5ef10f2a09e654c78bca1365f819112ece3ca9e16125b4c8e25c0fea659a9d91

Analysis

max time kernel
13s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
Size

4.8MB
MD5

eab796dee2fcd215968e3a6bb8474228
SHA1

366db82b081395feb0f89f878ffbfd10e335d28f
SHA256

5ef10f2a09e654c78bca1365f819112ece3ca9e16125b4c8e25c0fea659a9d91
SHA512

46d2deef42f206113d6c4101380eb3200d108c9854bb68e56d70f9620114d676999bc4531a918b95933f646c7b49674bba84a518028ba128a378aed4fed01c66
SSDEEP

98304:BtiuhluhmF1OgPptZDElaxQ3PCTDsRnLPYSz7FyxZ:rqktIa6n3FyxZ

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

MicrosoftEdgeUpdate.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA MicrosoftEdgeUpdate.exe
Downloads MZ/PE file

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

MicrosoftEdgeWebview2Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\psmachine.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_mt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_or.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ca.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_id.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_te.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ug.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_de.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_fr-CA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_km.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_mk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_is.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_el.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_kok.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdateCore.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_et.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_hi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_th.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_sr-Latn-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe

Executes dropped EXE 4 IoCs

Processes:

ITS SB App Switch.exeITS SB App Switch.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exe

pid process

2812 ITS SB App Switch.exe
2848 ITS SB App Switch.exe
1972 MicrosoftEdgeWebview2Setup.exe
504 MicrosoftEdgeUpdate.exe
Loads dropped DLL 2 IoCs

Processes:

2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

pid process

2720 2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
504 MicrosoftEdgeUpdate.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2812	ITS SB App Switch.exe
2848	ITS SB App Switch.exe
1972	MicrosoftEdgeWebview2Setup.exe
504	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

wermgr.exe

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exeMicrosoftEdgeUpdate.exe

pid	process
2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
504	MicrosoftEdgeUpdate.exe
504	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description pid process

Token: SeRestorePrivilege 504 MicrosoftEdgeUpdate.exe
Token: SeBackupPrivilege 504 MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege 504 MicrosoftEdgeUpdate.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exeITS SB App Switch.exe

pid process

2720 2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
2848 ITS SB App Switch.exe
2848 ITS SB App Switch.exe

description	pid	process
Token: SeRestorePrivilege	504	MicrosoftEdgeUpdate.exe
Token: SeBackupPrivilege	504	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	504	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exe

description	pid	process	target process
PID 2720 wrote to memory of 2812	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2720 wrote to memory of 2812	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2720 wrote to memory of 2812	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2720 wrote to memory of 2848	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2720 wrote to memory of 2848	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2720 wrote to memory of 2848	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	ITS SB App Switch.exe
PID 2720 wrote to memory of 1972	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 2720 wrote to memory of 1972	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 2720 wrote to memory of 1972	2720	2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe	MicrosoftEdgeWebview2Setup.exe
PID 1972 wrote to memory of 504	1972	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 1972 wrote to memory of 504	1972	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 1972 wrote to memory of 504	1972	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 504 wrote to memory of 3960	504	MicrosoftEdgeUpdate.exe	wermgr.exe
PID 504 wrote to memory of 3960	504	MicrosoftEdgeUpdate.exe	wermgr.exe
PID 504 wrote to memory of 3960	504	MicrosoftEdgeUpdate.exe	wermgr.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:2812

C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo\ITS SB App Switch.exe" 2720
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /AllUsers /S
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1972

C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdate.exe" /AllUsers /S "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
3⤵
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:504

C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "504" "940" "784" "936" "0" "0" "0" "0" "0" "0" "0" "0"
4⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:3960

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:3180

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
e3f7c1c2e2013558284331586ba2bbb2

SHA1
6ebf0601e1c667f8d0b681b0321a73e8f4e91fa3

SHA256
d19616ac12d3d536c8fbf034513a4977c88ef2d1676d358a2358fa051c8a42ba

SHA512
7d4fd7ad06b05d79211144cbaa0047bdb4910212565b79f292a6bea652735dacf69435b24c73bc679cbdad4207f6352726eb297a1e7af4f7eef14dbc8a2ca42d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdate.dll
Filesize
2.1MB

MD5
1125e435063e7c722c0079fdf0a5b751

SHA1
9b1c36d2b7df507a027314ece2ef96f5b775c422

SHA256
7d8d1756343598bc651d62a0e81835820e0d6cf7a995503bb6b129b4bcc37df4

SHA512
153f096af5c874c00a3c38602fab590eccf885f642040007b67799ef39d919d7cb261fba43a9ffbd68c8824eddea219505d49e05b3dcc70f00e6016a1fbd12b9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU805B.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
a430ce95b80c07bb729463063e0c7c48

SHA1
cc488bdc18c191d88dd93e45bb85fda19d496591

SHA256
c9c8a06948123607b7b35d0d46c9600b1d3e2f674e6117820b4f559818c26b60

SHA512
cc9c24b95d079a949a8e725002494b0c75c19bce9ec6457cb4307f5803b7433eed738944f1baf770df8e034212224b1d9662fa533aa5bc5c01568d192fa49efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo\ITS SB App Switch.exe
Filesize
370KB

MD5
6e3b18cac5d61c109906e94ce895d2bc

SHA1
557d63dd72dc47e9b2d701c40e80fba1e108e9c5

SHA256
db70869cfafb8877fd02beb9d970427e6103c1003d04eca2dad1ac9a9587d489

SHA512
e27d2cf4e63b414b7a8e89c48e9b4c0ccb93e52c2405e9b5bbac13352daa3cf9e619b48845547ebdbfaa7ef8af850f1c3fe4b8ac228dfa3d14095d86cf82340b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-06-29_eab796dee2fcd215968e3a6bb8474228_avoslocker_metamorfo\TestSecurity.12.7.0.249.dll
Filesize
1.6MB

MD5
a7d19e10c06f0b71f69c15e0c070f66a

SHA1
11a10b61e3925125b963e3074dea63f36084da23

SHA256
6b766ffee9ee5ebeee3830a90870afca99a79e7611fd81f2e4afab009513a3dc

SHA512
09cc5eff3529881d540ac96cf5fe488dc843d131d7c4527b2dbc4349c048a1cd2d1f190365f174d5972624805d07b84d513aa274144bd2974ced2ec57e2ed758

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
Filesize
1.6MB

MD5
db7fb67fcec9f1c442de25f3ad59f50c

SHA1
b600aa26d1cded59760304c6d77f4ff75722eabd

SHA256
c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f

SHA512
c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe

Download Submit
C:\Users\Public\Documents\sblog.txt
Filesize
751B

MD5
7123750e2058dc6b6524694da18658e8

SHA1
516ff3fd32f65f767fe82ffff2150ffce3d5671e

SHA256
4f25dec61e1736bbec2f999308bb4d252a0f282bb14b08c1ffce43acfa95590d

SHA512
8568017c6e8ce7f564a66b515c2254c16304fc4b127d025e8c762b139254952b04f52bb282efa9331bb16cf2ebc6715aad69d586e6f6c5fbda7f42b040490803

Download Submit
C:\Users\Public\Documents\sblog.txt
Filesize
2KB

MD5
48d9b6cd4ad9883309b8c0c85bd41f0f

SHA1
e9e73c5b65eef1be5fc688ca4fc96463be04da66

SHA256
be0872e980979838e1d33d0efc80026cee71a2671376de0bf6add053bc3bc26c

SHA512
d00135f6d4634a737ef2093f2f5795fdc3818461f4890c8892d7f7b0f1a271e48d681bfa832a100700dc2fd0559c6e81e0475dd231c794741342b2a2fd4b8fe6

Download Submit