846adcf4d156803c03df9c9e4f9a04114228d82b2c7bcfb41440af6a9acb7b65

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
Size

4.3MB
MD5

d9b84cc79b34ed577ce4882ef496d93e
SHA1

fc1ea414cd738328cf66cdef303da308b9798880
SHA256

846adcf4d156803c03df9c9e4f9a04114228d82b2c7bcfb41440af6a9acb7b65
SHA512

733298c54eba2d32f323bd16aba6f8411432bffa1cefdb36a0aeed46f2c3645be2aa22d5b56c2ad936a737fa077b9e7e18e8ef484ceb39b527f586f989ff5a34
SSDEEP

98304:DO/RG6GkIN84klIci68xyDC2YmoieSoaSiHFnI6ts3/l:OG24kDi6s2YBieS96/l

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

Executes dropped EXE 1 IoCs

Processes:

2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

pid process

3052 2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

pid	process
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

Loads dropped DLL 42 IoCs

Processes:

2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

pid	process
2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
3052	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

description	pid	process	target process
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
PID 2904 wrote to memory of 3052	2904	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe	2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2904

C:\Windows\temp\09E5A5F59B20FE111887257C7B5C0B37\2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe
"C:\Windows\temp\09E5A5F59B20FE111887257C7B5C0B37\2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe"
2⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1913.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\System.Windows.Interactivity.dll

Filesize
39KB

MD5
3ab57a33a6e3a1476695d5a6e856c06a

SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.setup.ui.core.dll

Filesize
89KB

MD5
78fb3f1e9f69beca863af1ff7713249c

SHA1
65e00f042db34b385d9bfd0100a3b13efd79df5e

SHA256
323aa8d8707a030bf245d6031b7fb439c929a3a24c5621a03276114691e45aac

SHA512
79bcfa36dfb3b1a6e04d06a5d85fce6574831d5684ae55c9e08784ee6a585bde5c649438103d40edd85da3bb8fd1d27b00be16fd421d32502da3587468ee8ced

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.setup.ui.dll

Filesize
279KB

MD5
bb9df6ed16bad5bbcde9b106e11dff6f

SHA1
5a18c06282442a241e42ea45eb636cc77bf7d95c

SHA256
dc5f2821548e5a660fc920224846994da0169972f18a15e04fc9943a6a08f734

SHA512
12d3c0ec2cc0224614cd8dcc81bb0f5610a0b836420628722d3409775f1c186b9d7cadb9a61bf5ce5f5ae1c99fa408ad14900f7f8b83c0b5073180786f9123a6

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
a54a9d1185edd71b120010d131f0dbea

SHA1
e24ebb90da9840cb2b813bac4409c9525258d864

SHA256
a7d59379fdfa59c21b114b087b16028480f976efa12e3a197fff3729f28f3bb3

SHA512
c16e90afa3c9d49c6fb8af03e027e927c6ae582f28ffd6cbcb79178a47346327bef6ee8791cc0c04643ca7204c964c19c270f6c8609f1225bdcaf7d5f3c94c49

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.setup.ui.visuals.dll

Filesize
417KB

MD5
5bcc51f3bb85949e37ffc08cf1501f70

SHA1
f2d6067c3084e5c0af33b6e4bb9837b3f05a8f83

SHA256
fdcbe09d8c6ee7681e88bbf7bbcc6c87f089d034e00df6a422c3482f4a99a2bd

SHA512
950d8bf52222c1ba6c5173b3a9385737b4b414a259d72adee921b524b790113f473e00b5961972b19ad5dd2349fc1ba5c7b3541086c5b93a11238992a0e3c8a5

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.ui.framework.dll

Filesize
235KB

MD5
aeb7ba2ce5574025a985313bdde99cfb

SHA1
7e7d4d90a11c317c5d3b5065d47ef4209296cdaa

SHA256
92d7b5ad2e92e72804223e71cde8350ba7f0561e5e1b8c0002ce88e3e88f6ef0

SHA512
bd0aa5b5ac94076d6d6607cf704bcd89cabf43d3f99042fee8b653a0674c315ac9e464f0aef091998152f6b107a47034b541021efaf759bf250f6f99a91ba572

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.ui.framework.localization.dll

Filesize
281KB

MD5
ccf2531b77412b4eb5410888bd3eeb42

SHA1
ccc53ff2ac5b21d2a026b9f3431a016aee08dcb6

SHA256
170a04a3141b1c4f2606c3ba78d687972db6319d85d7a45f59958cc9f1fd05bd

SHA512
6eefd54ed14076cbd391e95817ce53c4bf69bae7d3c6f75f682d8e26f236cb2e4b9153c54fe358e1f833e9661cdc010686a2a5136fa70d77ca7f81cd59e32909

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.ui.framework.uikit.b2c.dll

Filesize
543KB

MD5
fb389c9c3c063163f5609608405f66bc

SHA1
0d2d249335b82941aaa7aeb58947c12cadf04ff8

SHA256
7e97138fe069a260a05bad7beddc31fc54d0909f36728ab0efa761e7580393df

SHA512
c169b1e6fecd432517f58bac541820c4fde5fefd847b9dd4544d290f95334b8fc392b26cd02eebeb30aaddb87885bd35b1f0c46644b1e5b9e9c84115afebf0f7

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\kl.ui.framework.uikit.dll

Filesize
2.5MB

MD5
7076c5eb43353580a88554a458c393dc

SHA1
74d9ec58d4ef5d0a7a69fe6500b47c6873ed87ba

SHA256
294055db0edebad0b62f5690d65c401ff3c859bb2ce913c7840142ea344f0f24

SHA512
81c88f67e55c415a5fe48c07d020069cd494c7eaafb8c79475093121121d7360c9a72e79f9f64c6700f4a90a923ae876064d0a942c2cda3a6914c1b07a218515

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\setup.dll

Filesize
5.6MB

MD5
986033838280c8d36c4fcc14b03caa35

SHA1
ac082f683dbbf4537dccee380b802055b2cf60df

SHA256
42abfb0fd3d1fba8832f5eb2aa0e0d42a10b60f4a033c1b3838668287a4e88d6

SHA512
4245f331953fd6661d75349e229e012fdce8fdf85de5f3666468f9b6198d678292ecd1970a6eb0101c02c3609d2116d7a609b9341509478de1b4e03c9614d65e

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
ca5e6167b66c384f62e56fe0e1757af3

SHA1
4d8912deab579d0ad3bfa7477f7377d03260ec1f

SHA256
a9edc78bc8dd9e6ab098c96d2f26949bf8cc7c1f1071c5d96154022dac685979

SHA512
53d2828ea80ba1c9726240859c42deddf3b384bfdc173763804d5c0e59bc531de519720c8f396cba3851768be14ebed5f8f6ed501d2a99055f2abab9c920ce5a

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectorcore.dll

Filesize
201KB

MD5
f6004bd10ff1bced912d389a48138323

SHA1
349d4f7bb69dec14ce5051c1ce4d7aaf33ce9ab8

SHA256
fa2c2216181125daaf69ce4c7e2addc9df98e09845a27292b9775ff8d568ac39

SHA512
550af5c8d54f4987a7c05347c9fa21a6cac5817ed410c5f9358bed6d13648c0c55be2426ea3b221f82b635e91f2a2c505f07703ae93392754c870853073536d5

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectorcss.dll

Filesize
109KB

MD5
25e40483458b8083eb12d38b6cead136

SHA1
9158642854dcdc9b2610272e181d98526b3547cc

SHA256
1a87d710b34b187f75e9213c95ab5eb129da63906f122035e7badf7044c929c9

SHA512
381ba47f815cfc4fe665913a49f8e53121dcad53c8e63ffc3d61663a2b5db0fc3fb2e3e8784fe5a0fd058ccb0687317c11e01debf4c596795f7cae5fd45dcadb

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectordom.dll

Filesize
55KB

MD5
b97a47906b78413d18249eaa15c0933b

SHA1
ccf1951838e20c52cdc440cea34f88101310dbb3

SHA256
5fd8cfbe80ec610463ab092b74e2c22b2651f30dd0660849d09210e70eca7254

SHA512
b490641ca358c270e77e587c5ecff4ad60848384348603d576212e4da133d30087aa32ed11037d19de8f3f6777711255f5a6a9a66ddfa0abb87d893d72619af5

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectormodel.dll

Filesize
997KB

MD5
ff09404438a1aaf5bafa792a504e7631

SHA1
7e78ad564aba274bf70c5320e39ae5061b30572a

SHA256
ccf8359d7862330ebb1dd0a5f50b9e12e43b1763ef64cde5417960774d1dcf11

SHA512
8b90210aa69b69b9e4e06a721a444ca9e50bcb87648fffdd2f47f2056ad52c55a2228547c45757a804b3b76ced8bf8899918f5c4a23f2139061bdff1dcf23db5

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
619044935bd3151b6d1fef1e06ce5323

SHA1
f5d5e2b4171465ef022ed85ea7ff1e70c7b2a581

SHA256
5b6dc4ff32972e022a3a457d319ffc756c915b8f9be4fa62a550f2e361aca5f2

SHA512
d5f4cc32d6ccecd4accdb78913badc5190adea1df1e173d5b47ef2c522cadf4d2f198deb25440aa1360c03ba90fe734f3f8a3b63b38e7b7c54b8d3ecaad06cd4

Download Submit
\Users\Admin\AppData\Local\Temp\0F3267F59B20FE111887257C7B5C0B37\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
cef0c0a808a94ef99fc4dc3472691a21

SHA1
637ea1d4def4e840d73af915d0118db2c8c9f2bc

SHA256
186fb849e9284fda5ed5ea84b1bb7a73b4321afa063df2fa4812b7f0dd857761

SHA512
0f764d85f76fe2fdcf094120f379e0841b74f710b6857722687334bd7a01329d79ab653e825c323110c9e67999429c70efe2c213b7a6a77d1d939f1829f5ad67

Download Submit
\Windows\Temp\09E5A5F59B20FE111887257C7B5C0B37\2024-04-25_d9b84cc79b34ed577ce4882ef496d93e_avoslocker.exe

Filesize
4.3MB

MD5
d9b84cc79b34ed577ce4882ef496d93e

SHA1
fc1ea414cd738328cf66cdef303da308b9798880

SHA256
846adcf4d156803c03df9c9e4f9a04114228d82b2c7bcfb41440af6a9acb7b65

SHA512
733298c54eba2d32f323bd16aba6f8411432bffa1cefdb36a0aeed46f2c3645be2aa22d5b56c2ad936a737fa077b9e7e18e8ef484ceb39b527f586f989ff5a34

Download Submit
memory/2904-1-0x0000000077B70000-0x0000000077B80000-memory.dmp

Filesize
64KB

Download
memory/2904-0-0x0000000077B70000-0x0000000077B80000-memory.dmp

Filesize
64KB

Download
memory/2904-2-0x0000000077B70000-0x0000000077B80000-memory.dmp

Filesize
64KB

Download
memory/3052-109-0x0000000007380000-0x0000000007408000-memory.dmp

Filesize
544KB

Download
memory/3052-46-0x00000000009C0000-0x00000000009CE000-memory.dmp

Filesize
56KB

Download
memory/3052-98-0x0000000006A90000-0x0000000006AF8000-memory.dmp

Filesize
416KB

Download
memory/3052-89-0x00000000083B0000-0x0000000008638000-memory.dmp

Filesize
2.5MB

Download
memory/3052-85-0x0000000003820000-0x0000000003866000-memory.dmp

Filesize
280KB

Download
memory/3052-104-0x0000000007380000-0x0000000007408000-memory.dmp

Filesize
544KB

Download
memory/3052-81-0x0000000001300000-0x0000000001316000-memory.dmp

Filesize
88KB

Download
memory/3052-116-0x0000000003660000-0x0000000003670000-memory.dmp

Filesize
64KB

Download
memory/3052-121-0x0000000003660000-0x0000000003670000-memory.dmp

Filesize
64KB

Download
memory/3052-128-0x0000000003A70000-0x0000000003AA4000-memory.dmp

Filesize
208KB

Download
memory/3052-129-0x0000000003670000-0x000000000367A000-memory.dmp

Filesize
40KB

Download
memory/3052-133-0x0000000003D30000-0x0000000003D52000-memory.dmp

Filesize
136KB

Download
memory/3052-77-0x00000000033B0000-0x00000000033EC000-memory.dmp

Filesize
240KB

Download
memory/3052-53-0x0000000002CE0000-0x0000000002D26000-memory.dmp

Filesize
280KB

Download
memory/3052-124-0x0000000003670000-0x000000000367A000-memory.dmp

Filesize
40KB

Download
memory/3052-49-0x0000000006100000-0x0000000006140000-memory.dmp

Filesize
256KB

Download
memory/3052-137-0x0000000005FA0000-0x0000000005FD2000-memory.dmp

Filesize
200KB

Download
memory/3052-93-0x0000000006A90000-0x0000000006AF8000-memory.dmp

Filesize
416KB

Download
memory/3052-141-0x00000000087D0000-0x00000000088CA000-memory.dmp

Filesize
1000KB

Download
memory/3052-42-0x0000000006100000-0x0000000006140000-memory.dmp

Filesize
256KB

Download
memory/3052-145-0x0000000003EA0000-0x0000000003EBC000-memory.dmp

Filesize
112KB

Download
memory/3052-41-0x00000000736E0000-0x0000000073DCE000-memory.dmp

Filesize
6.9MB

Download
memory/3052-149-0x0000000003D10000-0x0000000003D1E000-memory.dmp

Filesize
56KB

Download
memory/3052-153-0x0000000006190000-0x00000000061A2000-memory.dmp

Filesize
72KB

Download
memory/3052-8-0x0000000077B50000-0x0000000077B60000-memory.dmp

Filesize
64KB

Download
memory/3052-160-0x0000000006100000-0x0000000006140000-memory.dmp

Filesize
256KB

Download
memory/3052-10-0x0000000077B50000-0x0000000077B60000-memory.dmp

Filesize
64KB

Download
memory/3052-9-0x0000000077B50000-0x0000000077B60000-memory.dmp

Filesize
64KB

Download
memory/3052-234-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/3052-233-0x00000000035C0000-0x00000000035C2000-memory.dmp

Filesize
8KB

Download
memory/3052-235-0x00000000736E0000-0x0000000073DCE000-memory.dmp

Filesize
6.9MB

Download
memory/3052-236-0x0000000006100000-0x0000000006140000-memory.dmp

Filesize
256KB

Download
memory/3052-237-0x0000000003670000-0x000000000367A000-memory.dmp

Filesize
40KB

Download