Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 17:56

General

  • Target

    2024-06-11_62dc1eb28383848426241e5df4d75e8a_bkransomware_karagany.exe

  • Size

    1.5MB

  • MD5

    62dc1eb28383848426241e5df4d75e8a

  • SHA1

    d3d8d21db3b2c7720e291f5a5325d20a443bfe0a

  • SHA256

    40b6a7971355aea4044063727641fcb96e5482f0419ec1eb6d87791c8bdd9532

  • SHA512

    6bafc891cf14e7b33dd416b09f946148263292a7dfc61516091ff28d804631d5aece5b1d33f5154de940800f4855d337ce703138d028b8a40de63c9647a1ef6a

  • SSDEEP

    12288:IvXk1t00UzP17kFQwzY3aRRJ9cpYEGxH+UegDKuhNpRO:sk1Tyd8QwzY6RHlxpDl/pRO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_62dc1eb28383848426241e5df4d75e8a_bkransomware_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_62dc1eb28383848426241e5df4d75e8a_bkransomware_karagany.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2944
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3936
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2672
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:432
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:5080
    • C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4748
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:2600
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:736
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4456,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8
      1⤵
        PID:2936

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe

              Filesize

              2.3MB

              MD5

              558e330ab87f959e0cb2082ed6e39b8b

              SHA1

              2d683e5dab51fbf206a82565c9e37eee10f84e72

              SHA256

              5bd0ac9ba81008d8c7dcba89a0c270f241647c71018352e2e616a9e0014ef419

              SHA512

              8d4a83706395c3b44ba807806f7600c52a025196413e50c1ae2071511430456df6fed98d7fcedfd12772fa7ef49dafe9bb2c86d518ad05b73e6f2af6a31cb52f

            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

              Filesize

              1.7MB

              MD5

              ea13e28bc61b4bddd2d050f27de1d42c

              SHA1

              00cbf6779554045b5aeeae416a1ccb6fc2ad8f50

              SHA256

              82b6c39b5a1b4bc0cb4bfde1618b2337f63599443a9910ed96e02e82c3d74e25

              SHA512

              c07310c9ca55cbd6a72e0a8139dc1b762f8a94e6d1b7133fabbc25ebdab2f08a6cb23df743bb6e07b06773feec1320113fbfd1db52d89caaf48b28addd1c4204

            • C:\Program Files\7-Zip\7z.exe

              Filesize

              2.0MB

              MD5

              82a5f816f4582dbefc2d75666e8068d7

              SHA1

              391880054cdada1ef41da0b51282fe31030402f3

              SHA256

              fc28c84ecec5535cfa2ea5b43d03a29160bae43bdb636b0fe6c91e67172101aa

              SHA512

              95492f0b53f30d7750e490c764b1a3cc9254add47d75d7d30997cfb2e710c0ca8fe65dd9587d2a0b4851392a78c186d386ff8e556391b13719e48d2821192d74

            • C:\Program Files\7-Zip\7zFM.exe

              Filesize

              1.5MB

              MD5

              22d8c072055c1f530a83611519fa0007

              SHA1

              17cb77fda381f61e5ed3df891c3f45f1305552cc

              SHA256

              7f26888f134c2fbeb31d0352b120b43eb01c0dcf8eda8af7d7e68cff17e96cb8

              SHA512

              1cd80729b4026dda8f18b08eb850969dcab07caada58a995bca55819124e43c7f5f6f71cc829991328911f52b99342302d069ad58959d86b62b06b3ca9e54a86

            • C:\Program Files\7-Zip\7zG.exe

              Filesize

              1.2MB

              MD5

              c7b79f87939906d6905b6531a237cff7

              SHA1

              44c0560e1a679011d7eee89bf4aebb26a9bd37ce

              SHA256

              dbba323b1189fa11cca90afd8cbc3fa04991a63371a1398a76fcc942e7372ded

              SHA512

              1261f76716b7445a5cd2a97cf4b5e919594f3b8e3a0a86b53ebe7c77b39156f5f50c4460a9c3964889f5f2c98a34d9e5fc7dfc11a63c578f7530d9aa2c1cfbc8

            • C:\Program Files\7-Zip\Uninstall.exe

              Filesize

              1.4MB

              MD5

              c4a6ece7debecb4fb91f3548b3889dd9

              SHA1

              b54cba8ffb341d595687af9d4a28c9e5aea589a7

              SHA256

              f088ace4ca54b651d53b72a82e3a366b146558cfa73d27c6f9c784dc0d8901cd

              SHA512

              9a1846e8cd25e90c754754472a05216ac1023cefcdbeb5464bc256333dfbf06748c96880857a3b61fd92f5a86bbbc862ab8ba5ce94da5d05e78953b4df33b734

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

              Filesize

              1.7MB

              MD5

              7e831127e5248598dfa89b138b0d578e

              SHA1

              485a6b19a5357eb0e2dcf2563960d52ddd331eec

              SHA256

              dcdfa49693020c2dad4facfc7dcfe76461f26c8b949243190ec7a4bd9cdf8120

              SHA512

              bfaefba60842cd43a622464d5df851b17a767f520664b7e3cb0a11c62aead1d7d26aaa6a427d55763d045ea23c67b7f4e104472f31e6671d253ad77d8142467c

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

              Filesize

              4.6MB

              MD5

              40eedbe2e0c7cfa38d12908cad3325d2

              SHA1

              0b22d7fb50df76fee0832f7646b604075652e058

              SHA256

              62e6c57ad412f68eb9e4a40e3f7a0dcf905d99e9e836fbca7c9283bfb3ff4c45

              SHA512

              c35a903b5b51b177b0e82329cdd4976609d5ad57fdf08a12d6d140b5f23274c38ad5775a38dee13604683dd5f90f326356ce20f4976c41ebada8c06818541fa0

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

              Filesize

              1.8MB

              MD5

              1800b10806223260666c57e40d440308

              SHA1

              044e1a5ba4e91eea7cb019f7356279e925aa28b0

              SHA256

              12a386c316996a8de33ff488a994a9d0a593fe73ceaf4224e7bd6a778571a5a6

              SHA512

              6c1f7d54f5c79d37d0d213a695c5ea0d6e01274030b17c978f14c2c973469edb330da224534b4e2cb505f2a77ca508f1000c30bb0750d7ddb467104d0bfb5aef

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

              Filesize

              24.0MB

              MD5

              f4baeb8be25da5924b78f9a76b62bc83

              SHA1

              8c6e9ab70823ec71b9fe5e97d00a265e2abb4558

              SHA256

              ece7f4cdff2e8da4b37d5bb881c96ed73abcd9817f2ccc8de7f98b428f0f7fa8

              SHA512

              aad31d5731ee5fe6d1b2bb96dcc7a7535512ce8dfafebefd2b02f129a1765628387e820c3eed437636f697c424f2994c191d3d0cdc329b213123e7b95e08d9f9

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

              Filesize

              2.7MB

              MD5

              71ba3abad42981018a437d6932264a80

              SHA1

              2c3345448bce6e22ba038d018a32a8afd05eedaf

              SHA256

              555df1c4706c866c26473f24626d18f15fce4d273a005d05c280b964a4d2ee64

              SHA512

              c474b0846f320836c9ba57c8a0fc0fc7c116124fe7bc27a36a0bf44e7b38adac870a2ca56e5ed9eb8b54fe077cd2ab259a605095ace3b3f70408355f02218a21

            • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

              Filesize

              1.1MB

              MD5

              ff967c659590f010e819fae8629cb4c8

              SHA1

              ec57acd284ad8c0981440204f1afcab56b7d7320

              SHA256

              3eb6dda9832c49a7fd7e278c1c21dcac5061d33d639b69b1eb71d2444b6fa3a9

              SHA512

              ee71e5b8066be4ddf0432ef33f5822b36cb1548e1254ea45d4a85719b6ddad4529faf318e90f7289430b435cd47c33de746c7b3c7f0dbed3dda1e812e0b4cd7d

            • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

              Filesize

              1.7MB

              MD5

              032746a491e0d4800d6c055c88aea879

              SHA1

              91a651643f679875b2e86fc7f27db82b39891371

              SHA256

              d15a0db14996c10247e57dfc402fac774a6045eecf34b9c2dfd5a18f23f5769e

              SHA512

              e6180a19248f224a764d4aeccbe61b2c2d72c9b05c9ba32e9bd8047f1564a569d16d6dba3f322bea9e90c1774a76f92ff7162ca2a76b7517d2fc8cf6a596489c

            • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

              Filesize

              1.5MB

              MD5

              48945fec3a4ec0b88618755442e3f7dd

              SHA1

              3db52d26ab2e190886c77061fa0008f53b8af760

              SHA256

              4aeeb52392f5f46656d48b24e9d328e2b41b72e832791da63ef1cd4c5f9751e9

              SHA512

              28cb263b545ecf3434cf3f84d694156859a0932f0fbe6fffcb8e4380d23fa7156fd69983acdbb0b566cfb263ac59269e81f1bf552c90c8eb0000f25b6c585de0

            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

              Filesize

              5.4MB

              MD5

              322f5cb86fa09ad6f06ee92cf1e08148

              SHA1

              4394d0eef1150d1bcf606134541461a0645690ef

              SHA256

              88974d340e3b1bd61a6e80e9eec9fea7dda485e1157b24b87e0b16b2b98c2cd4

              SHA512

              6290327cf9aa5b62287c5cda391bf3d5baf8b90e3a7072b58911c1da91261b8faede6d6febeebf9b746a351b94ef9477e0b4761f4736c07da15f2b0f1a388fd8

            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

              Filesize

              5.4MB

              MD5

              26aa7236771b936eff10a423f680c8f8

              SHA1

              bbfaaceb9326261c7409feffa8bd74dde2c70ddd

              SHA256

              02003e539bd222d482530bbd0a3c54dfbf1f8c53cf375a3570cfdb0bfce25132

              SHA512

              ee51262674ee378d966cdd4832af7e3a717c63f9613238e21646c08617cd7a98138d59a8ea059b8a18ffbc0f098045e16b2177abf8586e3823c6c48950219dbe

            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

              Filesize

              2.0MB

              MD5

              b039115868888ed8b4a007221103f936

              SHA1

              0b5e2306b7570ea08f789640e28e700c36421177

              SHA256

              c665366b7077e8a4566c5211a96c430c193491d16526a40d1493c4acc97c6770

              SHA512

              00ada8e07ef9ad5582b5493c7090271b68a7d8a073972bec5dabdf0681e9d569d34f5527264b2c1c15b7b72f7cae08baa656176886b7bebef29ad8c805598bd8

            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

              Filesize

              2.2MB

              MD5

              39b3f2d1a7c1989f9e74d59984502cf8

              SHA1

              a9a3443f3d2f5428e679c6584099e24914c7d03b

              SHA256

              e025208cb488e1f83a3ca4ca6826c33ff6da9b4792005ac1208080496a66194a

              SHA512

              3ef7846145d838421b76c37aff92048c6c3aba66e385e3ff0df30ddd3869a9bc50ccf6fd3add9da95f371adb1f9ef64bc29e3ce0191ebc22aca606122013c5c6

            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

              Filesize

              1.8MB

              MD5

              328b2843f054b13e7cc3914a0d78164a

              SHA1

              c44c532940e60b392119775dcc7eab3f3270693d

              SHA256

              be16a1a1d6be2bce3888cbedba739a10e2ffb49b0aea5fd0d67a84503ffe9a1c

              SHA512

              fce01eaf011c7afb768abdd756bf3d02bcbdee85602f23617b3423f779b2857c4e25c58138b20871966de3fe2fa87629847a3aea3ffd82786cde1e35cae57b47

            • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

              Filesize

              1.7MB

              MD5

              336ad6692fc756bdfb6feb5ec22b646c

              SHA1

              01470ddaf97028a11217c42dc30e58327382a1f0

              SHA256

              a25496e03eee7582269ed35b68e8a73207f5ce82d56ce923f166a356408ad016

              SHA512

              0a13ee1e1c08a6b9e33685752d56930166f05e9fc7a3dbeaa460fbee26b2253da55247fa8447cbd9b867d8e72dfb808d2890e3a94c7cccea8246a7fa6ddf1c91

            • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

              Filesize

              1.4MB

              MD5

              0867f316f60d044ed48bf0e7649d01b5

              SHA1

              876be9aab8d5c0edff9c4722f522d0f35c8da94e

              SHA256

              539b06a3d0c0141f39e2c92b4721b8f56b9c1918ba14e8f69ee9d4d41999de6b

              SHA512

              0e3daaef24a164d07fa55136a1567432f5f2e4d248b528f983fa31b5b8c134b9f0d17e39a8d1e5371bf50a199ed8716ee9c2f0742351dab231fbd70306b9899a

            • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

              Filesize

              1.4MB

              MD5

              4cf25c8875066da4ea4a216be5e811da

              SHA1

              e2041a331a000d4b5072c35bccdf3b8688eeba13

              SHA256

              4edb6cdf2302ed35f452a2f78ed3dc411ff80ec5af89f3932eff07fc4e8ff5c7

              SHA512

              0dbaed1b957e8188c9b955a05f6e0a58c61c2a0c4108b9845f3645e4567322ae9c4285b010b9e576a17d4445ee6d9d8078a244d1894bebc00043cb6d695ede8c

            • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

              Filesize

              1.4MB

              MD5

              ccec1e1c49a483ef1e5ffc51119b5f5c

              SHA1

              46bfcf512d1a77c5dd2ec9507fff42771a49fc66

              SHA256

              7a1f7a3b2d375dd594c0868188b8c7dc36b18053d29451b47317caf296b6a546

              SHA512

              c2e52227783050f89522dffdaf33e477ae57eefc9fa80c575954e5c95fdbe7bc14dc2877e4c05a605dc39b3b79f5f02b5dceb796c1df18d74af2348e0cc32f20

            • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

              Filesize

              1.5MB

              MD5

              18d6ddc32b5e11ee7c167eed098ce020

              SHA1

              23b78b97ed21947ddc7661487872a701d348436b

              SHA256

              134580fcee8810e11555bb340b0eee3e97d62d4b24f375faea8411977a1946a0

              SHA512

              a30d9584fd072061ea56b569d6dd6cd49ffd1e54a79d3066d54c9849ec18d4ccdcc73cf90fc84f58e5b3de4f4f822f9bed7518b23c224f144445831ca353dc7b

            • C:\Program Files\Java\jdk-1.8\bin\jar.exe

              Filesize

              1.4MB

              MD5

              f01c2738f1ab960bdaf74108ed712aa5

              SHA1

              b142d4641b85b954a9ef0f7c114a1a3494516487

              SHA256

              e546b77809f1a85ab1f935453cf96ec751ecde2d233346fc9ab530d398e8e24d

              SHA512

              81b2cfc41a93b327dd19b19a096cef95b8901a8fe965086eef293a7ab1cbe82a21be25f1389bea74b6a1697c3b8566bf40c9e5efa0e78196b502634a6dfaef0d

            • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

              Filesize

              1.4MB

              MD5

              0567c9879a3de1a8cdba7b746f015b79

              SHA1

              f1cf3588eab5f912c12a20058aa907d2ed02a3ff

              SHA256

              ec739131d6d7cd691ff9958baf5af1ac53b0c1ff9154a7db773c552ac2f513e8

              SHA512

              9c2381a8d0466282d2e7e5f34ba63d8197f6f602d858500328659649cbb1ac760ba9b284b5093bee3bd5fbd8195311d4891104dfd053333df336642651960641

            • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

              Filesize

              1.4MB

              MD5

              8c742e15684b43db24a00bf441b28bcf

              SHA1

              fd130fe5db31240b100dcd3c515dac38a1523b78

              SHA256

              0a74ff01a73b13d532ca14a6ca842641d5feb9fcdbf0bfb33b654d43451cf212

              SHA512

              eb3d5c44f9d7c1ccfeb04d57d200af72907b7fcfe2a76c52b99a3476b0d83267c8caa765fd2a370eb6fc5dd109ace6f080b57a4c3baffbc9a8013da4523c2487

            • C:\Program Files\Java\jdk-1.8\bin\java.exe

              Filesize

              1.7MB

              MD5

              397c811830755556b7b25c03facd0c3b

              SHA1

              a248af266d8e5ae7027f2f4f4eb1a1f892fd6e73

              SHA256

              d406a0109eb0b3dfa72f056a1260ae64e7602d0c5293f8d6395e4eaeaaf1a642

              SHA512

              9a65bed93212853e81be9697d22df6359a75aeb99c29205991c8f22acfe1250bd445a5881b993b011d7fc9d813898c2e3790540cadaf493485ee0cc7b2bf52e3

            • C:\Program Files\Java\jdk-1.8\bin\javac.exe

              Filesize

              1.4MB

              MD5

              b0d6077ac0eef61ce56acf86ea7056e5

              SHA1

              e712cae63aac470256ad9f17f4414ba8fdf5eb16

              SHA256

              21fbdbbdafb33a36e3a8ecc040cbe05f68fc38bf2835d09993859dff5a7e448b

              SHA512

              0bd81030a795b78043779dd6002d3ad8252a4caa67c4dae481afb1e1fc8eab1f7fcad124c7aadf4a5d5f9f064288d8e2811615428557bbbf0162323c81f29a63

            • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

              Filesize

              1.4MB

              MD5

              aeaa30059572bb138086d367d369745f

              SHA1

              7349e5c3b60a7d2201079de78b48f587a6a51ad8

              SHA256

              bf47a685827812db08cacdb4a270874d9b416387730d684ccff161d435868146

              SHA512

              2516ab0f8899b52a3ade513ad4504e6d9f1c99868c9ebaf1c98dc7442c708a295281aef7e602b8e89833cc9bdb370482381b2eb4d609ad17b46e5bf37fa12325

            • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

              Filesize

              1.6MB

              MD5

              166c09f4a33b9c8b016ac1438e763656

              SHA1

              2c055c26b0e2f6005fb0b5f30e9774e82f107bbd

              SHA256

              afac0a76f5cc591db47f70ad4b402c03cc004dc26c48b8e8429615b06b270500

              SHA512

              0002233af5fd43605b87f2897124d8bf4c2d096d09cbd362e97b21f090c2e64799c8b0b5e0a8d8038ffc0dbc1056a3e5407c570e309a7a2169bfbda847ad2e87

            • C:\Program Files\Java\jdk-1.8\bin\javah.exe

              Filesize

              1.4MB

              MD5

              ee7cd30d627b7965e0df33f8f1b19535

              SHA1

              b533899bd418bebb643443975f87b66845868eb6

              SHA256

              226fb7ee6691ec7453fd0aa59355a9f72b7e71202c546b0180c4fab660c2a1d4

              SHA512

              d67be103f514ff7da50d1af79405d0c6fa90b9e2b92cb8cf5e78184721b0d871ab51c458c914e95d0df9aea5637aa3ebe3908a4f32cc77250b576e297f5b9026

            • C:\Program Files\Java\jdk-1.8\bin\javap.exe

              Filesize

              1.4MB

              MD5

              e4f9e8bd2defd6b8bc7d0b024978f5fa

              SHA1

              ee2a117d8d5d9ea580637dc7e58bb2eb16ea7797

              SHA256

              3797a8c61c50e2fd1363c2e5ab95b201ef6955230eb91a2417ed271dee699654

              SHA512

              ef0662a86414ec9ad580db4b8537f34dd84c56e8910e913dc4ed805b5097f98328e85cf6fcc66802a0aed8f18e32a8286d21a228e2c02d3fe0a241e67065d9f5

            • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

              Filesize

              1.6MB

              MD5

              49183881d2d838c7e4df71466dd5b43c

              SHA1

              0f9819b7304765185f4753376d16af62aa727107

              SHA256

              40b55e1fbcfd12fd93739f4bb4afde5eb0c1b9711d9bb53020ccb2d5c50c1f46

              SHA512

              d62cb72a4389c83bb5d21bbf27ccbcf99e7292aa8d50b2b93fcbf8f54b52f90af26d0c4b79e56cd0dc45c8cfa0b56b86d886692525130f0c837484cb2c3ff470

            • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

              Filesize

              1.7MB

              MD5

              e671e527e2315466f3edbb1e80798e77

              SHA1

              d402fbcf1785398d498fca9afa9ae1bf83857b9c

              SHA256

              259a8437698ffb2fee3740ed702516d9d153442b7389a0fb564035dcbed74ba5

              SHA512

              c2b9f69205d2d78aa04045b2c877c8bf72068b0e1345f5920901b8ef19654bfd48ad44f699833f4a0db7604a95445bf57a615ccf2a5aec556e423fb68fd327c6

            • C:\Program Files\Java\jdk-1.8\bin\javaws.exe

              Filesize

              1.9MB

              MD5

              1aed653b4a130668b4076bf620cad3a4

              SHA1

              19d0c6eb25d748c31a3cbbfb4772448f2420b8b8

              SHA256

              bdf3c7c087ef1d86eabe97a17c5cdc27c53df3842c361df9d7cb97d42c8a13c2

              SHA512

              72bc11ba3cf1fc4b16577f2d00c3c46eb180d5dd61617b6a2832e6a3426514e9821798054d84b6c0d752b1181db2b72c10f5bb4822ee8d811528a1ea8b11754f

            • C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

              Filesize

              1.4MB

              MD5

              480626a8283c510ad9151e985351c13b

              SHA1

              afe159ed937807f70e514638900b7212c1497c6b

              SHA256

              9bdedbf87bdc31776361889bb1595a5956ce03fe4d3115a99abe5e92a427916c

              SHA512

              c90054602aadb556891b75a5fa3a67a9aa959c48adeba23ae00b9afb855e4f9992c56d45b556507f374750e40230bc45829e521b81bf8a59201125af63df926d

            • C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

              Filesize

              1.4MB

              MD5

              cd8a1fb625c60697a1b1f5769f95a98d

              SHA1

              335c62898ec9c9e74230e2dd28118f50c210c6d4

              SHA256

              458fe250c4df4b997e27098cb43904a93f06019c91b41af561fd8589160dcf40

              SHA512

              53d26cd0b6c487b76904f53245b1454f6d8bee7db05689d6874d0e3d4e23e90e20a00e1d4e4be818d605ce6710f242a366711b37267c5b85c46431d144bcdaf4

            • C:\Program Files\Java\jdk-1.8\bin\jdb.exe

              Filesize

              1.4MB

              MD5

              6c8cd93ca0e9a16aef8066354b084163

              SHA1

              3ad8d870910cf2b0d526aa4bb3c762a7da0ac380

              SHA256

              e251dbf2781aa5f4af685ed695792844dcb7668ce9c544d0890a0bb88b62ed61

              SHA512

              6b3a2aaa8923e29e895685e6dac73f0964604a547983f17019113838588759d29f48db0a9d2a176ad85394fe17d7de560af29787390563702aa2f5dc95dad1e7

            • C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

              Filesize

              1.4MB

              MD5

              2fd281034d3f6bd30fe7d6839e1ac196

              SHA1

              c9344b66406c6ca03a6f2075d664d4c633c4447d

              SHA256

              ebc295f4a45e1588b120dadf72769e5082a465cf21d1588c56482d9ba1aaf3b7

              SHA512

              4138f926a3c4682818168572a6e87188e100f7b820e4c942b18d0bac5497963d71cfb41aa472dbcffebcfbec6c79a6b972ce368088351c4606947a1d2f4bb45b

            • C:\Program Files\Java\jdk-1.8\bin\jhat.exe

              Filesize

              1.4MB

              MD5

              658bd1187c46a682670bf3c334f7a280

              SHA1

              40da2c4daa4fc707dae6d9509bb204120a017070

              SHA256

              3c8ea0b9c4fab3c748aa6d2ead6e87bf15e4aee9531d081eb95551fa48ffa910

              SHA512

              7d58c882600eed6e2f2ca7e19cb6dfc1b435a3379c81756dceea1ac541a9c1ee6575c1a2015e2f9c7d3ddc28a41b3569607063f83c6bb3f8ecf28312dd9fc8da

            • C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

              Filesize

              1.4MB

              MD5

              8244953d33a571ca78438391692a6621

              SHA1

              b05bd4cb7209b075940b3eade4f6f9968b499eaa

              SHA256

              bc1560562cee64ba321f8ba19b5e9a105ed782f8d793ea2f32bb3ed898ed676b

              SHA512

              9f1ea3fb9756473d28c336ad1071416096b539d72a49934b0efb60157b14e282ab47faa95bfefff7dd942a91193afb70d48647af773b844ba1f7fc8b027930ae

            • C:\Program Files\Java\jdk-1.8\bin\jjs.exe

              Filesize

              1.4MB

              MD5

              8cbe3bc89d8d19e0c022042d3a4d94c8

              SHA1

              3159140351f242d4f58c95305873aaa3bea7bf94

              SHA256

              4b1ba15183a5a100104dee9e3ce3347fdc2f0ac097789ff3a2681975a5663c33

              SHA512

              e702eb4cb68ef15be04201974a470a1c39f102136a200c2794702193d8ba4b71fcb2807ddb546a306cce3ce6c6f2082241a2a6c721e0aee71d07c93e5aa50252

            • C:\Program Files\Java\jdk-1.8\bin\jmap.exe

              Filesize

              1.4MB

              MD5

              ee6066aa5b66747b90dacdef017d1390

              SHA1

              2163f6230d0c1d5e3a78b5ce00fc18de96b90301

              SHA256

              4bf343b669ece40bcee693d322be2396bbaef8d2df380cd25b2b4cbc76bcb089

              SHA512

              4c5f70cf60f8e5ddcf8fd4320a93f3786c1f48661b809689ba1c4e0f236f1ec6ac853219512ab83cfe876027fcf49940a32e6a0d5dbe0385dfc1cefe26fd1fc6

            • C:\Program Files\Java\jdk-1.8\bin\jps.exe

              Filesize

              1.4MB

              MD5

              36a2f44ab8396a8446c67d4891aa108a

              SHA1

              e2fb90322cdc673ce9c66c327056319016d46ae1

              SHA256

              a7afd5535fe965e7dba7f517e4ba8897d074c06920c704670b082a5990905795

              SHA512

              4bf3d7b9872d13a1988d1096ddc6d0194365440a28f95f4ee65333e7c4e216e04fc496dd815193021eda302b172320ba0df72672fc69e7a962c7ea901deffc35

            • C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

              Filesize

              1.4MB

              MD5

              31e97ad902d7c955bfef587834677515

              SHA1

              20c255c69a4f1295553eaeeacb33bceb3f1c62de

              SHA256

              7f2e30eef0ce45087929e7beaa0a00ae7f4228fc64c330f04531d2120b970b46

              SHA512

              9d924e3296200c6491d938dd91566ab37f57e372d32ba968e63646cb9f9e91e10063e28bc0350bf441deddb82f78313aaa9a763515fd5072233a21a6bde876e9

            • C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

              Filesize

              1.4MB

              MD5

              be6e761aa233c77bb69e3ed300fd0fd4

              SHA1

              ba20c6b22b1bd45d66192e4ecd6e440c0f90d6a0

              SHA256

              ce52dc3eaddcb6aae54f1b4e4b02181919cbbe2d7c0a8c67c4d1131edb9ea9f7

              SHA512

              cf03991e25e7c05e2716e6a72304c9f9b9f4c61699aa4caaeb289de41cfb58323bf5c6f8162b4aeaed737a093528cd88638413845ebe81b9fecf4ee275a973dc

            • C:\Program Files\Java\jdk-1.8\bin\jstack.exe

              Filesize

              1.4MB

              MD5

              a81695c419c5b49142ebb2bc9c2bda63

              SHA1

              4d2411fbd6abc1e4c1c1fdfc46755f4d02b96dd5

              SHA256

              e4f62c6a8fa867a1264fa655378dcda9405cc52e21e0023418c380f16f916700

              SHA512

              f05ecccf5d30b0821d0ef56038c8ee5d1a15d462e108ed8e6180beb5c7bbc2c04cc653da00459202fa7b02eaa05bc987885bdd76b696c6cdd38392309e9f6413

            • C:\Program Files\Java\jdk-1.8\bin\jstat.exe

              Filesize

              1.4MB

              MD5

              b6d92d5e5de507fa624aa4fa594738cc

              SHA1

              bd1e807c59bad10c17ea8e93f7d6543da41429dd

              SHA256

              6acb53120bf0d3997cc1d4cf3e0c499154fcafd1fe26f071e70d14c2e41ef23f

              SHA512

              fcabe5aef4178dd66be021cd849eefbbc47d76aa15b14298b0636c6767c763da6b20a1521dcfa79fc2694049b0335eab780c5dc5b78b29896b3f188c4580ef5b

            • C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

              Filesize

              1.4MB

              MD5

              557ca269962b766f2e6fcb0e3ab6d043

              SHA1

              96937d9d925d5fa5011841942c3b17319833c585

              SHA256

              14b5971aa99d0014da261b5d5bee8205d00e90205ddaec337518e8cb446f02d6

              SHA512

              3c2cab92e0f5cfd0532631dfc4aff49c47381c606642670565351512ae8469bf44c204621739af7320890bc9c3b8253462efa17ffb16c9c5cde68bd6213ca558

            • C:\Program Files\Java\jdk-1.8\bin\keytool.exe

              Filesize

              1.4MB

              MD5

              7dedc4bcfc097b3b45b29edc3f653f99

              SHA1

              adcebf25e955fb1a417fefe2a64be6d09e44d12b

              SHA256

              a48ee1644c9a75687cd65027855fd86d82f328fc1f75d2d6bcb0b86bcc3693c2

              SHA512

              6cf64752b42d00839bb0ce4596849c6185c5b688adc67a23f7a7051e49ef85d7c61b6c2c6409f1c999bff4eef53e0a47bf307b8f8c61f66cc68fb7415fe897d9

            • C:\Program Files\Java\jdk-1.8\bin\kinit.exe

              Filesize

              1.4MB

              MD5

              ed2f2c45590e42ae2ebf542623cd1e7f

              SHA1

              6a05b24af9eeb4d238693aa22d2633371199d6a0

              SHA256

              be19209536144b590c7f91e94695181c677a3dac5daaef2568889d0353ab2e2d

              SHA512

              6a0c319aa223e64b51181cd25a56acd4948e071c38bcf52a541fa5209c0230b94e0874b06d68979ee4973c590954335b49976a90ce41faa14416a293e0603049

            • C:\Program Files\Java\jdk-1.8\bin\klist.exe

              Filesize

              1.4MB

              MD5

              7d2dda3cfa49e15fc504056eefc3e5e8

              SHA1

              10b41d9694cbe9020b5a9aa8f967b1551c35e840

              SHA256

              334a8f3c9b8fcd017e5c01379512849a28e1f7380913ad854fbb04b0172db227

              SHA512

              7632eab793c0c2b8348544cbcd5babc84a8b76fbd5e93c279467f492cf0fa0e94a8937dfb30ca1ee4d29cc9e7f1ce9f4c141564f804d3b1e489a81f7bf5ed321

            • C:\Program Files\Java\jdk-1.8\bin\ktab.exe

              Filesize

              1.4MB

              MD5

              ef9daef4aaeea21152b96247dbb6ab5e

              SHA1

              0140205f690c85b8e0c81a8f8e32ff7221cd79c6

              SHA256

              a10bcac92ed6c4689d2b3374452eb8faf1b6d8f57e4c12b1a83e061bae2a10b0

              SHA512

              f67cd2fe41614f1acedfadff7b3321efb1f3ee3dce1b3a4a26f01673e9ad787006cbca98091f87b829e46786d5f6fa5bd2da5750967e5087e22bf8bc8d6ea3b5

            • C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

              Filesize

              1.4MB

              MD5

              d6bbf03290c844898df92b1e6d02052b

              SHA1

              82b6257c241098fb1b334577c8b9aceed03f3920

              SHA256

              ca8f80d752d59e3e59110b055d70b9175a7d3fff9ad419384860e32ba85111e3

              SHA512

              01cbbf8950ae699b4a6faf1e37f3e3ddd61cc5d8e9929e1942d7a98020e81279c7876df509feaeca1c2ad387575cc806e3d2dfedd521a098e86dd2ac6e8fc05c

            • C:\Program Files\Java\jdk-1.8\bin\orbd.exe

              Filesize

              1.4MB

              MD5

              899b5edcefca21b5bd4063adb1409a27

              SHA1

              23b81bb51797e7a166eb6e251dfa7a016d12b3d9

              SHA256

              217251af6c62d549c02c4b88af623005499ba254613fad838829f204f028a866

              SHA512

              81b33c4a977c2d83ca89125f2d639b0a4af875e0a9ce2e32c7c69fb62c3e3847cf7a68c8cc2f278aeeaf6ff5b90af6e98608bf08d3b2f1278a28d758b481a801

            • C:\Program Files\Java\jdk-1.8\bin\pack200.exe

              Filesize

              1.4MB

              MD5

              8f4a607e971085132bcd00e02ec5fe10

              SHA1

              fe583fc284510490284b4dbc494169399e78999d

              SHA256

              459533ce184dd19136ef8994d55849fdd6616acf9a0edbc357fe5ce3fa6ea5b3

              SHA512

              1a2a55ded142c8c5d3a6825d9a656be882f37873fb30d685ec488ab56f7aa77caafeaaa9cd21308627ab46f0965428c236eef1ae6c8f78ca1adde07d9b7cd7a0

            • C:\Program Files\dotnet\dotnet.exe

              Filesize

              1.6MB

              MD5

              bee190fd4388c8e3269f52147f876207

              SHA1

              95395417a92ad82265c5930ea4aec1c720fa00dd

              SHA256

              5359b65d837ff833abdb633c9d29bb36b3d06ffac35023c753c5e9457422aa2f

              SHA512

              fe2d09b281324ad16ac04653b871705aecdaef1be2f2a3c684a65178861230e549e8dafa987c8030aecea50780c951b0571401652c3444d024f8cb35a369dbe1

            • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

              Filesize

              1.5MB

              MD5

              97ed3f2107424a6db204d33fb4bb813a

              SHA1

              62bade51012520d8d0540a843aa0a058c8088a0c

              SHA256

              710ba68bea93e8623126d049bc0dfdd34073a750b304476eb44e76b58d4576f1

              SHA512

              8e85b019ea5592c658e5efefebbf5f0a3543629f8d5b709398a3b5ef23b153ed0d7d23600508d4b76e4d10695298c781fefa4d009b815818810efeef33a18950

            • C:\Windows\System32\FXSSVC.exe

              Filesize

              1.2MB

              MD5

              42bda385e59f98ee6be2c6e245af9a05

              SHA1

              bf3481363a5841d4701db96e3dafe77d04cf9b43

              SHA256

              adef630d71509ca75099d3ec2677a693b2966832d9c331251d2f77d5b593f0e4

              SHA512

              66e140c388067539f3d3baa8aba3ccfbf65b106092740bda11b4493b964ad95a15145becab0c82740727779dda1b808ca3a0dd9392890177106dd98aaa1874ce

            • C:\Windows\System32\alg.exe

              Filesize

              1.5MB

              MD5

              71c397bd71cab20433840e0261e5a283

              SHA1

              97b3c825c329b8b27a9c0188a2120f137b80efb3

              SHA256

              9a301106d7b67f34ff61b95d761361dec0e1299975c8e6b60834c4e936d3df1c

              SHA512

              494ab8bb07082b585577bbd7e4c9f0faf659de79c62e01c99298d1dcb1e4a6fc104e02be758ae5661b06836cf0757d8128210f4a0d74b6ab475272cad0c3d073

            • C:\Windows\system32\AppVClient.exe

              Filesize

              1.3MB

              MD5

              9de92ca109cfc1d1bbb3a18d0c52ac1e

              SHA1

              dca08ec2944a98f21372801b14ec625da1b0e172

              SHA256

              7e3a1fb2a7a80d2ad59377637ad809711406f475351bdc0c13d37ebf87d036cd

              SHA512

              3861efdc0a13ca281d041d18166fddd45a3365e246e8ba78e30ea37ae5ebca5479b3019dbe50f2927ad43cb5ea56a4219b044d4cb6f8a6ad8391591fcd7d0463

            • memory/736-85-0x00000000006F0000-0x0000000000750000-memory.dmp

              Filesize

              384KB

            • memory/736-87-0x0000000140000000-0x00000001401AF000-memory.dmp

              Filesize

              1.7MB

            • memory/736-79-0x00000000006F0000-0x0000000000750000-memory.dmp

              Filesize

              384KB

            • memory/736-251-0x0000000140000000-0x00000001401AF000-memory.dmp

              Filesize

              1.7MB

            • memory/2600-77-0x0000000002260000-0x00000000022C0000-memory.dmp

              Filesize

              384KB

            • memory/2600-88-0x0000000140000000-0x00000001401AF000-memory.dmp

              Filesize

              1.7MB

            • memory/2600-73-0x0000000140000000-0x00000001401AF000-memory.dmp

              Filesize

              1.7MB

            • memory/2600-65-0x0000000002260000-0x00000000022C0000-memory.dmp

              Filesize

              384KB

            • memory/2600-71-0x0000000002260000-0x00000000022C0000-memory.dmp

              Filesize

              384KB

            • memory/2672-24-0x00000000006A0000-0x0000000000700000-memory.dmp

              Filesize

              384KB

            • memory/2672-42-0x0000000140000000-0x0000000140189000-memory.dmp

              Filesize

              1.5MB

            • memory/2672-30-0x00000000006A0000-0x0000000000700000-memory.dmp

              Filesize

              384KB

            • memory/2944-0-0x0000000000400000-0x0000000000590000-memory.dmp

              Filesize

              1.6MB

            • memory/2944-2-0x00000000022A0000-0x0000000002307000-memory.dmp

              Filesize

              412KB

            • memory/2944-6-0x00000000022A0000-0x0000000002307000-memory.dmp

              Filesize

              412KB

            • memory/2944-48-0x0000000000400000-0x0000000000590000-memory.dmp

              Filesize

              1.6MB

            • memory/3936-17-0x0000000000710000-0x0000000000770000-memory.dmp

              Filesize

              384KB

            • memory/3936-11-0x0000000000710000-0x0000000000770000-memory.dmp

              Filesize

              384KB

            • memory/3936-21-0x0000000140000000-0x000000014018A000-memory.dmp

              Filesize

              1.5MB

            • memory/3936-247-0x0000000140000000-0x000000014018A000-memory.dmp

              Filesize

              1.5MB

            • memory/4748-60-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

            • memory/4748-62-0x0000000140000000-0x0000000140267000-memory.dmp

              Filesize

              2.4MB

            • memory/4748-54-0x0000000000890000-0x00000000008F0000-memory.dmp

              Filesize

              384KB

            • memory/4748-250-0x0000000140000000-0x0000000140267000-memory.dmp

              Filesize

              2.4MB

            • memory/5080-40-0x0000000000840000-0x00000000008A0000-memory.dmp

              Filesize

              384KB

            • memory/5080-45-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

            • memory/5080-52-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

            • memory/5080-34-0x0000000000840000-0x00000000008A0000-memory.dmp

              Filesize

              384KB

            • memory/5080-50-0x0000000000840000-0x00000000008A0000-memory.dmp

              Filesize

              384KB