Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 15:41

General

  • Target

    2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe

  • Size

    4.2MB

  • MD5

    507a69e2e39842d4c61fc8921caa7a06

  • SHA1

    c98f080b1c9a7e07f8dc29375e389ffd4f679137

  • SHA256

    57a4840eb5d84e204203b91dec4cbcacaac6b16b0f98fc8c0c116449210663ef

  • SHA512

    71ee42631da6d520d7fdff715506dbc6cfb9eb449d357f8ec357c423ce8eeb5fa24d52c7ee62da298ab0c53195d8be4d228108c03ce6b714a8a173c66a5225e5

  • SSDEEP

    98304:+V39EaaOtgsq30ixcRgqbCdb78lEf4ePD32JqVFV3C4ws:+VtEpcu34ePDnFlC4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:6052
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2996
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:888
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:1196
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3104
    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1416
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1232
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:5692
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:3988

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

            Filesize

            2.1MB

            MD5

            550f9e35ca519d60a4c0f54293edc904

            SHA1

            8a6398b11c29fcb96cb471565215b5fb3389177c

            SHA256

            1fb6e5bbf7fd587a4804616541b44ceb84bcd0179a7084d3c33b6a51b8c36333

            SHA512

            b020eb5d9d5ba854ba1aa6dd7bedbf79ea73bad5a71ac021046805386d0425632aeb0c1b80188e420a3d6de758923407577d4ef80e71e1a5cfb9cdc2544cb3cb

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

            Filesize

            1.4MB

            MD5

            0e4fb0c037a103c5debef5b073b76f8b

            SHA1

            791c7f52f63a3706a8a06b401ccd3e7703202630

            SHA256

            b5ac65e9bc434410652cc461f72c8499c7037c1fed661d6a7859ca13dc832b0f

            SHA512

            e53b07d6ab580454ba97141b066ab105048ebd761ae63cf80cd1c5f4ac2f62e654be351af5104453d4830ef6048fffd5a774d4a0da96ffb6fee9f10938283e10

          • C:\Program Files\7-Zip\7z.exe

            Filesize

            1.7MB

            MD5

            9d77e3e3144ff3f7baa3103fa2722f30

            SHA1

            75b2b1227be85cd44700245344cf1ee500736a23

            SHA256

            7374d5b17e7c64bb8d88729d8f6ed6bc5e9461cb6287f829d01526ab087a6193

            SHA512

            6a799915d57f7a47529aea09f4a7d56899c2d7c55f53198dfcd3b133f7a0ab40122396a86660b6a4a1dde466703adea476b195610d39344425b94d5bf137438d

          • C:\Program Files\7-Zip\7zFM.exe

            Filesize

            1.5MB

            MD5

            e3829ae568f22d544ddebdd01cbe334a

            SHA1

            4a36691cbc1d7ee8c15e46d4cf8c14c691068da9

            SHA256

            1e0c3b56af0fe1242967d64b08b43e72dfeda2d7635f5342bab414cc4d51f2cc

            SHA512

            50f57a33cbca2f8f7cf1d1de82617bf5e9d3f6ea3d046813db086212fc3ac28dd51a85216a0a0f6e3b21db79364c65528f870842a2f900c5fb646c3ef42cf8ff

          • C:\Program Files\7-Zip\7zG.exe

            Filesize

            1.2MB

            MD5

            179d61ee56f93d68468792b4b4542983

            SHA1

            88fcc6369e482656d81ad858d373dd35affd94df

            SHA256

            497de82a4741e0f800dfbe991b41996ce16f8a3c86a943cb760cc179d27679bc

            SHA512

            587f58315979240a578a08a8f1ca19add0be2351a816bb9d69c491354b0749ef1b198c40a4e082371bef79e68fa01c8372d5bc78efc25923ad6e7e1c2cd7fbc0

          • C:\Program Files\7-Zip\Uninstall.exe

            Filesize

            1.2MB

            MD5

            f79e2b320618a942180c73d5606558b7

            SHA1

            46d699ad61f16256b84f08ee79c8233d2ccb6cb4

            SHA256

            b59bca66a0d9ed48a16b599c6f63e8b8cbbaba5e5810303477423bf0312492cd

            SHA512

            6ac0fb9d1f8ae3fa3dfdf4cf3a3a9c0749f1ffcd51914d78c86fb1ce8b6dbd5297d4e570e1898096bc5af3ddd3933d5dcfdb4c5e16ca56641602de743b1c5ddd

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

            Filesize

            1.4MB

            MD5

            26fb0a4c40424ff4ef4b24d46a4b77fc

            SHA1

            4e75c21b3c6f7d7fe76699c7075196a34a3ab3ac

            SHA256

            4a970aa19692d85b6b8ed0d130146b456b9aefa148222b5e1b9f1b8a508e15d1

            SHA512

            9a0be8c42fa199cf874bb571144dc36243678e0be9b0c95db3f8c97d8b6873da378e53b6bd283d65d877b308c44bb2d048a25f5445c3de02cbb90c7f902a1961

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

            Filesize

            4.6MB

            MD5

            6f381a7d00892070395fd19aed28be14

            SHA1

            0987bf5a47fb6286d8600b758b9353bc472ff567

            SHA256

            94b607c4acec1a7279a4deec6eb77698df6aee0d66880ab005c3f114efa22bf3

            SHA512

            2aab1904a1c8bbef47578bdccf423e472826a0a4e6c8632211e86059b140e28930bc34f63a8ae480b8a17a71212b1e9529fcdbf1b9001c031f3497282062382c

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

            Filesize

            1.5MB

            MD5

            fa0d51da8df9fee703c4c72d9419061b

            SHA1

            4dc474ef4046e75c66c397d2480f310e5c7d28b1

            SHA256

            c3b52ca164627deb77667567f66c3a54c60d6915e65f5a5f4cf8a2ba416182c6

            SHA512

            51b84afb85c5a1766a652c55f0da6e0b32b3401a3170df125107ff2b6986436863cdcfd22571228a509f532b91fe13ad1d83874464d1140241cd1ba1260937b1

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

            Filesize

            24.0MB

            MD5

            c2ad8c04617a7934c674373e81cb79c2

            SHA1

            aa5a1f598d59c6eb0c9bf3151eeccaa58b4fc9e7

            SHA256

            bd639d27972b275ec0e5a25abb2796a3013935dc96557f815b61ac5bbaaa8fcd

            SHA512

            4f084324649aaa0d33d18d742f9e9d06ddc134d2db4c587ba0a1c9be2ae48e2f871ef3755f5e2193cc5856675dbb69e937898a53474aaf5eb3f05b18a7d0e50a

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

            Filesize

            2.7MB

            MD5

            80a3e7e8f8dfddea18f68b0fb7cabce6

            SHA1

            747e14918822958f4fb1b5ca50a02635297319e0

            SHA256

            495cf8fcb54b4adb0fceb2d7353ebfa864001e8a037ded2eda62092be9407c42

            SHA512

            8bcaa1d318316bcd52f01b740717ca44ed84a7e923bec0eaa9cdd89b2c73592ef2fbc7902e77474e445d556364bbcca5d92ddffab65ddedefc91179d44092ca0

          • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

            Filesize

            1.1MB

            MD5

            e13eba57496ddfd54b6cd185558f4c03

            SHA1

            af7699a53d24f5ab37936cf76bad96ce2eaaad33

            SHA256

            91cc97d17f3f50a87c52296e59dbac8698d23f01ef97bde062f06595b3cc7ed1

            SHA512

            7a2ba9b36a9dbb859d60fbabb435d0cd8eec62285822e584a51ba896a895eda2de66198c4d824b42aea3bc769a0be40ff2d06fb29dbdd97a5ef95d847a0fb814

          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

            Filesize

            1.4MB

            MD5

            0c88bbe9eb1c21a281616160416f9012

            SHA1

            8e48874bcedc33dc80f466e1aca28a7ec20c9a8c

            SHA256

            92c6928db16d4eb86fae2f5045c137b584260fb78488e459de0e230fb3391d51

            SHA512

            06e981dbd1189636496709e16ec2f3c72c5f2e36b6c8ae2468675908c4a1ee99da808faf67fa124752afa984d6ecf6e1975cd10c5ec74f098bccaf5eb9ae46bc

          • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

            Filesize

            1.3MB

            MD5

            e2c63e0f110534aca92118af252392a7

            SHA1

            ae8aca84b5f551e5c3635e11ac9f00739df033fe

            SHA256

            98570139d2a2e22203bb6a04e48d359b42b88931f76aff259a77772a8b68e5f3

            SHA512

            9fafdde2ffc6a6765f3b76656db68c35baf1f735b495f7c2d8e5f226cbcb832009e6c1fb00e9cc81e9023ff7d16b5e6cfb9fc52cc91c5a3b772a9d5229ce4189

          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

            Filesize

            5.4MB

            MD5

            bf182b66d54b315defe5d15259da74c3

            SHA1

            1217a8a72a24375a0071adac283de870e85f45bd

            SHA256

            eb824eaa988b30266c722f570e56d4edb5d4160f963f14683f972ab3f03675e3

            SHA512

            497d14db134239349358d64b7c766f427fcd9fe705ac60d469a113e37a65287917b1fe14488322d6e6b26a906d2cb3d6c4a31a2eaafea6ff4c9ffca31106b284

          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

            Filesize

            5.4MB

            MD5

            334d6ee6e8fba5324c84323d47ff72b3

            SHA1

            88ba3a71093faf5dbf40dd0cf8944774863d5a7c

            SHA256

            4f3b3f55311c5eb66ef0de3ad6a13c78d6dce75fc424448cbd25ef587815f0aa

            SHA512

            7bb438a70d8438d6c87053222c5803be253e3d77c907147f772ae382f1a47c5eabf22301e7874155196c7609ddd525c135a1e1e74f141492f28b5c9c81cdf9ef

          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

            Filesize

            2.0MB

            MD5

            87b919ec8cb92b7487e9453b8c1b4db0

            SHA1

            76a876db79470c0eeaac22ac69a16fa629f36549

            SHA256

            90d9d3e9c1947ee4a05787c683ac97ba999dc10fbae8e766a065e088d8380acd

            SHA512

            c4147f4970126b5267c69d72edc15bafc1fb26ef491f4ba6c38853b79b6d94f43f1858465957c86e99481c0a8b1786f8175749ad2c30df9de70a3bcf85bf4c7d

          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

            Filesize

            2.2MB

            MD5

            0bfba3d2cf01f58f49e58ac3a08e212b

            SHA1

            45c8b568825fcd35d76cbd7f1cfa3d573a7c1d9a

            SHA256

            afc1519c879f7240f1c7b82a11bb4ad5533b33a4a27600c328bd61e3c2839a55

            SHA512

            1388329704e23836e65fad2f0f5f6311712f6ce1c475f06f77be84a5811e89712f06842487b05f943008d28a9668bd3e4cbe6c998a1bfb140c7d20dfbe44b72e

          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

            Filesize

            1.8MB

            MD5

            c5219a7c1891922dd693dec8dca7d5a9

            SHA1

            65114b207afacaa92bd91c0f20bfeb9a27d7cd5e

            SHA256

            9921fce633dc4851125428233321b76c2ab7c9f07b32d45253a6951ac266bb17

            SHA512

            d04b370f72004f9bc504f32aa4941c69b852678022fe75fcbbaebcde30e4ef3c11c8a625ca14c2a9a4f994725753f29c3e6d72415c2058a3c2cee6d8f8862150

          • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

            Filesize

            1.7MB

            MD5

            9e9da6feee9ff311c57baa7c1f8a86ba

            SHA1

            1676487fe5fa287033fc983a789a2543ab19856f

            SHA256

            6591956bd6b146e8d5462bde11c629e6ba8409a251015a199997106a5991265c

            SHA512

            9bf1fd7bdf670912ffbbd03e303636c0ac3c8aba30804c1a641cdc999c8fea8e95d6148b636b70eab63a6ee8437496c50c4e7c799c06d0d0880396dbbfd21816

          • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

            Filesize

            1.2MB

            MD5

            2e52870b508b6a1c20f233306513788d

            SHA1

            138b8c7765548a9d6bcc3427a5ad1c9509098ef7

            SHA256

            69b42967a5e6722828fa29211241520734ba74794c78f1e3c6bc4767e8492ebe

            SHA512

            08b98713f2d95bc4a9c50f0924ac4c4606e9a5c2700c2f1448733b5fdaa8fa4aac7ec3ec48860505e32baff4c01d2eb1380e0a34dbec151576d1bad13954c70c

          • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

            Filesize

            1.2MB

            MD5

            74e8f8aab12c548279156f1374ca6ec0

            SHA1

            4dbee8406d8e5143936b257fd6ad8d32d90c7de6

            SHA256

            a9026f5600341473240d52f3efdcaf1c06956b3b29551a2b6f5f7429816bac1f

            SHA512

            e33701f35f2c9331f98be2f5d363e2237426402979de5df9061d58721b4f79127a606e5afe6de6932bb0fa193956cedcc678f664c60861e033ec2cbf5774a505

          • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

            Filesize

            1.2MB

            MD5

            c273e563340cb0d3661e9d35b31c4cc7

            SHA1

            d9149d86a508d334d82979843b5eef4a3d05da7d

            SHA256

            691dd1b06fd07506d671337f0cecf06e71a20a1ad9fe886d78c36db4092838e8

            SHA512

            8b0eaeac265495e31df88346df641727be5d7e5a3cdc2b17de71ca26be059ea430512688b4f01cd01177d3ccd900e7961ed5a3d20df5b993cc384143677019cb

          • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

            Filesize

            1.2MB

            MD5

            1b076f8235c1bedad0817b42b8668cf1

            SHA1

            d28368ab0cffa4acbdd6aa3a1b5ecf4a58d97387

            SHA256

            70f99a091110e558e732a26d1c0b6f8e1b4c82152a92038164fdedcfb668296a

            SHA512

            88912e9aa1cd23d8540ee495fbf451a167e72349d0623a0e963879d20e79a865d4b852f6fd11e8d2f3d20f3fd0699575c741dfdb6b72c54fe15ffe1d7d338937

          • C:\Program Files\Java\jdk-1.8\bin\jar.exe

            Filesize

            1.2MB

            MD5

            4f572722b57e4cc11b5b07e59aa5ff56

            SHA1

            1d9924e9b7acfd3e995319f51f85fa967cd80cce

            SHA256

            e048ab5330f099f3a660aa3aff67be386b77aec89e6cbc49c7e9f0c8109a089f

            SHA512

            749e33eb0c3f350af5a20ae2384caf4a24918fd318f99f79f1b49fef2a356df0fbde4169a842666142c4d0120914937ae201563bfb7704e3372f5779d0f1b7c2

          • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

            Filesize

            1.2MB

            MD5

            e95c936ffe1dca7088f4c9a14cf78f29

            SHA1

            4e2f6ac9089ba66b42631df3acd281f402d05dc8

            SHA256

            8338a89137726a207f5a9bbf0f467ba0a5aa876dcea4240f25aa1dd5b072678d

            SHA512

            cf9f185c40a0fc2307a043f533854bd2e026a2f5a2d00c3557fcbbc0b1d7cc00eebaa7fff2ac8c33be7efba556ee6573f0ef35b5c16f7694ffce8ff6db896dc5

          • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

            Filesize

            1.2MB

            MD5

            9e616ecd110ce9b7cf6154cdcd6bb7e4

            SHA1

            5c4284a4299ce78715a1c90fc3749ddfe17d87f4

            SHA256

            a688e0d6bbfa629cb6e718194634b0fd2ad699386be42e99d5e315fe225f0e4a

            SHA512

            0f1e1aa00d98264e5df4d295a1107897c5d65dfca7140fedd6f07c61566ada657c0f5ef91e59ee2e777359fb2de4d2324699212ff4ad133748ab92b3dabab6f3

          • C:\Program Files\Java\jdk-1.8\bin\java.exe

            Filesize

            1.5MB

            MD5

            d07ba3d631f5b0c77c9a33b30c1e19a1

            SHA1

            b3e2f9ab8410f908c9b1629109b9564695598275

            SHA256

            7d69fce000046a97cfa20dd0d27a0926dcf4954e353db8db60c4c8b9813a734e

            SHA512

            a1c38b8051bc48f21ce63ae6c9e85fd717a46a6ffffe3ccc6be5c399ef0b0005165b3d2e97d9edbd71b79c4c2e3ba1be39d2789f5613636e701c5aff0c0c5475

          • C:\Program Files\Java\jdk-1.8\bin\javac.exe

            Filesize

            1.2MB

            MD5

            66959fec249aa78dfd00356e638e1b4e

            SHA1

            3932f2a09d03e91fd8a3a3a79b1b2147c431bca6

            SHA256

            fb63c467cb9fd1a469ea7414a44f1efd9df3f5c188853eaa3b2240066320ff4d

            SHA512

            f54a2a78e253cfe0fc59105b710acf3f2bdf905278f89771ee6955ad5bd0b74dc61bde28cf42481227a3a2b64c453a5567eb39afcc28e9c665ca5efd3858b9f4

          • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

            Filesize

            1.2MB

            MD5

            cb856c6d8361b03bb6470dc9354d55c5

            SHA1

            ba166550c29d5113fdbc57a00091cc95990b6570

            SHA256

            e01de33a56e346d536a42f6d90fb3b7eebfe79fbba4748b346d411c2d269a832

            SHA512

            f539561b98658ca9c56092b0e07538a96f8a8f000eeac3247d61416c59db98e34de6a239e71068f829bed82953af6efac829a72c1d47fea10d265883142f5633

          • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

            Filesize

            1.3MB

            MD5

            348dda74cd514a9081ea0713ab7e42ff

            SHA1

            a8a4a246f0ff221f7ba942e98b5839f631d0c4b0

            SHA256

            d428df58439357a596df7e212b560a9ca8cdf49d0193e35ec9f4aec822a70ad1

            SHA512

            852efc598252e92377b8a334e2dcd4368974601cfe3d53a12c6ce23a0cf4a2fc3cd41b08f22cd8795d408d6904e58de5b5b28d9d98d423d01e0a58224ec23de5

          • C:\Program Files\Java\jdk-1.8\bin\javah.exe

            Filesize

            1.2MB

            MD5

            94a48e8e49b902926f0c1176de8d7eb4

            SHA1

            a3a1c4d061db5af9836cf78702f74160192b8cc6

            SHA256

            54144b4a23108c357bde833c43801e35d5c6d87e5dc41907af7281da79359d32

            SHA512

            4e54406a4e800e2dfc1680966d0770be60fbdce1158bd08f755268e77a44be09a6aefd66e997b39cfcd148b8f40b8882faf0d70b6776d3d9a5dc15febd1c7a46

          • C:\Program Files\Java\jdk-1.8\bin\javap.exe

            Filesize

            1.2MB

            MD5

            b7a17edbfbd77b14a2e12c5ee7be0490

            SHA1

            7b0687cbe49ba01f6b3f263e9f8550352c20104f

            SHA256

            94088a0cc52765765f385dba1ec206fabc15019613df2fb7375d6729421d8fd9

            SHA512

            744d925484961c0510163f27937a54f0a74a84d4e24db1893dd0312c1f3616af1ade829894accf93a1b3ffa761db917d4bc3e36a0a1e7cec1bf9c8d70f4d2b3c

          • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

            Filesize

            1.3MB

            MD5

            aae60946f453848e801f88bb8dc8cffb

            SHA1

            5d1eb08155af931e2b17dc3e1017a3efcd672297

            SHA256

            06c459d5de5da6262d1b7ad8249b8a58db996a066e39889032c58b304a17e432

            SHA512

            502f3630b9d50d3245c2231236ca64751911bb61afb3257eda0136bbfde0bc6f8880af076910a54351d2c620fffc73da503db5268f83a88151fb7eb401c5266e

          • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

            Filesize

            1.5MB

            MD5

            d2def9ff984b3575d9578246fa2f9162

            SHA1

            ae289de5438659760c27c3f8958d9d26dc7af55d

            SHA256

            e748ca771ebc364d14e44d7f951f39108d62da3793d21bde1a9bd2c5e5f55605

            SHA512

            789d1a77c0f86d496700ad48b7fbb239489ce5a5cff04b372d864839f5df81c68703f78f3d7565f5ef08066087e4b0d82b00af89f1e3c3dd0ccfeb6392e942f2

          • C:\Program Files\Java\jdk-1.8\bin\javaws.exe

            Filesize

            1.6MB

            MD5

            ef75d9520c2a2a4f86abf15748939ef6

            SHA1

            af212733a11970fa2c94e9416118338267f2ddec

            SHA256

            d258c29b2fb920c482dedfaa76b7197249e3a5267a0f861dcdc8588a6b39f070

            SHA512

            be04f223c9e48ca42b48ec5f4226c98e90061a6f5a8df57b7406cc9d074f1dad274688f4f10d109e342619b88f4550f630110a49270e027af2fa88204dba3916

          • C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

            Filesize

            1.2MB

            MD5

            7c48fe40fb40c5c664a04bb569978a6b

            SHA1

            138703baee9495f93f6c5dd5154fa0cc194116a3

            SHA256

            07464bf8e0a881080415f04888cc5cb636344762d3cbaa32de4dfe568729e206

            SHA512

            e0af0af265d79b663fc6c6c886da57af63c3bcbf507b313ac44ea10d8ffbd74ac4f3f4db0dff68e2e07e91d4ff37fe59d8bb1128ddd8f3dd286a4e075b32c2bd

          • C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

            Filesize

            1.2MB

            MD5

            563b6c667d75acdb50e55a0df26ac9a8

            SHA1

            f4a2a52c77119da22986a3938e2812a63334cf6a

            SHA256

            41b7b53b62155fd119525127b1722f289aa39401ad2e5a1448c8124a86d88b0c

            SHA512

            7a59fc2c67099dddcc1f6002bc51365c454ce10f56bd2d7567e8c819af76f9a684967d5ff2fbc576c59f3d003359aef0a54c0ffaf4d058fa6a42b50ad88a1d38

          • C:\Program Files\Java\jdk-1.8\bin\jdb.exe

            Filesize

            1.2MB

            MD5

            16af37ac1087aa064737f7c0e706eca2

            SHA1

            d496b2dbaf1ce71c9847ecbb485baf7871ccce02

            SHA256

            fb0b5378af68351670b8f8b6ad5b70715206f7bd41c2a52df905a26dc133e86e

            SHA512

            4bb2f5fcad3803496250392b5c1d90fd46fdd6087d2279b4f99e10e0a481d2677df0bdb1e1e80702bba6d757e6a0a50c604e34f9e9f05229b28dc4c098422f7a

          • C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

            Filesize

            1.2MB

            MD5

            55851a3b8c18da1d62b70669a3d0d8a2

            SHA1

            94bf42155996676bfbeef4db956ade3312917ccf

            SHA256

            ef201ca93a816b9be252bbdb25112e3b03dbccdf2283066d928d2d18e277a280

            SHA512

            83f60c215662c6134e04d640ef1c4301f3d1da742b762ae5e65676c7c5b6859f70bd30469b9042bf068e729e6495395996150fe7ec8cb358db3dc9c6a1a88761

          • C:\Program Files\Java\jdk-1.8\bin\jhat.exe

            Filesize

            1.2MB

            MD5

            bdd61537e6dbd59edc4540b5b719ca29

            SHA1

            339cb287caf8c05cc412f9741bdd963269624271

            SHA256

            4ba3392121b47851cc37fca430e0f4a7a47502fbbd526ac611950a47451e333c

            SHA512

            94549ffa42a3e5c3f4c4a87e27d75c965f931a2c38ab60239c8b4108856b0f58f38d7543a1bb5389667ba0da275848c5734cafbaac5f6b252bf6e5788c27d9c4

          • C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

            Filesize

            1.2MB

            MD5

            f339012440e59a25a7c8cdf1b6f2cdd4

            SHA1

            4c5c211bcb6b9d8d6c74d6fdc0739031aeae8904

            SHA256

            775dc7419a66a3fd5ae67e940d87da3bce7f2da06c07c128e59b2ca1e138282b

            SHA512

            039cf6f394d000096936fe59b2f791d9c131d4b116a6fff8d85c2fdd2dec587fd35375068df7ddee62dce63d7c5d2959a199389dd17ed25751a1775ed991a941

          • C:\Program Files\Java\jdk-1.8\bin\jjs.exe

            Filesize

            1.2MB

            MD5

            b32264eda24c27e7ee95d02283e5218d

            SHA1

            1b9a124e40c0bb67369080ff8a46dc07e29fb16d

            SHA256

            5a4491926bea9b077dbcb3d2f56ce8788743afb2b01f749943a95795196c39fc

            SHA512

            500770714eb7e437b25077fe3d560d3a646fae02407977a0927b6730d12b196a3a49e668e532b9681ff6e7963ea73a7a43ab6b32836404e2eaeecf3b5ba55433

          • C:\Program Files\Java\jdk-1.8\bin\jmap.exe

            Filesize

            1.2MB

            MD5

            c96751e69ef3c4ce605aec5a71bf6de9

            SHA1

            ae4f1b44af749595acbedd005ddc4019684437f7

            SHA256

            803310396f6bd5e00c5e51ae4fa1cb3acd051f1302d6357ed2d7c01364a0eed1

            SHA512

            8f3a5a9a6b4c6120806eeb27333da8263185f9fdc102d0e6d2a5fefbefd507e88acb4f1d7cfe6b736c643a175c2dc53221b476ff23eb0eb83ba9a24278ff12f7

          • C:\Program Files\Java\jdk-1.8\bin\jps.exe

            Filesize

            1.2MB

            MD5

            26ff8f2aa5548da4f1b3af146fc1a428

            SHA1

            cfab5507223a53bcb140547d91ed97195be64316

            SHA256

            a5af903ba649a16820426cd79620653b96a2505a56a4e976e810e8cc87472a52

            SHA512

            d47a3551394dc12ee9fde67e0d29df340fe0d775d0e611bc45445eab39b8b80c0a194344f93fda76387d74163292a52f264f6267e2bda347de112d9d1bdc9d9b

          • C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

            Filesize

            1.2MB

            MD5

            19b9a974fee62d6632016901ad6970d9

            SHA1

            cbdad189f96d15e1a4a7396b8568364a351f2e47

            SHA256

            fdaa33df56164c4f419dbef431b0163efb0df71852322d23ac8145794aed2803

            SHA512

            e1c8514f35527022c3830f98f0813adee74593114384f5919f18991da46653b7a0f48d9be7f8295a1d3604f6fcab94d5cc3b7441e158cf6a994296fec502a156

          • C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

            Filesize

            1.2MB

            MD5

            465827278e53ae02aa4423820eb60a6c

            SHA1

            961099258906a7b0157835aa6a9d86871df209e6

            SHA256

            c00bec00d20939365447faa95763aa0d092c6d6de882864110d93bccee366323

            SHA512

            f89fe57082b6234116d068702b9785e18fb98757015e46e86c93a63e784ce3f50d347dade62fce8b29dad82dc9fc4f2f3b62b67bd12e81580975bd7d578014fc

          • C:\Program Files\Java\jdk-1.8\bin\jstack.exe

            Filesize

            1.2MB

            MD5

            e3ea22c2a6290731861e00833e886815

            SHA1

            82d56dcd9ef993aa82c986f9cb52c06d71e6b4b5

            SHA256

            78ed675ebb50a211c9c354e909059fdfa2d9d4a00b63331b115d2c514f0fa8d1

            SHA512

            ed7faa3038db56b6f305e3ae2b63b5bd1e4a6bf7dc5c529bc3566f021b545b50cfe418f4acb186103ea098ba1a89e0576592b8b8c71d0e45330b59d7e438cf51

          • C:\Program Files\Java\jdk-1.8\bin\jstat.exe

            Filesize

            1.2MB

            MD5

            2cc57767c70538a24dbe60b2769ed3d5

            SHA1

            34941f8233d33f643439caa85410afcd837b4fb3

            SHA256

            cc00f297be4bb9040d7706fb870d26d6af6bf8f3986cea31269d696206ff965b

            SHA512

            149dc4ad5d9ce2e21923fcdb82c2ef34331fd7f20b4e694088d5d442aba1106f3aa0b71fd6fb8e22d8b83118d84431b939bddf1ab0923ac0da9598642a583c4b

          • C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

            Filesize

            1.2MB

            MD5

            e0aeae7ee0c935b692d2b088a03a5f72

            SHA1

            9f5ad06c50f320881e7a122095873325173b7832

            SHA256

            83ca2d71649ace14e82fda5b0792c4275c7f00797aafb1edc4a7bb2b6d85ed30

            SHA512

            d7ec4ea5e82a9ac2848f2cfa523415fd507d2c22bf0ca94b6a39beff4acd0a0c563cb6f4779e5568f8d1f95fc1b9c9c53a1d47fd591163b131b7e82f000f73c4

          • C:\Program Files\Java\jdk-1.8\bin\keytool.exe

            Filesize

            1.2MB

            MD5

            a99fad652ce8cf61178a43f58fe53933

            SHA1

            a3158b38565287fefb8a4457989505f8d292948b

            SHA256

            9817ec4cdc858bdf81e49beac9429261e998ae0f0aeb62c86b689a54f15740a7

            SHA512

            1d495506ff192ad7f150d00b418074bc76d44ab9cb3af29c9f95a8cdd11d5177bdb5ea10430316c2d9494672f86c12f3fd23e0e1975d4931789c15bf5396622a

          • C:\Program Files\Java\jdk-1.8\bin\kinit.exe

            Filesize

            1.2MB

            MD5

            c258f3af2ee056570ddc7efbb182d60e

            SHA1

            408c25d6da8a00389ea7ff9df9037d6ab9ae21c3

            SHA256

            0b3f432677829d21a41069afe442f187d46165181a5dd496978d2d14d6be9cea

            SHA512

            691bd8299d72f89d212f20cf6cc78c24e78b72e699ea42e9da4c3b7982e956e49268e52ddb79dae1d9822b73b55e7dfa1d8251d861f4b0b4dedde494bbe397f6

          • C:\Program Files\Java\jdk-1.8\bin\klist.exe

            Filesize

            1.2MB

            MD5

            b0b9c8eec4927d63324b609959285238

            SHA1

            ef092042d149c92aaa8beed1a115989acf01f622

            SHA256

            afd97c3e434084c2623efb01f1fb3be9183842185aa93dbe8e612b72ff962be7

            SHA512

            772635f95eaf12297f8c36d94fa2d91cec790ee48df9e5838973c2d30bf7f9895cef90a9ed245fddca34dadc8d6f07706f9b9f504bb40ae88560782e20038e86

          • C:\Program Files\Java\jdk-1.8\bin\ktab.exe

            Filesize

            1.2MB

            MD5

            40888a7a712b20c01fa7769d40789783

            SHA1

            a67f0aa4a1edb7dc670da377aeab42aa0dec47f4

            SHA256

            8f7729b67395f23d9854fd89e00658693c58e2050ab20ed080aa9305b5e3dac1

            SHA512

            569f86ef1133ed1c6fdea7d3224e9428ef66ca7710c0af9320b436b663e8d37d98325e56437504f9b9c4fd1facd19ee8a6cbd5113f9f89d913a5d133fa108cef

          • C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

            Filesize

            1.2MB

            MD5

            7b8caedba21cb1e923c9ef04e2341141

            SHA1

            3fd28a72264209b5498162f42a4de61bb373c698

            SHA256

            a7fb14ac17ef3522a53fb76a6b3520962db30a21ca8afd55ff0e67009c4107c6

            SHA512

            8e7854fa7911d4b2ccfbd765607531da276ad963f28842ea374177b4005a9b5a9bff06b50ca730dcd97b9a435dfd19f8d3e34f5be45e2cbb8ed47434d22159b7

          • C:\Program Files\Java\jdk-1.8\bin\orbd.exe

            Filesize

            1.2MB

            MD5

            522d3afee14b5dbbb0242e3f11619033

            SHA1

            894c202fed2f34018bd22c26be5e40c932137295

            SHA256

            80ead026b46ab8ad3c6245fb6804b801e55974d0ceb530baa26359b9e316c4d0

            SHA512

            cb910e2a545ece599565efe72251ddd44acea5f68f780b07e5f8096d010053253fb850eb5e8b52457988341e501c6caec3119412c77cecf84d1a1de70accf836

          • C:\Program Files\Java\jdk-1.8\bin\pack200.exe

            Filesize

            1.2MB

            MD5

            3124b98a7af562012b492d79e6fd5869

            SHA1

            15745963c331562aa1c04dc919c8040069dac1f5

            SHA256

            c19ca9df9286e2d64d19840515648a7e634fa811373fdbcbaf1ea196202b4fa1

            SHA512

            4a271c253c967121e64ca8b0f131bfda8298a3765983faefc77c85e90f9923974f468b0b5ca0a1dc506c26231009e6ebd1a96b2175e6eb63678db09f6e28cfe1

          • C:\Program Files\dotnet\dotnet.exe

            Filesize

            1.3MB

            MD5

            c00f2d600021130bccd657cc13c8593a

            SHA1

            3d065439c4c7756f2abe306f7407488d12daed7d

            SHA256

            b1ae7ee7edc62a733b2d44ef59af9f8a2c4219dc3f1e1e8ff18d3be511179e22

            SHA512

            40859a367cc2f68bd4da2034e8f78fe1f1552df1fa5f659cfbe8fb757f7029d3d92db3f4f1083708a95cac1c59089f8a39a671a0c3e7a02e359ede3efa295952

          • C:\Users\Admin\AppData\Local\Temp\2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware_PCULog0.txt

            Filesize

            839B

            MD5

            557841e95408e3d79c682c237ddb344b

            SHA1

            b8d56437b2ae2432b682c682bb358efccd14e42a

            SHA256

            37aa5a9708733ddf9dc955a1499c7147a454582b709adf19db7ade8cc35b705a

            SHA512

            d410afaff23c2d789342d5dcf02a7f04c125c7ad10a5361f3e089704db475e4c4eef4b452ae6ab8e645425756c6e934dbee3a3742f4192d8295efc7b0d851e28

          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

            Filesize

            1.3MB

            MD5

            8624816c7c30fe9cd529020a246262d6

            SHA1

            3b74a466a9dc37631cd448bdc63f00e35040a2c1

            SHA256

            e7799b3a291ab4edcd3eebed1be304ba41cd70217d85cf8e8329748410df176e

            SHA512

            9263993ce2a861a9316f5f8fd0adad9a19b7f28640ed1efc69dc54b5d0fef081d65549b39ac39924caf23cc60895fee924f2e77fbc0b5c95378943319d407a49

          • C:\Windows\System32\FXSSVC.exe

            Filesize

            1.2MB

            MD5

            0c1b9d46321d4c885fee963d9d108640

            SHA1

            4da7f8c31583207a08f144b27848cfdac5283b89

            SHA256

            9bf6ed85ba5828c7b4ea836f72f52953b8b5da06af233d2710a5c1ed2815c5ee

            SHA512

            76d17e205a3e0ebcbc82bb3691ad6b6d19aef77de2abcbea98dfc9129bc559593f6bd724cd7971080fdc9e661ba0f5a336def8570053dd0b369c5150b25697fc

          • C:\Windows\System32\alg.exe

            Filesize

            1.3MB

            MD5

            092f0a0b513c14f2fbd49aa859f81b32

            SHA1

            4eda97ff650aa850441bd6d6eba558eaef43a5e0

            SHA256

            25a4bdcd000b6663d279614d5df43f34c02c1640fbb282df0ff9957310095fb4

            SHA512

            4520a5f05d797b932e1330c96123bcb3c6862721ddeaa5185e226b685cc86d38e895f827a0dcafe9736edb533141059bedc2f4df45bd5cdc04533870672d45ba

          • C:\Windows\system32\AppVClient.exe

            Filesize

            1.3MB

            MD5

            9a57d015cdc51282612bc915f790ae15

            SHA1

            663d09979f3dd1af4f58866996f12ccbe91136ac

            SHA256

            5b7ba6068fcbfb83ef8837fe5e5fff53dbd09c9379732602854b962819a5b5dd

            SHA512

            90dc347777c019489eea67aa5bc7fdab9c32efa010c712ed5f963f7b3dc62fbf1ad0532c4d0336b06fb8d4d38bf10238d5bc02ecf73573eb31989dc5e5c38448

          • memory/888-47-0x0000000140000000-0x0000000140149000-memory.dmp

            Filesize

            1.3MB

          • memory/888-39-0x00000000004C0000-0x0000000000520000-memory.dmp

            Filesize

            384KB

          • memory/888-48-0x00000000004C0000-0x0000000000520000-memory.dmp

            Filesize

            384KB

          • memory/1232-90-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

          • memory/1232-281-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

          • memory/1232-84-0x00000000001A0000-0x0000000000200000-memory.dmp

            Filesize

            384KB

          • memory/1232-91-0x00000000001A0000-0x0000000000200000-memory.dmp

            Filesize

            384KB

          • memory/1416-74-0x0000000000D40000-0x0000000000DA0000-memory.dmp

            Filesize

            384KB

          • memory/1416-80-0x0000000000D40000-0x0000000000DA0000-memory.dmp

            Filesize

            384KB

          • memory/1416-70-0x0000000140000000-0x000000014024B000-memory.dmp

            Filesize

            2.3MB

          • memory/1416-280-0x0000000140000000-0x000000014024B000-memory.dmp

            Filesize

            2.3MB

          • memory/2996-277-0x0000000140000000-0x000000014014A000-memory.dmp

            Filesize

            1.3MB

          • memory/2996-34-0x00000000006F0000-0x0000000000750000-memory.dmp

            Filesize

            384KB

          • memory/2996-33-0x0000000140000000-0x000000014014A000-memory.dmp

            Filesize

            1.3MB

          • memory/2996-13-0x00000000006F0000-0x0000000000750000-memory.dmp

            Filesize

            384KB

          • memory/3104-71-0x0000000000D60000-0x0000000000DC0000-memory.dmp

            Filesize

            384KB

          • memory/3104-73-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

          • memory/3104-59-0x0000000000D60000-0x0000000000DC0000-memory.dmp

            Filesize

            384KB

          • memory/3104-67-0x0000000000D60000-0x0000000000DC0000-memory.dmp

            Filesize

            384KB

          • memory/3104-57-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

          • memory/3988-282-0x0000000140000000-0x0000000140170000-memory.dmp

            Filesize

            1.4MB

          • memory/3988-117-0x0000000140000000-0x0000000140170000-memory.dmp

            Filesize

            1.4MB

          • memory/3988-107-0x0000000000800000-0x0000000000860000-memory.dmp

            Filesize

            384KB

          • memory/5692-103-0x0000000140000000-0x0000000140170000-memory.dmp

            Filesize

            1.4MB

          • memory/5692-95-0x0000000000C00000-0x0000000000C60000-memory.dmp

            Filesize

            384KB

          • memory/5692-101-0x0000000000C00000-0x0000000000C60000-memory.dmp

            Filesize

            384KB

          • memory/5692-118-0x0000000140000000-0x0000000140170000-memory.dmp

            Filesize

            1.4MB

          • memory/6052-0-0x0000000000400000-0x000000000083D000-memory.dmp

            Filesize

            4.2MB

          • memory/6052-68-0x0000000000400000-0x000000000083D000-memory.dmp

            Filesize

            4.2MB

          • memory/6052-6-0x00000000026E0000-0x0000000002747000-memory.dmp

            Filesize

            412KB

          • memory/6052-2-0x00000000026E0000-0x0000000002747000-memory.dmp

            Filesize

            412KB