Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 15:41
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe
Resource
win7-20240508-en
General
-
Target
2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe
-
Size
4.2MB
-
MD5
507a69e2e39842d4c61fc8921caa7a06
-
SHA1
c98f080b1c9a7e07f8dc29375e389ffd4f679137
-
SHA256
57a4840eb5d84e204203b91dec4cbcacaac6b16b0f98fc8c0c116449210663ef
-
SHA512
71ee42631da6d520d7fdff715506dbc6cfb9eb449d357f8ec357c423ce8eeb5fa24d52c7ee62da298ab0c53195d8be4d228108c03ce6b714a8a173c66a5225e5
-
SSDEEP
98304:+V39EaaOtgsq30ixcRgqbCdb78lEf4ePD32JqVFV3C4ws:+VtEpcu34ePDnFlC4
Malware Config
Signatures
-
Executes dropped EXE 7 IoCs
pid Process 2996 alg.exe 888 DiagnosticsHub.StandardCollector.Service.exe 3104 fxssvc.exe 1416 elevation_service.exe 1232 elevation_service.exe 5692 maintenanceservice.exe 3988 OSE.EXE -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\dad0eaaa293b476c.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe File opened for modification C:\Windows\system32\fxssvc.exe 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe alg.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe alg.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 888 DiagnosticsHub.StandardCollector.Service.exe 888 DiagnosticsHub.StandardCollector.Service.exe 888 DiagnosticsHub.StandardCollector.Service.exe 888 DiagnosticsHub.StandardCollector.Service.exe 888 DiagnosticsHub.StandardCollector.Service.exe 888 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 676 Process not Found 676 Process not Found -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 6052 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe Token: SeAuditPrivilege 3104 fxssvc.exe Token: SeDebugPrivilege 2996 alg.exe Token: SeDebugPrivilege 2996 alg.exe Token: SeDebugPrivilege 2996 alg.exe Token: SeDebugPrivilege 888 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 6052 2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6052
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2996
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:888
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:1196
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3104
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1416
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1232
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:5692
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:3988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5550f9e35ca519d60a4c0f54293edc904
SHA18a6398b11c29fcb96cb471565215b5fb3389177c
SHA2561fb6e5bbf7fd587a4804616541b44ceb84bcd0179a7084d3c33b6a51b8c36333
SHA512b020eb5d9d5ba854ba1aa6dd7bedbf79ea73bad5a71ac021046805386d0425632aeb0c1b80188e420a3d6de758923407577d4ef80e71e1a5cfb9cdc2544cb3cb
-
Filesize
1.4MB
MD50e4fb0c037a103c5debef5b073b76f8b
SHA1791c7f52f63a3706a8a06b401ccd3e7703202630
SHA256b5ac65e9bc434410652cc461f72c8499c7037c1fed661d6a7859ca13dc832b0f
SHA512e53b07d6ab580454ba97141b066ab105048ebd761ae63cf80cd1c5f4ac2f62e654be351af5104453d4830ef6048fffd5a774d4a0da96ffb6fee9f10938283e10
-
Filesize
1.7MB
MD59d77e3e3144ff3f7baa3103fa2722f30
SHA175b2b1227be85cd44700245344cf1ee500736a23
SHA2567374d5b17e7c64bb8d88729d8f6ed6bc5e9461cb6287f829d01526ab087a6193
SHA5126a799915d57f7a47529aea09f4a7d56899c2d7c55f53198dfcd3b133f7a0ab40122396a86660b6a4a1dde466703adea476b195610d39344425b94d5bf137438d
-
Filesize
1.5MB
MD5e3829ae568f22d544ddebdd01cbe334a
SHA14a36691cbc1d7ee8c15e46d4cf8c14c691068da9
SHA2561e0c3b56af0fe1242967d64b08b43e72dfeda2d7635f5342bab414cc4d51f2cc
SHA51250f57a33cbca2f8f7cf1d1de82617bf5e9d3f6ea3d046813db086212fc3ac28dd51a85216a0a0f6e3b21db79364c65528f870842a2f900c5fb646c3ef42cf8ff
-
Filesize
1.2MB
MD5179d61ee56f93d68468792b4b4542983
SHA188fcc6369e482656d81ad858d373dd35affd94df
SHA256497de82a4741e0f800dfbe991b41996ce16f8a3c86a943cb760cc179d27679bc
SHA512587f58315979240a578a08a8f1ca19add0be2351a816bb9d69c491354b0749ef1b198c40a4e082371bef79e68fa01c8372d5bc78efc25923ad6e7e1c2cd7fbc0
-
Filesize
1.2MB
MD5f79e2b320618a942180c73d5606558b7
SHA146d699ad61f16256b84f08ee79c8233d2ccb6cb4
SHA256b59bca66a0d9ed48a16b599c6f63e8b8cbbaba5e5810303477423bf0312492cd
SHA5126ac0fb9d1f8ae3fa3dfdf4cf3a3a9c0749f1ffcd51914d78c86fb1ce8b6dbd5297d4e570e1898096bc5af3ddd3933d5dcfdb4c5e16ca56641602de743b1c5ddd
-
Filesize
1.4MB
MD526fb0a4c40424ff4ef4b24d46a4b77fc
SHA14e75c21b3c6f7d7fe76699c7075196a34a3ab3ac
SHA2564a970aa19692d85b6b8ed0d130146b456b9aefa148222b5e1b9f1b8a508e15d1
SHA5129a0be8c42fa199cf874bb571144dc36243678e0be9b0c95db3f8c97d8b6873da378e53b6bd283d65d877b308c44bb2d048a25f5445c3de02cbb90c7f902a1961
-
Filesize
4.6MB
MD56f381a7d00892070395fd19aed28be14
SHA10987bf5a47fb6286d8600b758b9353bc472ff567
SHA25694b607c4acec1a7279a4deec6eb77698df6aee0d66880ab005c3f114efa22bf3
SHA5122aab1904a1c8bbef47578bdccf423e472826a0a4e6c8632211e86059b140e28930bc34f63a8ae480b8a17a71212b1e9529fcdbf1b9001c031f3497282062382c
-
Filesize
1.5MB
MD5fa0d51da8df9fee703c4c72d9419061b
SHA14dc474ef4046e75c66c397d2480f310e5c7d28b1
SHA256c3b52ca164627deb77667567f66c3a54c60d6915e65f5a5f4cf8a2ba416182c6
SHA51251b84afb85c5a1766a652c55f0da6e0b32b3401a3170df125107ff2b6986436863cdcfd22571228a509f532b91fe13ad1d83874464d1140241cd1ba1260937b1
-
Filesize
24.0MB
MD5c2ad8c04617a7934c674373e81cb79c2
SHA1aa5a1f598d59c6eb0c9bf3151eeccaa58b4fc9e7
SHA256bd639d27972b275ec0e5a25abb2796a3013935dc96557f815b61ac5bbaaa8fcd
SHA5124f084324649aaa0d33d18d742f9e9d06ddc134d2db4c587ba0a1c9be2ae48e2f871ef3755f5e2193cc5856675dbb69e937898a53474aaf5eb3f05b18a7d0e50a
-
Filesize
2.7MB
MD580a3e7e8f8dfddea18f68b0fb7cabce6
SHA1747e14918822958f4fb1b5ca50a02635297319e0
SHA256495cf8fcb54b4adb0fceb2d7353ebfa864001e8a037ded2eda62092be9407c42
SHA5128bcaa1d318316bcd52f01b740717ca44ed84a7e923bec0eaa9cdd89b2c73592ef2fbc7902e77474e445d556364bbcca5d92ddffab65ddedefc91179d44092ca0
-
Filesize
1.1MB
MD5e13eba57496ddfd54b6cd185558f4c03
SHA1af7699a53d24f5ab37936cf76bad96ce2eaaad33
SHA25691cc97d17f3f50a87c52296e59dbac8698d23f01ef97bde062f06595b3cc7ed1
SHA5127a2ba9b36a9dbb859d60fbabb435d0cd8eec62285822e584a51ba896a895eda2de66198c4d824b42aea3bc769a0be40ff2d06fb29dbdd97a5ef95d847a0fb814
-
Filesize
1.4MB
MD50c88bbe9eb1c21a281616160416f9012
SHA18e48874bcedc33dc80f466e1aca28a7ec20c9a8c
SHA25692c6928db16d4eb86fae2f5045c137b584260fb78488e459de0e230fb3391d51
SHA51206e981dbd1189636496709e16ec2f3c72c5f2e36b6c8ae2468675908c4a1ee99da808faf67fa124752afa984d6ecf6e1975cd10c5ec74f098bccaf5eb9ae46bc
-
Filesize
1.3MB
MD5e2c63e0f110534aca92118af252392a7
SHA1ae8aca84b5f551e5c3635e11ac9f00739df033fe
SHA25698570139d2a2e22203bb6a04e48d359b42b88931f76aff259a77772a8b68e5f3
SHA5129fafdde2ffc6a6765f3b76656db68c35baf1f735b495f7c2d8e5f226cbcb832009e6c1fb00e9cc81e9023ff7d16b5e6cfb9fc52cc91c5a3b772a9d5229ce4189
-
Filesize
5.4MB
MD5bf182b66d54b315defe5d15259da74c3
SHA11217a8a72a24375a0071adac283de870e85f45bd
SHA256eb824eaa988b30266c722f570e56d4edb5d4160f963f14683f972ab3f03675e3
SHA512497d14db134239349358d64b7c766f427fcd9fe705ac60d469a113e37a65287917b1fe14488322d6e6b26a906d2cb3d6c4a31a2eaafea6ff4c9ffca31106b284
-
Filesize
5.4MB
MD5334d6ee6e8fba5324c84323d47ff72b3
SHA188ba3a71093faf5dbf40dd0cf8944774863d5a7c
SHA2564f3b3f55311c5eb66ef0de3ad6a13c78d6dce75fc424448cbd25ef587815f0aa
SHA5127bb438a70d8438d6c87053222c5803be253e3d77c907147f772ae382f1a47c5eabf22301e7874155196c7609ddd525c135a1e1e74f141492f28b5c9c81cdf9ef
-
Filesize
2.0MB
MD587b919ec8cb92b7487e9453b8c1b4db0
SHA176a876db79470c0eeaac22ac69a16fa629f36549
SHA25690d9d3e9c1947ee4a05787c683ac97ba999dc10fbae8e766a065e088d8380acd
SHA512c4147f4970126b5267c69d72edc15bafc1fb26ef491f4ba6c38853b79b6d94f43f1858465957c86e99481c0a8b1786f8175749ad2c30df9de70a3bcf85bf4c7d
-
Filesize
2.2MB
MD50bfba3d2cf01f58f49e58ac3a08e212b
SHA145c8b568825fcd35d76cbd7f1cfa3d573a7c1d9a
SHA256afc1519c879f7240f1c7b82a11bb4ad5533b33a4a27600c328bd61e3c2839a55
SHA5121388329704e23836e65fad2f0f5f6311712f6ce1c475f06f77be84a5811e89712f06842487b05f943008d28a9668bd3e4cbe6c998a1bfb140c7d20dfbe44b72e
-
Filesize
1.8MB
MD5c5219a7c1891922dd693dec8dca7d5a9
SHA165114b207afacaa92bd91c0f20bfeb9a27d7cd5e
SHA2569921fce633dc4851125428233321b76c2ab7c9f07b32d45253a6951ac266bb17
SHA512d04b370f72004f9bc504f32aa4941c69b852678022fe75fcbbaebcde30e4ef3c11c8a625ca14c2a9a4f994725753f29c3e6d72415c2058a3c2cee6d8f8862150
-
Filesize
1.7MB
MD59e9da6feee9ff311c57baa7c1f8a86ba
SHA11676487fe5fa287033fc983a789a2543ab19856f
SHA2566591956bd6b146e8d5462bde11c629e6ba8409a251015a199997106a5991265c
SHA5129bf1fd7bdf670912ffbbd03e303636c0ac3c8aba30804c1a641cdc999c8fea8e95d6148b636b70eab63a6ee8437496c50c4e7c799c06d0d0880396dbbfd21816
-
Filesize
1.2MB
MD52e52870b508b6a1c20f233306513788d
SHA1138b8c7765548a9d6bcc3427a5ad1c9509098ef7
SHA25669b42967a5e6722828fa29211241520734ba74794c78f1e3c6bc4767e8492ebe
SHA51208b98713f2d95bc4a9c50f0924ac4c4606e9a5c2700c2f1448733b5fdaa8fa4aac7ec3ec48860505e32baff4c01d2eb1380e0a34dbec151576d1bad13954c70c
-
Filesize
1.2MB
MD574e8f8aab12c548279156f1374ca6ec0
SHA14dbee8406d8e5143936b257fd6ad8d32d90c7de6
SHA256a9026f5600341473240d52f3efdcaf1c06956b3b29551a2b6f5f7429816bac1f
SHA512e33701f35f2c9331f98be2f5d363e2237426402979de5df9061d58721b4f79127a606e5afe6de6932bb0fa193956cedcc678f664c60861e033ec2cbf5774a505
-
Filesize
1.2MB
MD5c273e563340cb0d3661e9d35b31c4cc7
SHA1d9149d86a508d334d82979843b5eef4a3d05da7d
SHA256691dd1b06fd07506d671337f0cecf06e71a20a1ad9fe886d78c36db4092838e8
SHA5128b0eaeac265495e31df88346df641727be5d7e5a3cdc2b17de71ca26be059ea430512688b4f01cd01177d3ccd900e7961ed5a3d20df5b993cc384143677019cb
-
Filesize
1.2MB
MD51b076f8235c1bedad0817b42b8668cf1
SHA1d28368ab0cffa4acbdd6aa3a1b5ecf4a58d97387
SHA25670f99a091110e558e732a26d1c0b6f8e1b4c82152a92038164fdedcfb668296a
SHA51288912e9aa1cd23d8540ee495fbf451a167e72349d0623a0e963879d20e79a865d4b852f6fd11e8d2f3d20f3fd0699575c741dfdb6b72c54fe15ffe1d7d338937
-
Filesize
1.2MB
MD54f572722b57e4cc11b5b07e59aa5ff56
SHA11d9924e9b7acfd3e995319f51f85fa967cd80cce
SHA256e048ab5330f099f3a660aa3aff67be386b77aec89e6cbc49c7e9f0c8109a089f
SHA512749e33eb0c3f350af5a20ae2384caf4a24918fd318f99f79f1b49fef2a356df0fbde4169a842666142c4d0120914937ae201563bfb7704e3372f5779d0f1b7c2
-
Filesize
1.2MB
MD5e95c936ffe1dca7088f4c9a14cf78f29
SHA14e2f6ac9089ba66b42631df3acd281f402d05dc8
SHA2568338a89137726a207f5a9bbf0f467ba0a5aa876dcea4240f25aa1dd5b072678d
SHA512cf9f185c40a0fc2307a043f533854bd2e026a2f5a2d00c3557fcbbc0b1d7cc00eebaa7fff2ac8c33be7efba556ee6573f0ef35b5c16f7694ffce8ff6db896dc5
-
Filesize
1.2MB
MD59e616ecd110ce9b7cf6154cdcd6bb7e4
SHA15c4284a4299ce78715a1c90fc3749ddfe17d87f4
SHA256a688e0d6bbfa629cb6e718194634b0fd2ad699386be42e99d5e315fe225f0e4a
SHA5120f1e1aa00d98264e5df4d295a1107897c5d65dfca7140fedd6f07c61566ada657c0f5ef91e59ee2e777359fb2de4d2324699212ff4ad133748ab92b3dabab6f3
-
Filesize
1.5MB
MD5d07ba3d631f5b0c77c9a33b30c1e19a1
SHA1b3e2f9ab8410f908c9b1629109b9564695598275
SHA2567d69fce000046a97cfa20dd0d27a0926dcf4954e353db8db60c4c8b9813a734e
SHA512a1c38b8051bc48f21ce63ae6c9e85fd717a46a6ffffe3ccc6be5c399ef0b0005165b3d2e97d9edbd71b79c4c2e3ba1be39d2789f5613636e701c5aff0c0c5475
-
Filesize
1.2MB
MD566959fec249aa78dfd00356e638e1b4e
SHA13932f2a09d03e91fd8a3a3a79b1b2147c431bca6
SHA256fb63c467cb9fd1a469ea7414a44f1efd9df3f5c188853eaa3b2240066320ff4d
SHA512f54a2a78e253cfe0fc59105b710acf3f2bdf905278f89771ee6955ad5bd0b74dc61bde28cf42481227a3a2b64c453a5567eb39afcc28e9c665ca5efd3858b9f4
-
Filesize
1.2MB
MD5cb856c6d8361b03bb6470dc9354d55c5
SHA1ba166550c29d5113fdbc57a00091cc95990b6570
SHA256e01de33a56e346d536a42f6d90fb3b7eebfe79fbba4748b346d411c2d269a832
SHA512f539561b98658ca9c56092b0e07538a96f8a8f000eeac3247d61416c59db98e34de6a239e71068f829bed82953af6efac829a72c1d47fea10d265883142f5633
-
Filesize
1.3MB
MD5348dda74cd514a9081ea0713ab7e42ff
SHA1a8a4a246f0ff221f7ba942e98b5839f631d0c4b0
SHA256d428df58439357a596df7e212b560a9ca8cdf49d0193e35ec9f4aec822a70ad1
SHA512852efc598252e92377b8a334e2dcd4368974601cfe3d53a12c6ce23a0cf4a2fc3cd41b08f22cd8795d408d6904e58de5b5b28d9d98d423d01e0a58224ec23de5
-
Filesize
1.2MB
MD594a48e8e49b902926f0c1176de8d7eb4
SHA1a3a1c4d061db5af9836cf78702f74160192b8cc6
SHA25654144b4a23108c357bde833c43801e35d5c6d87e5dc41907af7281da79359d32
SHA5124e54406a4e800e2dfc1680966d0770be60fbdce1158bd08f755268e77a44be09a6aefd66e997b39cfcd148b8f40b8882faf0d70b6776d3d9a5dc15febd1c7a46
-
Filesize
1.2MB
MD5b7a17edbfbd77b14a2e12c5ee7be0490
SHA17b0687cbe49ba01f6b3f263e9f8550352c20104f
SHA25694088a0cc52765765f385dba1ec206fabc15019613df2fb7375d6729421d8fd9
SHA512744d925484961c0510163f27937a54f0a74a84d4e24db1893dd0312c1f3616af1ade829894accf93a1b3ffa761db917d4bc3e36a0a1e7cec1bf9c8d70f4d2b3c
-
Filesize
1.3MB
MD5aae60946f453848e801f88bb8dc8cffb
SHA15d1eb08155af931e2b17dc3e1017a3efcd672297
SHA25606c459d5de5da6262d1b7ad8249b8a58db996a066e39889032c58b304a17e432
SHA512502f3630b9d50d3245c2231236ca64751911bb61afb3257eda0136bbfde0bc6f8880af076910a54351d2c620fffc73da503db5268f83a88151fb7eb401c5266e
-
Filesize
1.5MB
MD5d2def9ff984b3575d9578246fa2f9162
SHA1ae289de5438659760c27c3f8958d9d26dc7af55d
SHA256e748ca771ebc364d14e44d7f951f39108d62da3793d21bde1a9bd2c5e5f55605
SHA512789d1a77c0f86d496700ad48b7fbb239489ce5a5cff04b372d864839f5df81c68703f78f3d7565f5ef08066087e4b0d82b00af89f1e3c3dd0ccfeb6392e942f2
-
Filesize
1.6MB
MD5ef75d9520c2a2a4f86abf15748939ef6
SHA1af212733a11970fa2c94e9416118338267f2ddec
SHA256d258c29b2fb920c482dedfaa76b7197249e3a5267a0f861dcdc8588a6b39f070
SHA512be04f223c9e48ca42b48ec5f4226c98e90061a6f5a8df57b7406cc9d074f1dad274688f4f10d109e342619b88f4550f630110a49270e027af2fa88204dba3916
-
Filesize
1.2MB
MD57c48fe40fb40c5c664a04bb569978a6b
SHA1138703baee9495f93f6c5dd5154fa0cc194116a3
SHA25607464bf8e0a881080415f04888cc5cb636344762d3cbaa32de4dfe568729e206
SHA512e0af0af265d79b663fc6c6c886da57af63c3bcbf507b313ac44ea10d8ffbd74ac4f3f4db0dff68e2e07e91d4ff37fe59d8bb1128ddd8f3dd286a4e075b32c2bd
-
Filesize
1.2MB
MD5563b6c667d75acdb50e55a0df26ac9a8
SHA1f4a2a52c77119da22986a3938e2812a63334cf6a
SHA25641b7b53b62155fd119525127b1722f289aa39401ad2e5a1448c8124a86d88b0c
SHA5127a59fc2c67099dddcc1f6002bc51365c454ce10f56bd2d7567e8c819af76f9a684967d5ff2fbc576c59f3d003359aef0a54c0ffaf4d058fa6a42b50ad88a1d38
-
Filesize
1.2MB
MD516af37ac1087aa064737f7c0e706eca2
SHA1d496b2dbaf1ce71c9847ecbb485baf7871ccce02
SHA256fb0b5378af68351670b8f8b6ad5b70715206f7bd41c2a52df905a26dc133e86e
SHA5124bb2f5fcad3803496250392b5c1d90fd46fdd6087d2279b4f99e10e0a481d2677df0bdb1e1e80702bba6d757e6a0a50c604e34f9e9f05229b28dc4c098422f7a
-
Filesize
1.2MB
MD555851a3b8c18da1d62b70669a3d0d8a2
SHA194bf42155996676bfbeef4db956ade3312917ccf
SHA256ef201ca93a816b9be252bbdb25112e3b03dbccdf2283066d928d2d18e277a280
SHA51283f60c215662c6134e04d640ef1c4301f3d1da742b762ae5e65676c7c5b6859f70bd30469b9042bf068e729e6495395996150fe7ec8cb358db3dc9c6a1a88761
-
Filesize
1.2MB
MD5bdd61537e6dbd59edc4540b5b719ca29
SHA1339cb287caf8c05cc412f9741bdd963269624271
SHA2564ba3392121b47851cc37fca430e0f4a7a47502fbbd526ac611950a47451e333c
SHA51294549ffa42a3e5c3f4c4a87e27d75c965f931a2c38ab60239c8b4108856b0f58f38d7543a1bb5389667ba0da275848c5734cafbaac5f6b252bf6e5788c27d9c4
-
Filesize
1.2MB
MD5f339012440e59a25a7c8cdf1b6f2cdd4
SHA14c5c211bcb6b9d8d6c74d6fdc0739031aeae8904
SHA256775dc7419a66a3fd5ae67e940d87da3bce7f2da06c07c128e59b2ca1e138282b
SHA512039cf6f394d000096936fe59b2f791d9c131d4b116a6fff8d85c2fdd2dec587fd35375068df7ddee62dce63d7c5d2959a199389dd17ed25751a1775ed991a941
-
Filesize
1.2MB
MD5b32264eda24c27e7ee95d02283e5218d
SHA11b9a124e40c0bb67369080ff8a46dc07e29fb16d
SHA2565a4491926bea9b077dbcb3d2f56ce8788743afb2b01f749943a95795196c39fc
SHA512500770714eb7e437b25077fe3d560d3a646fae02407977a0927b6730d12b196a3a49e668e532b9681ff6e7963ea73a7a43ab6b32836404e2eaeecf3b5ba55433
-
Filesize
1.2MB
MD5c96751e69ef3c4ce605aec5a71bf6de9
SHA1ae4f1b44af749595acbedd005ddc4019684437f7
SHA256803310396f6bd5e00c5e51ae4fa1cb3acd051f1302d6357ed2d7c01364a0eed1
SHA5128f3a5a9a6b4c6120806eeb27333da8263185f9fdc102d0e6d2a5fefbefd507e88acb4f1d7cfe6b736c643a175c2dc53221b476ff23eb0eb83ba9a24278ff12f7
-
Filesize
1.2MB
MD526ff8f2aa5548da4f1b3af146fc1a428
SHA1cfab5507223a53bcb140547d91ed97195be64316
SHA256a5af903ba649a16820426cd79620653b96a2505a56a4e976e810e8cc87472a52
SHA512d47a3551394dc12ee9fde67e0d29df340fe0d775d0e611bc45445eab39b8b80c0a194344f93fda76387d74163292a52f264f6267e2bda347de112d9d1bdc9d9b
-
Filesize
1.2MB
MD519b9a974fee62d6632016901ad6970d9
SHA1cbdad189f96d15e1a4a7396b8568364a351f2e47
SHA256fdaa33df56164c4f419dbef431b0163efb0df71852322d23ac8145794aed2803
SHA512e1c8514f35527022c3830f98f0813adee74593114384f5919f18991da46653b7a0f48d9be7f8295a1d3604f6fcab94d5cc3b7441e158cf6a994296fec502a156
-
Filesize
1.2MB
MD5465827278e53ae02aa4423820eb60a6c
SHA1961099258906a7b0157835aa6a9d86871df209e6
SHA256c00bec00d20939365447faa95763aa0d092c6d6de882864110d93bccee366323
SHA512f89fe57082b6234116d068702b9785e18fb98757015e46e86c93a63e784ce3f50d347dade62fce8b29dad82dc9fc4f2f3b62b67bd12e81580975bd7d578014fc
-
Filesize
1.2MB
MD5e3ea22c2a6290731861e00833e886815
SHA182d56dcd9ef993aa82c986f9cb52c06d71e6b4b5
SHA25678ed675ebb50a211c9c354e909059fdfa2d9d4a00b63331b115d2c514f0fa8d1
SHA512ed7faa3038db56b6f305e3ae2b63b5bd1e4a6bf7dc5c529bc3566f021b545b50cfe418f4acb186103ea098ba1a89e0576592b8b8c71d0e45330b59d7e438cf51
-
Filesize
1.2MB
MD52cc57767c70538a24dbe60b2769ed3d5
SHA134941f8233d33f643439caa85410afcd837b4fb3
SHA256cc00f297be4bb9040d7706fb870d26d6af6bf8f3986cea31269d696206ff965b
SHA512149dc4ad5d9ce2e21923fcdb82c2ef34331fd7f20b4e694088d5d442aba1106f3aa0b71fd6fb8e22d8b83118d84431b939bddf1ab0923ac0da9598642a583c4b
-
Filesize
1.2MB
MD5e0aeae7ee0c935b692d2b088a03a5f72
SHA19f5ad06c50f320881e7a122095873325173b7832
SHA25683ca2d71649ace14e82fda5b0792c4275c7f00797aafb1edc4a7bb2b6d85ed30
SHA512d7ec4ea5e82a9ac2848f2cfa523415fd507d2c22bf0ca94b6a39beff4acd0a0c563cb6f4779e5568f8d1f95fc1b9c9c53a1d47fd591163b131b7e82f000f73c4
-
Filesize
1.2MB
MD5a99fad652ce8cf61178a43f58fe53933
SHA1a3158b38565287fefb8a4457989505f8d292948b
SHA2569817ec4cdc858bdf81e49beac9429261e998ae0f0aeb62c86b689a54f15740a7
SHA5121d495506ff192ad7f150d00b418074bc76d44ab9cb3af29c9f95a8cdd11d5177bdb5ea10430316c2d9494672f86c12f3fd23e0e1975d4931789c15bf5396622a
-
Filesize
1.2MB
MD5c258f3af2ee056570ddc7efbb182d60e
SHA1408c25d6da8a00389ea7ff9df9037d6ab9ae21c3
SHA2560b3f432677829d21a41069afe442f187d46165181a5dd496978d2d14d6be9cea
SHA512691bd8299d72f89d212f20cf6cc78c24e78b72e699ea42e9da4c3b7982e956e49268e52ddb79dae1d9822b73b55e7dfa1d8251d861f4b0b4dedde494bbe397f6
-
Filesize
1.2MB
MD5b0b9c8eec4927d63324b609959285238
SHA1ef092042d149c92aaa8beed1a115989acf01f622
SHA256afd97c3e434084c2623efb01f1fb3be9183842185aa93dbe8e612b72ff962be7
SHA512772635f95eaf12297f8c36d94fa2d91cec790ee48df9e5838973c2d30bf7f9895cef90a9ed245fddca34dadc8d6f07706f9b9f504bb40ae88560782e20038e86
-
Filesize
1.2MB
MD540888a7a712b20c01fa7769d40789783
SHA1a67f0aa4a1edb7dc670da377aeab42aa0dec47f4
SHA2568f7729b67395f23d9854fd89e00658693c58e2050ab20ed080aa9305b5e3dac1
SHA512569f86ef1133ed1c6fdea7d3224e9428ef66ca7710c0af9320b436b663e8d37d98325e56437504f9b9c4fd1facd19ee8a6cbd5113f9f89d913a5d133fa108cef
-
Filesize
1.2MB
MD57b8caedba21cb1e923c9ef04e2341141
SHA13fd28a72264209b5498162f42a4de61bb373c698
SHA256a7fb14ac17ef3522a53fb76a6b3520962db30a21ca8afd55ff0e67009c4107c6
SHA5128e7854fa7911d4b2ccfbd765607531da276ad963f28842ea374177b4005a9b5a9bff06b50ca730dcd97b9a435dfd19f8d3e34f5be45e2cbb8ed47434d22159b7
-
Filesize
1.2MB
MD5522d3afee14b5dbbb0242e3f11619033
SHA1894c202fed2f34018bd22c26be5e40c932137295
SHA25680ead026b46ab8ad3c6245fb6804b801e55974d0ceb530baa26359b9e316c4d0
SHA512cb910e2a545ece599565efe72251ddd44acea5f68f780b07e5f8096d010053253fb850eb5e8b52457988341e501c6caec3119412c77cecf84d1a1de70accf836
-
Filesize
1.2MB
MD53124b98a7af562012b492d79e6fd5869
SHA115745963c331562aa1c04dc919c8040069dac1f5
SHA256c19ca9df9286e2d64d19840515648a7e634fa811373fdbcbaf1ea196202b4fa1
SHA5124a271c253c967121e64ca8b0f131bfda8298a3765983faefc77c85e90f9923974f468b0b5ca0a1dc506c26231009e6ebd1a96b2175e6eb63678db09f6e28cfe1
-
Filesize
1.3MB
MD5c00f2d600021130bccd657cc13c8593a
SHA13d065439c4c7756f2abe306f7407488d12daed7d
SHA256b1ae7ee7edc62a733b2d44ef59af9f8a2c4219dc3f1e1e8ff18d3be511179e22
SHA51240859a367cc2f68bd4da2034e8f78fe1f1552df1fa5f659cfbe8fb757f7029d3d92db3f4f1083708a95cac1c59089f8a39a671a0c3e7a02e359ede3efa295952
-
C:\Users\Admin\AppData\Local\Temp\2024-06-08_507a69e2e39842d4c61fc8921caa7a06_bkransomware_PCULog0.txt
Filesize839B
MD5557841e95408e3d79c682c237ddb344b
SHA1b8d56437b2ae2432b682c682bb358efccd14e42a
SHA25637aa5a9708733ddf9dc955a1499c7147a454582b709adf19db7ade8cc35b705a
SHA512d410afaff23c2d789342d5dcf02a7f04c125c7ad10a5361f3e089704db475e4c4eef4b452ae6ab8e645425756c6e934dbee3a3742f4192d8295efc7b0d851e28
-
Filesize
1.3MB
MD58624816c7c30fe9cd529020a246262d6
SHA13b74a466a9dc37631cd448bdc63f00e35040a2c1
SHA256e7799b3a291ab4edcd3eebed1be304ba41cd70217d85cf8e8329748410df176e
SHA5129263993ce2a861a9316f5f8fd0adad9a19b7f28640ed1efc69dc54b5d0fef081d65549b39ac39924caf23cc60895fee924f2e77fbc0b5c95378943319d407a49
-
Filesize
1.2MB
MD50c1b9d46321d4c885fee963d9d108640
SHA14da7f8c31583207a08f144b27848cfdac5283b89
SHA2569bf6ed85ba5828c7b4ea836f72f52953b8b5da06af233d2710a5c1ed2815c5ee
SHA51276d17e205a3e0ebcbc82bb3691ad6b6d19aef77de2abcbea98dfc9129bc559593f6bd724cd7971080fdc9e661ba0f5a336def8570053dd0b369c5150b25697fc
-
Filesize
1.3MB
MD5092f0a0b513c14f2fbd49aa859f81b32
SHA14eda97ff650aa850441bd6d6eba558eaef43a5e0
SHA25625a4bdcd000b6663d279614d5df43f34c02c1640fbb282df0ff9957310095fb4
SHA5124520a5f05d797b932e1330c96123bcb3c6862721ddeaa5185e226b685cc86d38e895f827a0dcafe9736edb533141059bedc2f4df45bd5cdc04533870672d45ba
-
Filesize
1.3MB
MD59a57d015cdc51282612bc915f790ae15
SHA1663d09979f3dd1af4f58866996f12ccbe91136ac
SHA2565b7ba6068fcbfb83ef8837fe5e5fff53dbd09c9379732602854b962819a5b5dd
SHA51290dc347777c019489eea67aa5bc7fdab9c32efa010c712ed5f963f7b3dc62fbf1ad0532c4d0336b06fb8d4d38bf10238d5bc02ecf73573eb31989dc5e5c38448