Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/11/2024, 12:41

General

  • Target

    2024-11-08_4827604cfabf8582e91fa1d9c083bbfc_mafia.exe

  • Size

    1.4MB

  • MD5

    4827604cfabf8582e91fa1d9c083bbfc

  • SHA1

    867bee787b3f510d24b22192c18d8bce07b3f52c

  • SHA256

    27f43a1e604f189eaa0ad33458f7f4f1e4e2b4f315cf1e50bd70909670a7acbc

  • SHA512

    e4ddeaf095b14ebe363f24d0df81ecbf803286e37387e5f82abf68a1737e18dea221b6230df438fadda86d7e094b705ce8603f2b1018acb7f52c70cc1b805851

  • SSDEEP

    24576:tpEa2NFhTGuTzs7ozX0j52pMkuLoiSJVlIL29mhNq6:nEa2NjxfJ70jIpM3kiSBM29mhNq

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-08_4827604cfabf8582e91fa1d9c083bbfc_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-08_4827604cfabf8582e91fa1d9c083bbfc_mafia.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3692
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2488
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2144
  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:1344
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4240
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    PID:5052
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:2036

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

          Filesize

          2.1MB

          MD5

          485ac4091278704882abdf63202a0ac9

          SHA1

          914ebe41e94ce1d68d41c0a69ae94e0aff7d3357

          SHA256

          fa759560d760c078cb1e0f2a7d154645b6957fb12629e3340e76f7d84adbd1d6

          SHA512

          a573665e37f74f25bcc9d595cb8632126736180faafbd2a0626116449e0741f9c6e497d4ad75104c05afc5fd71d70f02e4e2c3ab47c935426f3c0a9b1740e242

        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

          Filesize

          1.4MB

          MD5

          d258deeab93e8a9f05bdd6dc0ed08b64

          SHA1

          7babc8b4955f25b840097345c472f569811cc088

          SHA256

          6eb5453d559af94214ca0169e807f6fc3d088b7374fc505c9d8b06f16996c5bc

          SHA512

          cc8bb1fcd83c686cb274cb1ff8aaae55b0366919550a695e0a56b1f57c60bce76578cf8abc7c82a5e0a91d5f51d7aaad8aea858bfd1c9d9487dbbc58b677a43f

        • C:\Program Files\7-Zip\7z.exe

          Filesize

          1.7MB

          MD5

          d8b8eb1b431a481b5551d5c9a85df532

          SHA1

          ef6d8e8cb50f5f14e1cf94a1fab23efd0a9f99c8

          SHA256

          bfbe65de5876d4b5db4138e95ffcb45a9f1fe317f24fb52889b6dfc5469dcc0e

          SHA512

          a4932f28f78269b7982c3d08b84c1cb996b6233865c34fcb436bb7d0e876e8afb28ebc84d6ebce9c37f29c2bc2e2c1b44024f22c6cd646b37e07cccc25ffbd60

        • C:\Program Files\7-Zip\7zFM.exe

          Filesize

          1.5MB

          MD5

          d6da8bf1a8778e9e780c26b5aea5ab1a

          SHA1

          69b1971d6370bb15e7206e1ed36889f56b98536d

          SHA256

          581091d556fe3c6ce9d13abe8cd74b9475d4f5f7fe933bbe2b811eb40bf3ddcf

          SHA512

          05a9f986c22c11ba22318f244e248638edb4a5a887a3f497282f7d7f9298d5095716d1afbe4c040a911cd2b59c0f894716f2046c9d0f3a4cb4fb8fc8db2f767c

        • C:\Program Files\7-Zip\7zG.exe

          Filesize

          1.2MB

          MD5

          99b4a62108d328403a2b53889f81a424

          SHA1

          892dec7e06e429b2fbc2db5d4ef3a40d8ed09778

          SHA256

          b85849f4c26172215ec87fecef31640e1061e1db6b1a51c5d2b73b5cd16cf099

          SHA512

          ca02de9c1acfc2157592004acc038350dde2344654d0710cf3688a7cf77efeeaa0d3e18c3d8bdf515abdd3e2f8a96acfa749a6d2415f5d3d7b7e5dbb2addc448

        • C:\Program Files\7-Zip\Uninstall.exe

          Filesize

          1.2MB

          MD5

          2c843ce91c14fc144e873e3b0cfc90df

          SHA1

          2f52db420e02e75c34d7f4525bd243455459bff5

          SHA256

          0875583175fa785a7be4c901a5cbcfeae0d4ffad58a8753b94055d0751b719d8

          SHA512

          8803929491795a55a52da39a7a70a2bdf31e004e07bd220dc9bc8653298dbb333aeac652fc1bd3d8b943a3c8319c31a4bd6c156cf19a7f4231430b8f4e115928

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

          Filesize

          1.4MB

          MD5

          2993e64a9bfa2f3961fa4a5ea879af0d

          SHA1

          c891dd2319dbdb80503f02488ee1eaa7ece3dcc6

          SHA256

          48618ed6e7c9dbd588b91844a8215d70a18274ac0ee7e78cb67e65867dad6064

          SHA512

          8b890d8e5fedd0abb381edae30170e809cac40e7b175490ebf4b4c292a3b450b79adfff25a67381f6921563b868f3af1d19986cb125216d666451f0a00715fba

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

          Filesize

          4.6MB

          MD5

          b3fa2f852730037cc893e05aae0384aa

          SHA1

          fda040795ea89968f33666e50baec3f7a5138eee

          SHA256

          0900b3c933befdacd4c30d9655d7a8946ce91b83e5588dbfa088c06e76c6ab02

          SHA512

          97721f6eb6954e1fb50e138b4350557d2dc89cf67193a986e48cf3da37831a3c5bf4b96f1429288739b53c6a991a07e4ae901e22b0b7e6d6d4fe955a593dd9ee

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

          Filesize

          1.5MB

          MD5

          27c230058a49d606698ca3c349c0a2b0

          SHA1

          ed2dbb6efbc90dd5f52ce5ee4168af03f1231afa

          SHA256

          c70786bf490b368a01d47c8572d35d50e2262bbc1f4f8071afa813e9846e48ba

          SHA512

          23a3dc1f6b3954b675e5f1e760f710fe4b4242b0d36d25304b659a3128469d2856ec32ec5052d0610530b9993dd7e622d75b24592e8cc8c525106b3dba8b81f4

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

          Filesize

          24.0MB

          MD5

          9d4ed9fc1fa7ca77523b3114963b82c3

          SHA1

          537284969eafc5c13501830de95e9c3faa119b33

          SHA256

          015c42685afcbdea836cac1d07bb2eec9c95e8ae8184ce25f53d6ca7c8bdff19

          SHA512

          569b81be73d129e6962ef1da95be4673e1ca773b4818fa3cf109272102bff8e6332d6cd2d99a1bcf555c73f4bf57cad46dcaa15cdbc394029c04a7881769bd9e

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

          Filesize

          2.7MB

          MD5

          1bef816267cd7936b88688bcc692e56c

          SHA1

          55958de9580b4bffd84c5f7a43c1b6acf71efdd5

          SHA256

          dc8726c41efeff12966b99ebda2b83c4a4d5b9f3e46f91f62fd11e2973e5ad2a

          SHA512

          82f9c4f9947354cc08df3712bc8f9efa95002c249d59c41aae75e1024604f537b4496f48a4710f23f453e9e4d5d4098da02c2bf42bf05b34d207d3bfb211b9e1

        • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

          Filesize

          1.1MB

          MD5

          86ae9592bb2ad44c92b3f8bf2578edd3

          SHA1

          ae00a4201f64bc98ad284fd16a252affa58fb42b

          SHA256

          3eac202db8f856a75fd6e19d13618621a1682757e32d03809a6af043eedd3136

          SHA512

          fdd1f52e37221301fb53d7093dc6ed7b2a2dc0ce7e11c60553e659b4fc3dcf3412bfe1c9fd84590f00d9908398cf04ded2acd8a980dce8e6e3a107222b65dee6

        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

          Filesize

          1.4MB

          MD5

          3857cd6d628f55d9d9cacf87d76f4326

          SHA1

          ee2d2ea8d6791cc8bf980d6bf2c0998a4883ba9f

          SHA256

          7d4b6b3516e7d6f74fd2c1c7f0aa2f15013114a4487358b815884148b570cad7

          SHA512

          51108e134ca05d6cee9c515b292ea6dd04e4bdce9b2a59ad55278f446732334cc30b7f401c21be1003a29071f29ca5de6df7f92e07f111962f98de7dac045165

        • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

          Filesize

          1.3MB

          MD5

          5388ed4dee88b8635565142f2645daa9

          SHA1

          98831daf99ddaf9435cf5198d7428b86458b0bfc

          SHA256

          1d9d1d03d33f8ea7be2b97c8bfc7b76c90b3bc8404f9b9abe6b43ae339008492

          SHA512

          8d87a7ce128ba6ba309b0f95b5392e730026783c8273b83501127849b0bb2cfd9551e3eba9ecdeb99db8dc4cf85c950132389b83bcd0644c2b289b355a112e89

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

          Filesize

          4.6MB

          MD5

          825fd49a2c03ed85153910cb1ce47e20

          SHA1

          136245358523b3a0cee0e8bdcc5a742a22afb542

          SHA256

          2fdd7bf6479511aada4bbfa4c27bd40116e7c9cbc918bfa67aed6bf3180caa0a

          SHA512

          84f1955e8b33052d5dc11b113ad40d0ca645dcf6773eb14cbf80e170799f955a9f0e1267065919cc65825dfdc8d89435c2af71828fa21ad69386db5e0ca03d7c

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

          Filesize

          4.6MB

          MD5

          76074d994b43d03acf16f318e5319bea

          SHA1

          ef79bba76d17615cd2d52f3e20efec7a68b3348a

          SHA256

          3a0a9736eb26b9769bd55c6d1cdfbf4d24e677092e413c05920b9be071676171

          SHA512

          c2ae2165a96e6f42182150d6a9f354ee2b2466a328ca4b277dca9e6ffe421af8353208184020ab6ad285e5123c27d549200faca33a98494133a9a0dfbfdfa621

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

          Filesize

          1.9MB

          MD5

          4c3ef7c749f0f308e0091c1bd98a49a6

          SHA1

          ff71e0b3149aad4d383b6aabe7b2519795a262a6

          SHA256

          716ae57fa74784429a4c4d9af26123d5bd70d0a420be31572f944ed060a1d06e

          SHA512

          13b016bac386b386150641926e03c956b0bd9ab6980924fedde9a363f424dddb2cefb1ca60cfc24becb39aeb1ff703c5aa0ab329d022793d7e088c9477b78c3f

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

          Filesize

          2.1MB

          MD5

          0da6386a0adc291a4c78336dcba2ccae

          SHA1

          19e957fff8fa239ec5d4d6a150d1a758c0ee8f80

          SHA256

          2d42898f9cea82068d659c3d65370e8a9d17184ee1e5400889b0faa48c2bdaca

          SHA512

          04cc6c4c38bd3b028099ed050128a6b040011e896cfd1d795a77d53b38aa61a9162080774e995fc57e53ab9973483341a763bedde0c8e2dda10ae73d1196cce0

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

          Filesize

          1.8MB

          MD5

          78906136556b9d9d2bcbdb7cfc4a33fc

          SHA1

          1a6bf3ac0aaa7396eeebf63159224e041dd73eb1

          SHA256

          81d9393e06be33fa5c52ba691738526d603ce61c5e41e579ebde552e160d87f6

          SHA512

          0bba75a5442a76a2952514ae9941dcd80c700459b49b1b22d8e64e3cfd2a45fabdc5c418f9d0ef30dacf750d8202f8b0ed4dc6d73758d9fc80ab032759ab4b14

        • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

          Filesize

          1.6MB

          MD5

          877132357f14d171aa28f904f3fb729e

          SHA1

          60249e7b9fde8a5854973866d49d8966d05d2095

          SHA256

          57b0fed35aa4fb5c8632fd785a3d6dcc6c412ed691bbf6c9f1795f6b87b3674e

          SHA512

          20627f977edf170449e71399ce43a5c48db0aa2bbd375591a4583cfc9110eb8827a04b0344fd1d18147d818ad6b72c56b29c778e15f2e40a212b307d7b55afdd

        • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

          Filesize

          1.2MB

          MD5

          69e1936fe8388f889e026d6beded050d

          SHA1

          fa59fae47551643947057fcff0da7b5e5f777350

          SHA256

          36d93584017260e341388a06540f9e210629a055d0bcf7b117649e93526c9c61

          SHA512

          506948fa53bdab12242498b5a655101a4497c052ecae90f61edfa149ab8ef7ae6d8dc66b33e80f9e80708ed32cdb82e290e1d4fea5663e4b6afd3925627fec75

        • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

          Filesize

          1.2MB

          MD5

          bb0faaf5b973efd9ccf1cc29ad374509

          SHA1

          5379b244f8e6025aeb6d839e6016e904a6114562

          SHA256

          bdc6689f010cbdd49f7df259be0d3c1146e7c3d2361bcd2bc2cf6065e236276e

          SHA512

          40cb36af9ea1cc41ad918e851319cbccf71acfefc102b0c45c527b60f07fd87e0949740305d7dc495f11c73c5b373974bad3d9f630a35744c3766110ec925d01

        • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

          Filesize

          1.2MB

          MD5

          6333e791a9b8521d54d7d137a48c4393

          SHA1

          42d13d693857e87016881555bd5ee7855341b016

          SHA256

          a45ea1c2c5d34c85b8d7f3b637d7f51d215f5520c7be962491d60e62c8d54ed5

          SHA512

          f9ac101dcbfd8b497ab9f2a7447cfa9aa1f0fa56d129ebb8c5409540859819748bcc5a5d8f68c07f39298fa9b7444b07418bd0229afc6ed867a2b071da6d651c

        • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

          Filesize

          1.2MB

          MD5

          f2088dd6bced1d530e0db3f12f74bb43

          SHA1

          1bf1939c142308034e051302b03be36fa2334990

          SHA256

          31f5ea7181b94f6281370c3977951bdf7e80b59bc5921dea897c9480c36f6187

          SHA512

          5cf7cf3452fb02ac41c3678524d0447a4b1fa60f347897d3e4949974a9c41a91c93aa82cb7c7aa68917723a9ed74d0d399a8d014d23977755508fbb71707f24a

        • C:\Program Files\Java\jdk-1.8\bin\jar.exe

          Filesize

          1.2MB

          MD5

          4b792f2e19df8f1776e6818a6869505b

          SHA1

          c78f715bfd2b75ebd7abd89f0d7bdd4218b40eb5

          SHA256

          459166062b68b0ca907d0ec11efebf4bdee9372a76dd42b49e697b8663e83b53

          SHA512

          e3bb2834abf157b54c4ef11da35cc8eadcaacd6fd8d67c55c1131011afae560e0be7e8f28141c7b20fbc83586e7d074eb2377c62db913b2d79ec811211f68178

        • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

          Filesize

          1.2MB

          MD5

          e22c56e2ec937f11976249667c324368

          SHA1

          caaf1d0e7f5f1e44610c56c7ad15ecc926788b38

          SHA256

          88ac83623186ecd3511b120f5d7cb98705d2b38abf22a619bc925f7d0286826a

          SHA512

          2adff9fcb523d548a83e24948f4ab690b466762dbf9dec0e10747ccf0239c78377c70fe0f41e16d5e8f88d9c2256711277a99112a885fdf95cddee2b24cdab3d

        • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

          Filesize

          1.2MB

          MD5

          d52c104a3161230a11ace27863b5f0cd

          SHA1

          44c1117e782efa493857f4b3bc04d2928791d216

          SHA256

          3bbfc1d1e31ddcc5e60e15ed32d83c8abe3f1b36490d392440a0d44791fc9bab

          SHA512

          cf991930f78886cc47bc89ddccf959facf952872915bf0370c4a0f5aa162dc02fdec8b1cecca4777ea824afaba9867cf0853b0d672dd0f66eed62e0fb405ca6d

        • C:\Program Files\Java\jdk-1.8\bin\java.exe

          Filesize

          1.4MB

          MD5

          c266c8573ee1d3fe962b0ba6c8a4ca0a

          SHA1

          0b772e648fefe4a82da03913a22576195c9048e9

          SHA256

          26724c1b3e5418dbb90945c044b172663080ba88f84b4dec8821036131aebaf8

          SHA512

          0d2da2d858d4f07284cf7350594e040eed01c601f3f918424f5851ea43977bc58af9c4e886634cc6068c1bdd0b42803b64ef44694ec3ee3100ac838eb21bd966

        • C:\Program Files\Java\jdk-1.8\bin\javac.exe

          Filesize

          1.2MB

          MD5

          ee33d66cacf04652296edd02de06a70e

          SHA1

          eb0e3b4cc8b707dd6182680ac607070579e178dd

          SHA256

          98fd8c1c774bb680a15421a14af1320e96a54ebd5e5556f1785c78f95e6ca7d7

          SHA512

          30e3140fe08213290b58c7711761c2dbc3c6573f16e4e1d5d6b0609bc3f47524df53f29498c63892605f54e6c140d196f7bcebfe0e335c8ffdebeac5ae17e921

        • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

          Filesize

          1.2MB

          MD5

          a5833b9a3d76d629925931b446cdc01f

          SHA1

          eb82e494dd6e01b85284cdaea06d49293b2e198c

          SHA256

          4c0671889f0b7b5fd862f9cbcd0520fe5d85247f1be360cae0963d39b2753443

          SHA512

          7326763837b4d868b6c5717a4ad1dddff3f8daf474f9c1f26cbe8229139e1fee8c3940befd5474504de8f660b253df33e3642370f0816afc9cf30f321e038a0b

        • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

          Filesize

          1.3MB

          MD5

          ee627258f5ffa2de2ff3253487722962

          SHA1

          6e21b9a46d7a3a79d6d573594c7b1b3a82b8c3d4

          SHA256

          b436ad49ca64d4378062519aa2ea5e9de5637ed4173caa1ee086f5ae345f7303

          SHA512

          50191cd08114011ca3580601b667f79509c106ab1a5c88628f8e3b4b8a160fafd09688839303834372cb8d56c235d90433ca43d93b402160b4edbddb67041b4a

        • C:\Program Files\Java\jdk-1.8\bin\javah.exe

          Filesize

          1.2MB

          MD5

          11baff0e1801aeb7b56b4f863bb1006d

          SHA1

          ec02ad1e5e89fab931b191688c9cf66361d7ac55

          SHA256

          9285cdbb89cc7bb5a3f413444044646408ca391c0cd067eda1e98c4fb46635bd

          SHA512

          4761828e79945d2cabfec29a9d411ac90647e9226c3d65d1cd3a16a6ffa3d143c449e67c2df5a69f05d6f9d5e8a15a33c36f0e072967ea7e7831d64ebd25a0b5

        • C:\Program Files\Java\jdk-1.8\bin\javap.exe

          Filesize

          1.2MB

          MD5

          e3c8f96a0d8dc5a19d30f2daf3778e6c

          SHA1

          d3909859ce57b24f6517cdb0820fdbf8020b6b3b

          SHA256

          528a881c2deefd1f6f8db865fd35f594042bb2285045ee624eed83f44ec90af7

          SHA512

          d4064d2145aa126f4f33cea9972b561d981d575ea1c5a85d7bbe7738f0dab2c22034a3debd8a9d558503fa6be36c9e7167d2c95376b2ab928851dc6bc9ca24bc

        • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

          Filesize

          1.3MB

          MD5

          30709ee142546b7291d872b5b5c6400b

          SHA1

          be683931d9c762e6c65e0daf470e234034fb07a8

          SHA256

          8fc9fd9f5b02eab1b59342fe56b3089256056615db924ce065829ed5729381e9

          SHA512

          8fc520af5e96e3138bb7a96409d1bcb8cdaf3a09f1aeed2a9c447f7e7881b33ec349b62aedcfe61aa22cc9c1a16bceca8fe7ca635785e0c3b05900ce8ca6392e

        • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

          Filesize

          1.4MB

          MD5

          ebbda667cbba308bf5254d927028de02

          SHA1

          0cad122acbded1e3760bd08264e27a0d02a42d72

          SHA256

          612c8b26b45ca7d7ce779a1283b20ff6492527f05901f1c136cd39617e11ad9a

          SHA512

          80e35aa94159a27bdf2f441dc5fc128a9b477d0edafcfd3e414eb657980afcdbc9a9b1d7bc3146372755668af46ec4bf68e66d0f6b607596a902ec3c6ccd1124

        • C:\Program Files\Java\jdk-1.8\bin\javaws.exe

          Filesize

          1.6MB

          MD5

          1082b5e8d1d3d02fb5273a70e477b582

          SHA1

          19e8c9e78e2e1d436dfe2945644ee5f470520c9c

          SHA256

          51c3bc5c97fb6ef3463b4a0b9a23be0f1267753f1737e30e99867758f0aa05c2

          SHA512

          ea75000b8919d52d0ff6ae5039899c7bd91fe2759d4250035f1ec9ae7a953080a76605b9f88d4c864fbb997be336cc15550753eca4c00ab8f9a4392115ba18fd

        • C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

          Filesize

          1.2MB

          MD5

          2862f06bfe020759df01b006973a69ed

          SHA1

          fb05c5ab81e86dab9e816c3478044932c0e83a4d

          SHA256

          f990bf03b968aec786cde858f2e364f84c7fc9f701c5432e677dd334f2471f96

          SHA512

          af55d6231763b83c4febf7f67f5410fd207266d26c7c65e85d220d1547e76a099a82abfed27867222ce1d4fb5196c2f70e628a0762842453e98920c89795de20

        • C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

          Filesize

          1.2MB

          MD5

          0be0e3497600531a5c13c94896c6bec6

          SHA1

          f9acde7413a7731f7a14415ecacc7a5352f8703e

          SHA256

          51e9abf616d4ae07ac0ee0ff601ddd73bbcde9e9ee55900a568b937f57497cad

          SHA512

          60a0458f217d66295dace1098de15a695535423865b90f6fd715786546fb30c0e79c1757db392ef268b2a64b1d16284e2de804d03b6fc581318e8bc98ca86f0a

        • C:\Program Files\Java\jdk-1.8\bin\jdb.exe

          Filesize

          1.2MB

          MD5

          47178475d5c55e153c07e60cacf815d9

          SHA1

          8067dda3a00caf8988f4daad29c95392ddc383ea

          SHA256

          f4565d8d105d306e1f6205382c5f45caf058491521eaa56177726d69cba18fb9

          SHA512

          89341805c83e8a5978e9f8011856fb8c0bfe3d4a7de58145a16b25c2fa22cf21c6d723a57d76092e65fa6ade3136f16ce4b3d4f480d0060192db786334f51e06

        • C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

          Filesize

          1.2MB

          MD5

          5b61c436dbc1dd23733a67735a066813

          SHA1

          0f3b34f8444a4047c5358f51210edf5c4db6356f

          SHA256

          c5578b11e6d292a2c6a25b67153006a48013ef7c67bfef5b830292b728b1cf65

          SHA512

          e1c8843410aaa0f3ee26cc92b55ba1036ab1baa688a37ac35ac2d38df2582d6c43e6ec298f12fc0f103dc41d39009eba9e406ed97071aaac401aad46f25923e2

        • C:\Program Files\Java\jdk-1.8\bin\jhat.exe

          Filesize

          1.2MB

          MD5

          2802e5d5400657d8b38d8292b20b2a90

          SHA1

          f26d4417178fa15f1ab5ef3c5ba37d00a0828c9d

          SHA256

          896a6152a0717402083d1c6b38de5cedc36ca5f19476a41ef01226703a0c2e18

          SHA512

          e91278bed45fae754120db4c03b4e659de6b10b45873ebb37a864e75be8ceb7d83e870344123fa1873d107245dda57d6b2e86551b7e13d0e8f3b2b6585381557

        • C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

          Filesize

          1.2MB

          MD5

          ea5e1bf79cb51fc79b3c3674f2a016b0

          SHA1

          f1a385678cb5e09b91fbbec2cfecdc735becb9fe

          SHA256

          2e216eca12d335984b9c73b88717f2f140f2100af460e1c1d298cedade1a5265

          SHA512

          006fb844b4606194049c058b9b8ed486f94585ac82851e97b76e3fad57cc40dbda71742e578fb18911f948131c3ddc65d89bf1f79b57b73ebc43d9150c35a113

        • C:\Program Files\Java\jdk-1.8\bin\jjs.exe

          Filesize

          1.2MB

          MD5

          293734ab748bd2c0b6c8e449bd2fb2b8

          SHA1

          1df23f7f5bc8223aef772a0744b8ce3a1176adca

          SHA256

          0cae26d8165660291f0c8b94b3ffb2698eceec0db06e2fe1080e2cd9775e1bc2

          SHA512

          86dc0bd30730c6e7eb37148ec23c1c965c3c6892a5019c5a2844f5a63d9a548edb090888dbb8cf26a5dafe3dbd7a13c8a4b99e11e6a12b88c8bd57cff56f2919

        • C:\Program Files\Java\jdk-1.8\bin\jmap.exe

          Filesize

          1.2MB

          MD5

          7081132e372923bd5544b3f1f4ff181f

          SHA1

          fd2b01132e14e72454f6c4fb9a23559a236a18e0

          SHA256

          cfb90fe9c7c7dcfbdd3e7d0bd10ee16d27b9e572e1f729f755fbe34692cdac6a

          SHA512

          f76891c29adcad4cb30caa6e6b86d8f8025190e3426cb6181df1ea288f031f1546787cbee5dae1b7fe5efa1a3e1f5a70f3119e63ef5c677e7c89e963ac6ab18f

        • C:\Program Files\Java\jdk-1.8\bin\jps.exe

          Filesize

          1.2MB

          MD5

          230fa570dd244b494877b46b60240d19

          SHA1

          4fa9e0cddf06ca61c16ae05a82f7db78d01658b5

          SHA256

          09588925c0faa1009ff8c96618f4562f059f4be066465cbbf52cf319cdee7ee6

          SHA512

          a4c554bd73a491aeba725dadd62f3c23e84be76bd392d4fb96f177511eee8a22649db574f94162c8ee7e0b641cb4d66277e5cc2f4ecd099f6f34ce91d9e1deef

        • C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

          Filesize

          1.2MB

          MD5

          c1a2fc731e75bfc8ac1f8750fc0d177d

          SHA1

          7f8cb0942c39714c0bb64839c1a374fd4dc3ae51

          SHA256

          67eafbd915c7238961f06b8619eff7b4f965d53b1cd9f7af25cc93376332b128

          SHA512

          9bc88d3cc95ca4407e8656a491ca73fdc39d74ce02b9ad13643b311b3fe3f8bc21c4ced4adbfb1098ae8b228c6793edc553bfa238d5b511417af71cee2582952

        • C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

          Filesize

          1.2MB

          MD5

          90ca4ce7256b2352e296c8f215d4402a

          SHA1

          fab39c614c46eb1ef8460ec7432f9e46a1f16172

          SHA256

          9f21a97eb4748153be404382b6448f2b073a88e7323972c300721afff14d3be3

          SHA512

          b850dff38e64e6b1af98f91b67aa2427039fcc21385212b09cf2d7ed90590acc48a4eae3635168d7cdbef94ee67dd78cd9912ddc8de5929328e4a00a81b5d7ab

        • C:\Program Files\Java\jdk-1.8\bin\jstack.exe

          Filesize

          1.2MB

          MD5

          37549de9777591f5d1522d4b8d47e29e

          SHA1

          14ce7d68e9e25636d809c09a0ec3a3d8464c3d63

          SHA256

          c12d6e8185d1cd91b530166865369dd39233a81ca2e2bc2817f7d7dabdd69d3a

          SHA512

          60dd2090170b8a4d0cba07499a3521474681f999c1a3e8929e0146d854ca8459ef24d6f97bc8b05265da6bb747a8c5e06d83d532e238950cecd5e0a6d6ea8efc

        • C:\Program Files\Java\jdk-1.8\bin\jstat.exe

          Filesize

          1.2MB

          MD5

          afc273946dfe27bd1db0788a1365f500

          SHA1

          bc29a94acc31c7e7bd1979949688f68148d80d96

          SHA256

          88c0c6f05f2c431dcf6bb16d67bde7f36c59b71b7f5dc4379ae6c2587f2dfa57

          SHA512

          e281a8acc61b818371df12ab5213319a8591ea9220df998d160391e1209a9a0ef4098f2ef002b2ca279430e5911174c8a5ac1a4fde791b5d043b5cdd321d3199

        • C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

          Filesize

          1.2MB

          MD5

          eed59212cc032c40726b8453490f2fa4

          SHA1

          fedb82d2e40340984af855aedd3ffca0a7a71b4a

          SHA256

          191b186e8862478808de1cde8908cf83423ee5d59f46f543cdd3f737d798cdce

          SHA512

          f1c2d547de92e8797cee0ba97fab4ddf201cd8acfbb5970d5c050a6ae587a222ca68d6585624d81aab2d950cb59a5238268b8bafadba9bee5c8f0d510ad0b524

        • C:\Program Files\Java\jdk-1.8\bin\keytool.exe

          Filesize

          1.2MB

          MD5

          f6f42f5d96075e4a320c559eec23cd67

          SHA1

          4d61ba9262d74f2f7c0988b60a0bc38f0f0bc5a9

          SHA256

          1b6608586f6e8d0e50278ec0ddadd4ba7ce4fb9bbac992646f4cc7b2062d5070

          SHA512

          b6835594b01a514b9c5d09256027bb2e1ec28e5c092499f29b2c352b1ae41b33f84cb6f94eac9366c57990882b3d9c6075bd4c19cd64de20b48cd3d09bd14749

        • C:\Program Files\Java\jdk-1.8\bin\kinit.exe

          Filesize

          1.2MB

          MD5

          d93a80b9dd9debf51802dc532bf0db3e

          SHA1

          6a0bc7a524f18c43e074aaa0e69347c1b141fa52

          SHA256

          8a94ace7bc9e8517d74b88703c72ba4967ba8a7d027dd0eae6d90d5187d04d9f

          SHA512

          7a0b206bf45048b71a1673cf5a72ea92c08e3011ec923b4b1da8b9ee20e04e0af3158c67858a74e244e0253ac38dab2fdba3f6e5a8abd127ee93c3bd8c17ffbb

        • C:\Program Files\Java\jdk-1.8\bin\klist.exe

          Filesize

          1.2MB

          MD5

          df95d7d9058ff28ac5c39362c9ecdeec

          SHA1

          f274da648617e2af759b238d3c334c0a94816e4a

          SHA256

          ae4fda044ce79032c956bd0eb562cca9e57e69c4a7dec7d5f22780001095cb11

          SHA512

          1124791bbfb090507c75d5874c23190d4d4bcb4a3028771d3605b128d9cfa65f2bc31480b75dfbe1df0eb44b6674587d69e1fa9b553e6a72991c9c4b4992ea72

        • C:\Program Files\Java\jdk-1.8\bin\ktab.exe

          Filesize

          1.2MB

          MD5

          262bd10490719851cc3c482df144246a

          SHA1

          631d0463e978857bd503da2daa00e807f46822bd

          SHA256

          46fe34d29f1b40343f404cde4b5aabe9d47f2e9bebc5666f6a74597d1e86eb84

          SHA512

          1f6271fbc89f451f91a262794385bda9b291a043bb043c53bca85622894e975451e7f1bcdd705ebfd8c179221c5dd20e9d3acdc6ee41a646e4d59eccb39d2d9d

        • C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

          Filesize

          1.2MB

          MD5

          88a5d1d7472e9cf439517cca326ed469

          SHA1

          c92020de70e663084e75c90df463f15df5f3bb79

          SHA256

          34e18f3f2b0fd1aae531329494cced3f945565320b40c35b2514bf7d036e367c

          SHA512

          4c533f1d947a166c472c5b0c5372a732d7f3a685a1a1f62cb66698371eba3a8ba378a1c9b626af2222cd7562e6382fe05bda3eaaf6a566f495647c9976d0f10b

        • C:\Program Files\Java\jdk-1.8\bin\orbd.exe

          Filesize

          1.2MB

          MD5

          cd876260787fb11e8c29c02cc1de6f77

          SHA1

          3a5c8b97052b3510363f5ddfddf3d4b640f3cd59

          SHA256

          bedf274108db204b01a37c2924c92f6b79e200b56cf9b0a63433a20701cf52c1

          SHA512

          8c61be4bed313cf6bcf25e5486a27aa1a2c843cc7ba0726ce6b04056cb2480392d3ce52b2d53789e9c2b80d5c74e4fa441d97e9566668af7b2f1a554b12a70ff

        • C:\Program Files\Java\jdk-1.8\bin\pack200.exe

          Filesize

          1.2MB

          MD5

          ca71f31bbf51c19247ce740136151221

          SHA1

          8bfe9cb24e7b88a1e9c33738000949db24f4c8fa

          SHA256

          7abea65cc7592a76ffe87c3758bbd86a4097c5f4f5fdae3da6ad17d3ba570619

          SHA512

          f34ae183b0198678dc4a23dd23eea28255a03c6d2ec484d99b574d38182def325b193866a2842e3cf7284edf53bcaffebb88cc91ace3d4025e0d3d8497b65032

        • C:\Program Files\Java\jdk-1.8\bin\policytool.exe

          Filesize

          1.2MB

          MD5

          19a52b0d87bbb082b0d0ef74984f831c

          SHA1

          48b3762fde9ef0e8d7418f27bca84b43db9d7b52

          SHA256

          e0082b36a96dd9326ce0729fefcf32d3f08e3d77e8f310a785dfd39b63886201

          SHA512

          c50516d7deed3c1a1854f235dce5c2eaf24db859e996b9ef8bca8973e959856d326242de7d2accfdd9d87d75749f90ac8c6db23c3a172307dd098e6a9392208f

        • C:\Program Files\Java\jdk-1.8\bin\rmic.exe

          Filesize

          1.2MB

          MD5

          5e9b9a30ed426d9a89a6d11faf0c3b07

          SHA1

          0efd2c9ca60bda5519f5976fb812cce8436efc1d

          SHA256

          33189d548b9893a213b5f0cf9c1a51791d6e44ffbca0acf5750b8b5d2c3330f9

          SHA512

          e46ed6e156cbf3772b211883a8ae0a6a38f1ebcedfbc0a683634cd7c5d7b5251c4b850a3c1041b00f9d91aed44cd06f37c3aa947dd5d61751cdb27b8541b3d07

        • C:\Program Files\dotnet\dotnet.exe

          Filesize

          1.3MB

          MD5

          0e26da1471ac9c61d131b36775a8401f

          SHA1

          231b8947db47c69b8e08d0636166a20156af5054

          SHA256

          97bbce105bd38196e7d575601d15410ade03db572709fe7511a9419290f705b1

          SHA512

          7814c5480c91d151b4b9bb65b2218e94e18b2b574f3da8d06bcda65c1fe74aefdb21325610b3884cff160fc24e8bdbe86f1f8e942f2459dfc428bb0661c11905

        • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

          Filesize

          1.3MB

          MD5

          b024eb4d2e944e9800c0b7b24e90d19c

          SHA1

          5adf4307e45bcf9cf534f773916c31c829cc0a62

          SHA256

          a54629b14a18343e4a5812a019774e5fe2db4001ec7bfe3af6b3dc98d0f6aa8a

          SHA512

          3765fd2377bd09bd509b489d8d4407d7ce78c509c16fb8ff5c0220fd60fed7eba3030b7a425f3abf3cbae5324e80a9073dbaeb6ab4656adeb3f52f6c9133c28d

        • C:\Windows\System32\alg.exe

          Filesize

          1.3MB

          MD5

          35f7276acc97ab9473867bb47d157676

          SHA1

          d5617ded2737c4780072f9a1bfc67bf84173f881

          SHA256

          a79a93cf98e35133e960d16eedbd7c71afb9571c786ec03c037df03363fc0b79

          SHA512

          ae80848b1c99cfb08154fa48e566e1fe8645c2d34f64979d790ee9a1f93f497c6812f915a9cc7533130a61f9c114dbd2e1352c574380b65b8e900dbdb88fc83b

        • C:\Windows\system32\AppVClient.exe

          Filesize

          1.3MB

          MD5

          747bbee07efd356f6d30c1cd92b43088

          SHA1

          503d289774c62325baeb89c517b228698719dbb8

          SHA256

          b36a409efece478b15d4fc18b553098f6ac9ba36f28b32e6e637a4e5cbafa218

          SHA512

          09162f5e8ef9bee03f927cacc72850a856ad3e826ad3b581e66d0b7a7df37621a5d3fbe35973cae3d25fa2b101c921e65b03ece109bf26e6254eda014b61a222

        • memory/1344-51-0x0000000000C60000-0x0000000000CC0000-memory.dmp

          Filesize

          384KB

        • memory/1344-50-0x0000000140000000-0x0000000140234000-memory.dmp

          Filesize

          2.2MB

        • memory/1344-246-0x0000000140000000-0x0000000140234000-memory.dmp

          Filesize

          2.2MB

        • memory/1344-42-0x0000000000C60000-0x0000000000CC0000-memory.dmp

          Filesize

          384KB

        • memory/2036-82-0x00000000007B0000-0x0000000000810000-memory.dmp

          Filesize

          384KB

        • memory/2036-76-0x00000000007B0000-0x0000000000810000-memory.dmp

          Filesize

          384KB

        • memory/2036-88-0x0000000140000000-0x000000014020A000-memory.dmp

          Filesize

          2.0MB

        • memory/2144-241-0x0000000140000000-0x00000001401E4000-memory.dmp

          Filesize

          1.9MB

        • memory/2144-40-0x00000000006D0000-0x0000000000730000-memory.dmp

          Filesize

          384KB

        • memory/2144-37-0x0000000140000000-0x00000001401E4000-memory.dmp

          Filesize

          1.9MB

        • memory/2144-31-0x00000000006D0000-0x0000000000730000-memory.dmp

          Filesize

          384KB

        • memory/2488-12-0x0000000140000000-0x00000001401E5000-memory.dmp

          Filesize

          1.9MB

        • memory/2488-13-0x00000000006E0000-0x0000000000740000-memory.dmp

          Filesize

          384KB

        • memory/2488-22-0x00000000006E0000-0x0000000000740000-memory.dmp

          Filesize

          384KB

        • memory/2488-206-0x0000000140000000-0x00000001401E5000-memory.dmp

          Filesize

          1.9MB

        • memory/3692-0-0x0000000000400000-0x0000000000611000-memory.dmp

          Filesize

          2.1MB

        • memory/3692-28-0x0000000000400000-0x0000000000611000-memory.dmp

          Filesize

          2.1MB

        • memory/3692-8-0x0000000002450000-0x00000000024B7000-memory.dmp

          Filesize

          412KB

        • memory/3692-2-0x0000000002450000-0x00000000024B7000-memory.dmp

          Filesize

          412KB

        • memory/4240-60-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

        • memory/4240-63-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

        • memory/4240-54-0x00000000001A0000-0x0000000000200000-memory.dmp

          Filesize

          384KB

        • memory/4240-247-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

        • memory/5052-65-0x0000000001A70000-0x0000000001AD0000-memory.dmp

          Filesize

          384KB

        • memory/5052-71-0x0000000001A70000-0x0000000001AD0000-memory.dmp

          Filesize

          384KB

        • memory/5052-84-0x0000000001A70000-0x0000000001AD0000-memory.dmp

          Filesize

          384KB

        • memory/5052-87-0x0000000140000000-0x000000014020A000-memory.dmp

          Filesize

          2.0MB

        • memory/5052-86-0x0000000140000000-0x000000014020A000-memory.dmp

          Filesize

          2.0MB