a051c7cc12c5ce8baafe83f65d6ea6511d66476df4de3190ed5dc992d576225e

Analysis

max time kernel
16s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
Size

4.8MB
MD5

e7e9119a91fa7712132342940ac8eb3b
SHA1

a8f3fa47d1720955acd387d2a8029ff414e27e14
SHA256

a051c7cc12c5ce8baafe83f65d6ea6511d66476df4de3190ed5dc992d576225e
SHA512

5fcb4be1cc2c729846421bb1bdd96f2b710e7df04b595997a16dfac604fb0df440b9b3d62d2c12ea5c94fa5a844b16f5dac1f16b8a28714e5d931d38f8abd8d3
SSDEEP

98304:rtiuhhuhmF1OgPptZDElaxQ3PCTDsRnLPYSz7cyB:5SktIa6n3cyB

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

MicrosoftEdgeUpdate.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA MicrosoftEdgeUpdate.exe
Downloads MZ/PE file

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

MicrosoftEdgeWebview2Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_fa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_zh-TW.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ug.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_da.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ms.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_hu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_az.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_sr.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\psmachine_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_de.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_fil.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_it.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_is.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdateCore.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_af.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_mk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_kk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe

Executes dropped EXE 4 IoCs

Processes:

ITS SB App Switch.exeITS SB App Switch.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exe

pid process

3360 ITS SB App Switch.exe
4024 ITS SB App Switch.exe
396 MicrosoftEdgeWebview2Setup.exe
2480 MicrosoftEdgeUpdate.exe
Loads dropped DLL 2 IoCs

Processes:

2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

pid process

2748 2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
2480 MicrosoftEdgeUpdate.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3360	ITS SB App Switch.exe
4024	ITS SB App Switch.exe
396	MicrosoftEdgeWebview2Setup.exe
2480	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

wermgr.exe

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

pid	process
2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
2480	MicrosoftEdgeUpdate.exe
2480	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description pid process

Token: SeRestorePrivilege 2480 MicrosoftEdgeUpdate.exe
Token: SeBackupPrivilege 2480 MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege 2480 MicrosoftEdgeUpdate.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exeITS SB App Switch.exe

pid process

2748 2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
4024 ITS SB App Switch.exe
4024 ITS SB App Switch.exe

description	pid	process
Token: SeRestorePrivilege	2480	MicrosoftEdgeUpdate.exe
Token: SeBackupPrivilege	2480	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2480	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exe

description	pid	process	target process
PID 2748 wrote to memory of 3360	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2748 wrote to memory of 3360	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2748 wrote to memory of 3360	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2748 wrote to memory of 4024	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2748 wrote to memory of 4024	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2748 wrote to memory of 4024	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2748 wrote to memory of 396	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 2748 wrote to memory of 396	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 2748 wrote to memory of 396	2748	2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 396 wrote to memory of 2480	396	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 396 wrote to memory of 2480	396	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 396 wrote to memory of 2480	396	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 2480 wrote to memory of 1332	2480	MicrosoftEdgeUpdate.exe	wermgr.exe
PID 2480 wrote to memory of 1332	2480	MicrosoftEdgeUpdate.exe	wermgr.exe
PID 2480 wrote to memory of 1332	2480	MicrosoftEdgeUpdate.exe	wermgr.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:3360

C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo\ITS SB App Switch.exe" 2748
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4024

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /AllUsers /S
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:396

C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdate.exe" /AllUsers /S "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
3⤵
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2480

C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2480" "948" "784" "944" "0" "0" "0" "0" "0" "0" "0" "0"
4⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:1332

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
e3f7c1c2e2013558284331586ba2bbb2

SHA1
6ebf0601e1c667f8d0b681b0321a73e8f4e91fa3

SHA256
d19616ac12d3d536c8fbf034513a4977c88ef2d1676d358a2358fa051c8a42ba

SHA512
7d4fd7ad06b05d79211144cbaa0047bdb4910212565b79f292a6bea652735dacf69435b24c73bc679cbdad4207f6352726eb297a1e7af4f7eef14dbc8a2ca42d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdate.dll
Filesize
2.1MB

MD5
1125e435063e7c722c0079fdf0a5b751

SHA1
9b1c36d2b7df507a027314ece2ef96f5b775c422

SHA256
7d8d1756343598bc651d62a0e81835820e0d6cf7a995503bb6b129b4bcc37df4

SHA512
153f096af5c874c00a3c38602fab590eccf885f642040007b67799ef39d919d7cb261fba43a9ffbd68c8824eddea219505d49e05b3dcc70f00e6016a1fbd12b9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU63FA.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
a430ce95b80c07bb729463063e0c7c48

SHA1
cc488bdc18c191d88dd93e45bb85fda19d496591

SHA256
c9c8a06948123607b7b35d0d46c9600b1d3e2f674e6117820b4f559818c26b60

SHA512
cc9c24b95d079a949a8e725002494b0c75c19bce9ec6457cb4307f5803b7433eed738944f1baf770df8e034212224b1d9662fa533aa5bc5c01568d192fa49efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo\ITS SB App Switch.exe
Filesize
370KB

MD5
6e3b18cac5d61c109906e94ce895d2bc

SHA1
557d63dd72dc47e9b2d701c40e80fba1e108e9c5

SHA256
db70869cfafb8877fd02beb9d970427e6103c1003d04eca2dad1ac9a9587d489

SHA512
e27d2cf4e63b414b7a8e89c48e9b4c0ccb93e52c2405e9b5bbac13352daa3cf9e619b48845547ebdbfaa7ef8af850f1c3fe4b8ac228dfa3d14095d86cf82340b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-06-28_e7e9119a91fa7712132342940ac8eb3b_avoslocker_metamorfo\TestSecurity.12.7.0.249.dll
Filesize
1.6MB

MD5
a7d19e10c06f0b71f69c15e0c070f66a

SHA1
11a10b61e3925125b963e3074dea63f36084da23

SHA256
6b766ffee9ee5ebeee3830a90870afca99a79e7611fd81f2e4afab009513a3dc

SHA512
09cc5eff3529881d540ac96cf5fe488dc843d131d7c4527b2dbc4349c048a1cd2d1f190365f174d5972624805d07b84d513aa274144bd2974ced2ec57e2ed758

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
Filesize
1.6MB

MD5
db7fb67fcec9f1c442de25f3ad59f50c

SHA1
b600aa26d1cded59760304c6d77f4ff75722eabd

SHA256
c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f

SHA512
c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe

Download Submit