Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/10/2024, 00:25
241003-aq13yavcrl 803/10/2024, 00:22
241003-anyj2aybqa 302/10/2024, 23:58
241002-31c33stepp 10Analysis
-
max time kernel
147s -
max time network
139s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
-
submitted
03/10/2024, 00:25
General
-
Target
https://www.mediafire.com/file/tf2nbtujgxgqbed/EXM_Premium_Tweaks_Updated.rar/file
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 4 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://www.mediafire.com/file/tf2nbtujgxgqbed/EXM_Premium_Tweaks_Updated.rar/file"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.0.1042955597\1917037508" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67caf389-9cfa-45dc-8066-95e881c25723} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 1796 1a9570d7b58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.1.547024617\467433017" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e84b778a-c8d5-4364-9730-c9e6712631b0} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 2152 1a94bf72e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.2.526258419\1121711310" -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2844 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {232c019f-5eea-4f7c-8f22-4ee3ea4cb824} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 2820 1a95705f558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.3.1366876779\484726529" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6ff7916-7c7e-47cb-9bb2-d39081b9ea68} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 3628 1a94bf61058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.4.476249967\688529897" -childID 3 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d4fdd23-25cd-4a59-9980-ae3344463395} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 4324 1a95cd23858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.5.850296416\221744601" -childID 4 -isForBrowser -prefsHandle 4968 -prefMapHandle 5020 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab3ce2de-a769-4387-90de-e0c2c0eb63e6} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 4884 1a95cb60058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.6.814291929\1571758970" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54ce2cb8-7188-4da1-98e3-3ac8dc88cf36} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 4944 1a95cb61258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.7.1948090140\228288545" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a132d4fc-3816-4ef2-90ca-a80f2b964c48} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 5352 1a95cb61b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.8.905804293\1144884660" -childID 7 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 26433 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2593bed-a2a8-41a4-b275-533b6ee590f3} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 2912 1a95dbc0f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.9.1520136889\599089308" -childID 8 -isForBrowser -prefsHandle 4148 -prefMapHandle 1572 -prefsLen 26608 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0300733a-2126-4029-a6a9-93eb9ecc98c0} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 5764 1a95ee7a658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.10.121613546\580262942" -parentBuildID 20221007134813 -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 26873 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25909e86-a539-4fd6-aeaa-ab03c9de7766} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 4808 1a95f50f258 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.11.251516818\795415515" -childID 9 -isForBrowser -prefsHandle 6264 -prefMapHandle 6252 -prefsLen 26873 -prefMapSize 233414 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b970f0b5-fdf4-4e71-9f27-cb550025c579} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 6272 1a94bf63558 tab3⤵
-
-
C:\Users\Admin\Downloads\venus.exe"C:\Users\Admin\Downloads\venus.exe"3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3e41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD596956102ceca45f3b357914028eef0c2
SHA1c82736020142c1a5756a1d68ba12527f25ee6569
SHA2560e5fce998d40720fba69d623bab36d8e80fac620ef3a2965ef4680c8bf60c3a0
SHA51206cd405fb3668d1b8ee71236cf1d77e3d7807a5da74924708ed324a7e15f62bf86be885574f9e9bde96bbede48e81ff8b0bf9052facf08d375f6ac66f75e6f0b
-
Filesize
13KB
MD52aacdfd9a4900340fc930a1d79b3cd2b
SHA17dd9eecda194b88e13f316c786faebc56a959416
SHA256d65901aacdcaf513d27352d059a2f87d175a2a58cb8abe38531ab21e838af901
SHA5128c7df90c881f3059ff8ce5b7d770eb1896e461d0ec39c177031258ae34cd68e2f2edaf2550fd4a9d9d1814c044b3424b3733ba458697cc86334161ccddf644fd
-
Filesize
144KB
MD5d30a253e0c5d543edfe0c6d68ad0af33
SHA1577e62ff6ddefbf8396c9460e765950d4d59f3f5
SHA256ca7774f6f701e2a2b0ed1a288f5a734920368b5e6b4b20a531f43ba7099701c5
SHA512c64483b51898e0c23971475608a54c427dd07dbe8a327b86c61bfece51e2f59b53fe30a612c231e122996fb26b3cc5be8770ef5b6c1aed825e88aa6084c3baf2
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
246B
MD5ce242284f7553ea83509963714342e6d
SHA112bd9cd126663499eb36e04213c158ed91e5bcf9
SHA256d1acd4eef82921d622f0cd39916716428e770e29c7e39b85a112234e9c1c5669
SHA5127a1300d1303434451b331283c33acafbd55b294af26e9ccdb2d3859b9042bf9cb4bef25234a3e4cb3ae73f74ba2bc4e488db5462952253b9e4ceab9b91ef4f3c
-
Filesize
10KB
MD5a301c91c118c9e041739ad0c85dfe8c5
SHA1039962373b35960ef2bb5fbbe3856c0859306bf7
SHA256cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
SHA5123a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a
-
Filesize
16KB
MD58d6797a345173eeb11e9d3534c8b695e
SHA1f075067190cd50f8e1e601dc6bc048aef0325196
SHA256898cbdbc2d0c5c95e042b768cfbaea404523f37ddcb77525f4b7a7487d61f9e2
SHA5121f901228904d94e060986c34087f1da4bac5c54feebdfc0f7ca9f2423af27ab7c0a96ac65ab46877007a80740f203afa754d922e138088761a1637867281b8b7
-
Filesize
9KB
MD563e5fc19a0e34a0533692183397441db
SHA17a74c64805466ea87e35be11fdae7b993107c5be
SHA25679cc29e45a76a176ae149640fecd1eab7dfb27939f57488e8e94c2a87882f295
SHA512494df81ce88957d0f19cd8da811af2bc30b9360e55b85f2ec0119696b3d6eb1b430c1705982d514cd501ab0f9de2e72f8cb07b8a3c6b1524513027cbeb11c193
-
Filesize
734B
MD5cc145fe40e8c424188b1169fe7cdc2e6
SHA1490d939ef2ffa88898615a6abe05140c591b9eee
SHA25644bc64cc4e46096f67be235b152ecd3bc68398df569289b7d99b619551738e18
SHA512cb1dc7368b2a2cdde4c326b6466a0fad74745fdb203bf37cfb66712daab83646f3b9bc5744850ea6f3b60a8121344d865791b305ebd7d1d148b59b2f3b3c7439
-
Filesize
6KB
MD571a869b2358e142e1ceee97decf508e5
SHA1b731eb3551fe6b9cb2440aa2aaf9ff336b68346c
SHA256463da76b890be76350e50bf4a655daa14fd382266ac51a2b9eb3f7deeaa1a6e7
SHA512a65e6ceba7af0f6a484ac65337db0a57aa814fff4e3d39b1eb7871676f23df5e680e3c19fd19b4a88a0dee701a3cc96888b5f418d559587813f9a36ac047521f
-
Filesize
6KB
MD5dc3073eeb013f8ba30e13bfc8f1e47c7
SHA1b63ac6e73c5381548fead4ae61525c821c43f81a
SHA2568807773189a7009fc75e08d86081de4c6c53a9608234148efc36593fb10bbf15
SHA512ac79cd8a85098042de234dc747b903a7a04e47f288aa16f34993fb7a479c6d140e60a2cab34889f24f8c612c13068ffc60259d6635e2987eae29efdca5a4acc4
-
Filesize
6KB
MD5878c53a207d62c8108896425b197ba98
SHA1311339ffa54e8e3a0e291f64dc0d3f4dc5159b06
SHA256133fee8e346b125e84d4b227195bd4789fb61c185ceb4f6a19d1318468400b31
SHA5122f03b83a008f619a9c4d31df998ea63ec86c434c3e1bf766219764ac3396fdd63f56d5322c59585d08e375ca379a084e13bf366e6d922902b900ecf58e4c560e
-
Filesize
6KB
MD558fc192acde07e4c7710f3e39549f885
SHA1484874753f0320a53e2656ba0f794bb639af25a6
SHA2568700a582de8abe74c9db570c3495a658031b24c01f532def1ad0723c68e1a921
SHA512a4587ff5b65d5aa44f803c0e2a67e0c6ad2a0efbcb4b3c3e6c52b0509515981e967ca3e269dd8f151d286aa2e9a6569223b45003bd872618d837c0e14d9ce06c
-
Filesize
7KB
MD54cdbf1d9b5c269cf68b43e40ac2cf50b
SHA1acecc58368ba1d4487c25ab1b7d64d956d386b18
SHA25675bb5ff7c0f46ab98cca2db60b8cb4b317654706c7c395c3cbafb0e8ed5f515f
SHA51240dc79db058e6398fedfe8c1cd123e9ea9acd34460a05defc81fb661da9387d95caecd15965dc045f45ac4ab33fca575675de7fb7d6840287e7fdf6b6d9d8643
-
Filesize
4KB
MD5d60c4a9c73707836819ef256eccbfc3b
SHA1065db9abfd815d358b86aee225f21e99993b111e
SHA256afe90913e36dddbb4ab817fa862129bca3728c9c9b9754ecec153d388c739409
SHA512b631cb82126a44897662f561be76cacad02651b4174769724b7be2c4910222d8aa8b91218b8f003175da34a73f51df046bde84874c44877ef3069359010789a5
-
Filesize
3KB
MD54548819708a438034575bbc2cb4ab781
SHA192512a1ffebf5ff1d8192e353208748a39399c81
SHA2567528ecf715b8e6045a4ffb2e9e8f41888be6d3c1788fef7d39bf190b68d81174
SHA51293824c0a643382b9cdd09d5cf91a6943b027058ca611105394d91147631ef36f219a594aa840a426920fdd479279a42b4a7fc718d5d9bfa14be0801731b63323
-
Filesize
6KB
MD52b8a8d30e57b5cdc12029303e435621c
SHA1bb07ef10ea04da3a179f3e4b319db44de038c7ca
SHA256c8d78709bedb8c59b15b6d52e53bcbe6725aed216880bddbf9aca9ecb20f4d4a
SHA512856304444f7ec2c70db5b9506bf147f825b327a311edc1925144324d45ff0b09fd1629e88ca6040fdc6f5f6d63cd402dbcfe325562ffa9102b38a01365a0d378
-
Filesize
8KB
MD5a0a19d56104200b1291fcf09b8316028
SHA16e1ed9555e2f3a36fce7017bea6ac4623ede2656
SHA256bff3bbff290456017545e6e04c5c967f9a44075541ed84eabc499e020dbe4469
SHA512c5b1925ed2cf1af846e674d9606d3c2e4653ea3474ac957e6bb42b78087e5a4c99f43e2a203fcfd62582b7f1d7c6005bf4f194f4c73143e8bd6efc7ff4f7bac4
-
Filesize
184KB
MD56fb529a6040edced72255baf206751b3
SHA1d86a9e27b28d30d06bf0134fc1f1dbe1c8eddde2
SHA2560854a410ae1d03645fb10f650df8a76657332b00ebb80a86b3a2167e305fa970
SHA512b62f30ad4cd0801c044258e0c16ffce4a945f4f94b1352caa03aa5639c0d7efc971e6b32bdac81eeb79d02715dfa4deec490f2e385f00b40008edaa6addc4020
-
Filesize
13KB
MD5799db11cbd73e355902ca0e9611a2055
SHA198cdb0ecc8ea2dbba95b99bd73a6f6a357123216
SHA256794f4075e654255924fd2c50051127786ef5fef1fb57bb7e216ade23044d9873
SHA5125d6920fa75c2723e03cef6ee9575948fa445db6e3ea5d90ea8ae366fa9e25f31c6e44e327e0812c570fa6c31f9fe714aa5a078eddfdf0dc42dccbfb5f404e2ba
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
128KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
1024KB
-
Filesize
1024KB