa5e8052dd339b412892c452309b651e835f0b8e27f15ee3fed42c58f43910a202150ca90704f522499deb7bca055451f1e6c8515b2d491df3d

Download Submit
\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1020KB

MD5
b65d7344b0a7faa207d2e1a7adaafb60

SHA1
755ad15b1745b0e730d658d4a92e2b754425b7db

SHA256
f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92

SHA512
f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe

Filesize
15KB

MD5
c9aaf1247944e0928d6a7eae35e8cdc4

SHA1
af91d57336d495bb220d8f72dcf59f34f5998fd3

SHA256
05b153ba07dc1a262fb1013d42bfc24d9000ce607f07d227593c975cdf0bb25b

SHA512
bf3bc64135810948626105a8f76dc4439e68ee531f20d901c3082ae2155f2ea35f34d408de44b46ede61ded832fcc61ac1cb9719e432f0f07b49479c95847e51

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\apt.exe

Filesize
15KB

MD5
407d2d7dab36cdea871d4c6b9c62b258

SHA1
86cd158ad810c6772c22a5799c7acf4b9d7c9f57

SHA256
3c040679ea4be0cc5ca20c9f24caf6c13d3002560347e7446dc963b611523bd9

SHA512
dcdb53a3ca2a3637216a9d8133d1dbda336a6d3a98c6b956af42f94adbc136dc5a0245e87512d0314f23dbf3cab4900bc40ac13c79ee93a677d93a89e0cd9e17

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe

Filesize
15KB

MD5
1cb4c95888edfdedb61628680fffd415

SHA1
3336670c701c61bb8062d7620c4244dbc01756d1

SHA256
182d8ab5ec2ee2ec57d60c2d2d75df6c852810e74c50289aa9c2c99a6b050fc6

SHA512
24c8c05baef516fba5aa763c0abc603065a75e5816501c713b24ec8baddad4fc290b3973dad89ac65f09d0277c2fa72d8b00f0eb2871170dbd89a8d9062bacf3

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\idlj.exe

Filesize
15KB

MD5
26b70aa2ab871a72a3fd30829f2f1f29

SHA1
73934bad6bf5ca22484a88e1a4b1263ae278c419

SHA256
4e11bf944fb0a34c5cf1871fec3c8f7473e1944642cadf89a86db2eed874d35f

SHA512
40cacfff6c7f47aa0703e8cb3186f8bacbff1d56dc0547d67c44e716fc0d28705995a439a88a02ce8a262628b33cf2f6ec6f0586cdc2fc86597e3da4fb6a1d84

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe

Filesize
54KB

MD5
502e87232756dfacda7d1686d4bc9ea4

SHA1
6e40897d0a957783b8b88f2a6487dba028954b22

SHA256
d230ada81f3add58fd8a646d25b8f25fe6271b3eed5edef9fdc8945baabd5631

SHA512
96366e76942f6da30c02e9f6cf7cdf0cb7550455c8cbaaae7358d15a2258e1f0b2bfa960d52cb774039f2070dc8c383c3df187805f4910d40601b853e4309d9b

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jar.exe

Filesize
15KB

MD5
3eeb342d48cfaa4c568a93ffdfc847d0

SHA1
ed5fd565c4a1867ca554314f038fc20c7de01b90

SHA256
29e65344e34c2354da05e8de64b106aa0ec99d8c5c22b58797d0047e227879ff

SHA512
db5b84233d40139c44cb8fd1a43e1c8a41c967358641e1488cc19474a8de381c5aa2c84f61b10d69d019f0d7170177cccea47ce9460d409a480c8537232a2ef0

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe

Filesize
15KB

MD5
2f7770a34bb22b99f8f6966851331d82

SHA1
2a2860cde1482df656544e1983e957f815be4193

SHA256
f873c02b69408f905c2c0b35b188d2c0b0a7cccc98a59d18dd0c297f761d2ef7

SHA512
8611f8bace081711d6f5dcd41177f594314970c5b2f328755027383e4ad2a239bbd85e0cedf6d1a76d9d1f54afbd340c9bd4ab119bb87cfd5a11149a0cb71dfc

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe

Filesize
15KB

MD5
a5f4cccc602a42b4ddbd8acbcf34f158

SHA1
5f26277884b2f6cdac26267f9b582ac5a5d21b08

SHA256
2d9044e9265fc09680d5f0c054c4ccac7d8d14b3a4a42e803a2097108e0f1acc

SHA512
3cb0d0028468edb1687c6142ce3ed6b594428bd209bf8b85ab2315e7992af12c4d622f26e652d6be0718d51d0d6a171c0a881b36d2e67a199998442e91621149

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\java.exe

Filesize
185KB

MD5
641b4ed6ab90a6f52ee512ea88a64cd1

SHA1
28d014900accc98e6089d83d0b2a8cb8735ed101

SHA256
13590945a04037dfd15d61166e0771682c7809674fca42f53fdb3afdcbe21410

SHA512
00a588556196e305dbf1714e573a5c5516c2988356b984a7284ba017a78bacb8d576b590da35be40171d6dca73580c5b9ab06808c7246c2e13c8d9b816f2ca09

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javac.exe

Filesize
15KB

MD5
000b77a2ed92887856174641dfb6f485

SHA1
7872d9768f3a4b0601b91bd0b55f08c8992819e6

SHA256
1100a8d298426491aeb34288f7d6e600622f2d94fc01bfeb093fcea3ac32a8e4

SHA512
cec8642269bee8162b8d317ba61777b4005cb2dae8e9837bfd336bc6fd633066cd52b878160f4496113c147a7d0374619367e9bb451e82f7a5a39f0db3fde152

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe

Filesize
15KB

MD5
516f6320ae4d755b9ea0c7c8347f5801

SHA1
bfce7c2869725ec8f327b083be57d20671fcb2a2

SHA256
9e696aa5772e8cba27545b47b00be4a3b8fc888f8c83ca11939b753850feab14

SHA512
0e12bc2f01f2897df41e56cee150177a3cc09ca5e889b61fcb9dbe07391a6f2537454401a2ca2ad93c652303a8e5782fd9860ca83734401393e314570175a6f0

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe

Filesize
78KB

MD5
cace8f27a66ffec4f9823aa258c307a9

SHA1
dc515d29aa43d2b6b7e157f05e97e87d5f785884

SHA256
3cf626dac6e91a03f688bf5ab674871a3e0411314f261bb2c69346a1c46bc733

SHA512
4a5d5b564bd483e1949826d388e41c63a7b056236c5972c76721fd98c9b704a79622ed4c1b045080e4470340a9953595df955148999e15677f0e38e529a6a5f7

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javah.exe

Filesize
15KB

MD5
8ffd9b7406e8aecf1d6117606d2bd149

SHA1
edf1f0f2f1024cd0fb6b39dadca251c99ccdedcc

SHA256
dd6b65e78cb194055494bbb7736ef917d3d6da1863567afe50b8abfc8e51267d

SHA512
ee54a1bec20608477053e87c641cc59dfe3c5a77061395c9d41759c3c559d6d5e8761b75327f3a05e62c602031650ec0be375a1b2235a944048ab340efce7397

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javap.exe

Filesize
15KB

MD5
95cf3bf094a35c9e7434bc402c09630c

SHA1
2b4d21ee55666f0664a644ec443502a942b9e7d4

SHA256
4973b97a274648d53977499891b919f98684fdbebce10751d71ce4d2754f6622

SHA512
09db399afec354ab699701f4196e93178db613421beda9e695bc36414698f83084d05b70595d2b31fe2a0d757ba98640f7e3953defb8dd71df03e4c01391fe8e

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

Filesize
185KB

MD5
0266d98252b6beee2e842d5e876031a8

SHA1
8d57c6d94835ac6b1b0f9a657af6baa4be25779d

SHA256
c5d59069dcaf86222c9c189c8ba8932ced66ab77b4baad485e1f0ac715e6037c

SHA512
7eebbff75a67a0408ff2f507d9f1b387dcfbe6765ccd4247fd78a64c2ea6090e88fd30f561e30f48bc107dd9378364fd18dba4ea22eedee76a1f993fbb1e9f32

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

Filesize
312KB

MD5
bf91501c9b39c728ade2cf3788b647c8

SHA1
fbcb53c4ca9836f5bbfbb2b63e7a1a00a6bf10c6

SHA256
d602330327fd3630d625c9023131fd2318f677c67aa421631b8a4080dba38578

SHA512
01a6639a580bd418cc4d1dd2bd8794f356c08b6f7fa801245e9200c883d32c6b103aeac2615195868a8e63e3515911de2a9afcced21f62fc41edefdd0a66001c

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe

Filesize
15KB

MD5
36e8cb42bbfc16e1395a88d183caed83

SHA1
ca1c513aaa7d49adfe0f43ceec81e6d0c0ae67d8

SHA256
40ea55ebd7ef975135dafffb396871a8ab728abc24b42eaab76f08859994e996

SHA512
f7620b06a5d43d21a0d492b66b0e5bacea6918f1490fb0504e9440524b7ef02ba83d2ae3c2211113b478b8325a3a6b6c8f65939ef5a01b835451cce2e72de00f

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe

Filesize
16KB

MD5
805f6272e5e3a80aac3540cc5b42b08e

SHA1
437bee3476647f7b55a49630cb86ed4befc34293

SHA256
910dbe44d17bd60a295a956e98e18347080cc879ed7ef7241cd2d0edfc060551

SHA512
319f8f50dfca4adf148edf878fa7c83bc6e4f1053da0c7d412645fcae9c63e67b838c876838805d9a33b28067947d3844479c9ddab11eb9e760b9df285f27041

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jdb.exe

Filesize
15KB

MD5
0b5681808a793728fc658f1e9b94ec52

SHA1
05763b10f153447edcc08afeeeee71fa2f221033

SHA256
d18fab0d0e24e8f1d9551e2667f6b2c34fcd75232c39e85ce50660588174079f

SHA512
65e64980a30285b29888b9eeb66ec1c27c98a15effd67d761c3c62358e3ec008fbda61feda4fada8f9af8bce740b8f38236495c6f1b274d98c14209cd56b414c

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jhat.exe

Filesize
15KB

MD5
1dbd51882c2b82a5496106c31db425f1

SHA1
f47bee48a7d0da0c4930cccc6fe7a8d8600d4b05

SHA256
659fecc81e846405613c2080ac81a567df17c97449a9c2ba179ac216280223db

SHA512
81418b0510b58f782b843312069842aeeede8d35feb8f393807169398464896f281dc13bc82d51279a07adfbe97758b82143218cf9a56d653b3a9d11da62f50f

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe

Filesize
16KB

MD5
f499825b88d200d9348b5f97ff297ec7

SHA1
366adce5911c160fa26d6fdb4d65af357cf0e3bc

SHA256
8b2d599efa66da695e503b480f355fc5f22347fcf5c294100abaeb3e9a20c1f6

SHA512
3017bf630ba53ee0855d1e657df197732e4fe2fa6455fabad2085e5a24918589d487362fc2819fff85b3fcf7e684376d4b7a5bbc6e71ea57cc62ab397a87dba9

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jmap.exe

Filesize
16KB

MD5
30989429490b9ccbde4fae1fc6df84e4

SHA1
64c8cf20ebb4e8dc31521f0084eb046a9e3f0500

SHA256
aa98634e3668beae535738d25c2094a7ef0d855ebd9d945b484368f9e543bc0d

SHA512
9a78ed9cd8dcf333ea240ff309e24a2e5de39bbeba4e9291b55d51fdbc10ee672c674a9f4393b13819562a0d9bc99667eb03519cefed0218444874f15729eefe

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jmc.exe

Filesize
314KB

MD5
c8db7998995218d59addc586ce9679d6

SHA1
694f18eef5aa6dfe1aa607ad5a08980f9656ed07

SHA256
e3712cd917e4d41696165a98233443d63dbfb28560967de92ca4e707c50d7df2

SHA512
ba7bdfae350c4b98067a2875295a20fbee1b7e9cb1f1afde1a299ca1b8d6aab3996dec59119cd83214461018e5e4ff91894ad3f0e909359382cf5183811d3d12

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jps.exe

Filesize
15KB

MD5
4ce9dbe70ae911f1fef704e2c5594214

SHA1
3431c1d6fa21e04e79f0b2f48cd30b037ab009cb

SHA256
e45733934ff8c01f79a98ea2fd6b2a78fc5f0164e5d4fea7aef5119c7218a5fd

SHA512
291420138d84108ebbb8f3dc81bc4595206144b8eac0a459ae63754aa137a3d6789330dc764c6dafb5cecc76908166d93cccaecbcb3987d4cbba662980ee6359

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe

Filesize
15KB

MD5
c77fa8599058f2f08f6f028ad1ba3d29

SHA1
ea42e7eed011b8b71f32d4d47827a5b56198d134

SHA256
db2beff59876773d223f4813c05c65a1e582604c420ae6d7f6f3844a0a060398

SHA512
f2834be1925ca448884877e7236d2febb72190ebf43a2dab29a76b71c4976360d56df17879966ec74c60b3d62dadd81d577e3034961ed64418c0300f9710f43f

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe

Filesize
15KB

MD5
da1c77dc8b88afc927144ac6814ffecc

SHA1
ff50b5fefd7275f3972f2e3f228384816fe22e63

SHA256
78d50c2ca489676456b3a0ccd1696dda0f1e1e144baacd26cdbc472869578b30

SHA512
02fbc972c889a71947b2671bcc7e22f9a0edce3e0462f332753d974d73035315aef7b4ae1069e309aa560f98065b792447b2ef8f1e8be1874969de916b2f3e25

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jstack.exe

Filesize
16KB

MD5
095d24917473c666b8906e45852378f7

SHA1
2ca5842715ad03982eb9094786832775926e4b4d

SHA256
3289a0fb8c701e7eae9fc792329c0eff6cd2a42ffbf1845f4e630a3e1a019529

SHA512
fba9fe4ca6498c9fcf0d251906b537286f2e7bdb2399293c71f9b0bce379c2684da14212231535a81889928fcbe0adf7354bc83e272a3f6d9082f125494cc50c

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jstat.exe

Filesize
15KB

MD5
f9ae41a829d457685c00b08ea9185e1d

SHA1
54eeb13931bfdd989decb7e807996b46b75f1cd6

SHA256
d122b3df7c2b81c5eee0d3165a6741fffbc2298a8eb41740dbe0092eecf3cd47

SHA512
fef83f2670a11536b57dc3a1d86d014b49b83c720976a5592bf6fef2ec45aeb62e269ce0759b150accfc77a94a28423c833b4ad0fbec6a7e0a4132a2b152a538

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe

Filesize
15KB

MD5
d33a2ad454c698dc6cc87ff9e484229d

SHA1
cdf4c8db79f2530bdfec32a1909be5d129a23058

SHA256
bf9aef8af2046c69ccc29ab1f9fa0f4b31cfcb1892158877c01e7b3a8c4eadb3

SHA512
682e0b292f0f0cb1613c634a99df53d242ba465f1f754058d508ba8506654ebcb35f79e6e6714a288c2018ab9cdb929ef48a544071bc3ffbf3d362bf3478a818

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe

Filesize
192KB

MD5
41c53a4c392717800ee2661796ce22fd

SHA1
20a31b7b7b39b5505d1ae7e4a901d8c0d3abc6cf

SHA256
33d32fc067d35734819f69c028335e9e9d6d24beccae12b0256403c1c89665a6

SHA512
d400dcfbf42c94201e467b984352297dcb323ff0543fe433cac9d6e7a6ae30706fe22fb17c2eb57b479d27efd8c006a3163aaddbf6152a1616316450d8d7839f

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\keytool.exe

Filesize
15KB

MD5
5dfdb82c0f4f7aacd94291367a2cfdb5

SHA1
f7fd979fd533117718e7e3521ecf3bd8b3f048eb

SHA256
22cef66555cc851733c16103a666a7a6b64f31017fa2932c9148b1a289239281

SHA512
806cadd84bdaaed41f1a4dab44c80f46f7709326ba47401057f644f8ac115be7f97323c7273f96f5cd45a838f247f626279c2a07bfac2098f0dfff797c81e69c

Download Submit
\Program Files\Java\jdk1.7.0_80\bin\kinit.exe

Filesize
15KB

MD5
5d3f9112c9eae4363a5d0b6a0df71486

SHA1
6ec9840609e7a9afc86465e0453701bdb13adb80

SHA256
195a691a99a2be918bef7fd99958a0a8a8b1637dda4fb2572af03a1b3ebb2ace

SHA512
f3a93980f8105e200dd2764ac30a94d33849755ba16f9671935f2f2a3260678fe6408069d985ad521507304b3dd6fc52f0232377895aabe231010e0401c5bcee

Download Submit
\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.mm

Filesize
541KB

MD5
ac0bdf7fe5cd798f94e5074b2d3e27b6

SHA1
ee505bf5aefc040876dcb7f11141adda0a59108a

SHA256
f40ac1bb43ae44dbdfed96398c4f84a4fd9833e2bf9a208ceaf2145a7d438b8b

SHA512
7f281e06eac389dc4aeef466500e839c99f7a9530eb9d009cd01cb55522e250275c9bd45e38d9652447130dac3244738f0ac05ec911266b5fbd206bb79e751a9

Download Submit
\Users\Admin\AppData\Local\Temp\89d29a8bec914eba32cb43f75c9545fbb82837a2d6b6642ecba0ba9e273bdd92.tmp

Filesize
4.3MB

MD5
c451c81ed46b64c08d9db05237dcee8d

SHA1
ac63c873facf263439de14edde1b03f51514e0fe

SHA256
a8c4ca099a07dbd87d9045f22be0e4acb34857323b8633d7fac46c97dc41d6ef

SHA512
55649b927b706ba5fdda88539236e8344df8ed7ae6cb2976b8bff1b71bb1ba2dd88d3aea488ad178f6b184941ea38cdf49a19fbedc98bd8bff2fa6039c6fe763

Download Submit
memory/1120-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1120-271-0x00000000005F0000-0x000000000064C000-memory.dmp

Filesize
368KB

Download
memory/1120-270-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1120-25-0x00000000005F0000-0x000000000064C000-memory.dmp

Filesize
368KB

Download
memory/1120-26-0x00000000005F0000-0x000000000064C000-memory.dmp

Filesize
368KB

Download
memory/2312-27-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2312-35-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2916-274-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2916-28-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download