Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-08-2024 01:41

General

  • Target

    2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe

  • Size

    4.3MB

  • MD5

    6d28d8e62356835a8ab3a81e89412600

  • SHA1

    99164dde5f40922b122c924d42c0211e22424472

  • SHA256

    c97c7a1bdd60740fefb20d222dca4ee0cb29e643cfe32295e4b44d29e606cc8b

  • SHA512

    b71c18d2406fd8aefa451e907d4aa897728de0d29e7dc8a9bf71ca35c2649be5722adcdd25afa31b83126cb2b842fabbb1d6d23dc6f25c67717301ff2750ab4b

  • SSDEEP

    98304:vpq/d8kCBBlMyQjujDW9tBcg2jGqwwAydCy7Bcb7kSL1w5QuN7NkB3tiXy:gcQ5ujyp8jGqwwRO4NSNtmy

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\temp\C5BE0B07E5F5FE119921A4A403B05A9D\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe
      "C:\Windows\temp\C5BE0B07E5F5FE119921A4A403B05A9D\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Writes to the Master Boot Record (MBR)
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      • Suspicious use of WriteProcessMemory
      PID:1248
      • C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.360.0\au_setup_70C8C4C5-5F5E-11EF-9912-4A4A300BA5D9\startup.exe
        "C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.360.0\au_setup_70C8C4C5-5F5E-11EF-9912-4A4A300BA5D9\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe" /-self_remove -l=pt-BR -xpos=270 -ypos=58 -prevsetupver=21.17.7.539.0.114.0
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2356
        • C:\Windows\temp\B502FD77E5F5FE119921A4A403B05A9D\startup.exe
          "C:\Windows\temp\B502FD77E5F5FE119921A4A403B05A9D\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe" /-self_remove -l=pt-BR -xpos=270 -ypos=58 -prevsetupver=21.17.7.539.0.114.0
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • System Location Discovery: System Language Discovery
          PID:4516
      • C:\Windows\temp\C5BE0B07E5F5FE119921A4A403B05A9D\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe
        "C:\Windows\temp\C5BE0B07E5F5FE119921A4A403B05A9D\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe" -cleanup="C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D;1248"
        3⤵
        • Executes dropped EXE
        PID:1192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.114.0\kdscrl.rdb

    Filesize

    3KB

    MD5

    79a78149e4ef2e6e09cc061338c7b151

    SHA1

    99505d2461a18f16d4d185603887c60e226347ee

    SHA256

    e6c0da20fc5d9eda24e4128faa5641f8b2d39951e0a0236c013e1f1efcbf83fd

    SHA512

    a3baf55b373b943f8f1c8840cdc2f02a94aed436c54fdcb8cf6eeac9b5840a5e1a11be0c70460da0c17f6fda1b01b87f4e2a688abb5ddeb7819301a1354d688e

  • C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.360.0\au_setup_70C8C4C5-5F5E-11EF-9912-4A4A300BA5D9\dynamic.ini

    Filesize

    142B

    MD5

    51d38d5fde15fd17bc5a97fe9924375c

    SHA1

    b6a79860d71457b2a80e978c1bb700d5e2e2525c

    SHA256

    b09675338632756d074310e1f5002ffc626763da5c5a03edc9fb600556bcdf3f

    SHA512

    d5283039453e6e853a67766ef2e8b624dbcc244510575cd72af3409dbac08048af9c8f58887915fe976bd3bb885fa6df56015738bd045bcd0b2fa6326eaf597d

  • C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.360.0\au_setup_70C8C4C5-5F5E-11EF-9912-4A4A300BA5D9\startup.exe

    Filesize

    4.3MB

    MD5

    b0b2811009e904082d187e56062b9cf4

    SHA1

    e543e55a32ddf5324b0f2cb799adab67b8485ba2

    SHA256

    d9a338b541dfc66b2da0688154f0c3d9beda4e0026d0c9a986c75d6d7dd271c3

    SHA512

    4f1463bdf17b7d6940b14a56fb381ab6fd945ee966322f95da64d8afb1072d75d542898826f5daf85c0e46d9e3a6b4ddf15afbd737afc73a1ac7216faef5ba9e

  • C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.360.0\au_setup_70C8C4C5-5F5E-11EF-9912-4A4A300BA5D9\static.ini

    Filesize

    582B

    MD5

    5d268958c25ee72e4b2f5aa0402f2527

    SHA1

    a525b1ce517aaa0b0ffdb6cc06923fd2f5ce8d65

    SHA256

    63d2eeb9c8d257c3a5d15586e7d6792602343b0c8da13151f03bd462713ac683

    SHA512

    60a988b650e9c9c0ab47480185c93818e5a1beef64054f3eeb4503eca6a67fc9f8a0d835622dde33f99f676cfeb22694e33d69e30bca35e8218a4481a02968af

  • C:\ProgramData\Kaspersky Lab Setup Files\KFA21.17.7.539.0.360.0\kdscrl.rdb.z

    Filesize

    5KB

    MD5

    3ad44cb39a8f5ed4498d73b83f155cc4

    SHA1

    5e38537d8c5b126a1a573fc190515d868867306a

    SHA256

    9223d632d4b43950d42cbd743c50336e39d0fdd626184fe1c19bf5ab138e8fdc

    SHA512

    0031f3624e019b15b88decf03cce4f3043a2f052de5f5ad92698aa7c9727aa9ddb7ca3ac14979aface86cc60dcd19a375b53a25f209bba5d59642f0ede02edce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0B532F86F8BFE69BA8D4B6BCF6B9C594

    Filesize

    318B

    MD5

    52332621695020ff4c337fa002f8fdbd

    SHA1

    aea78202e7d14de953aa6bc877424b77aba9408a

    SHA256

    4c9f5ea36716bc5c15f02e2713ca54ca4c928134809dfcf87badb2cd920cea28

    SHA512

    1caa26f43476b3777ca35bc78bcea30df9c2f1ea6b68c5b1cefd16bd1ab318280c2c88a8f22e448cac3fff12b313f8ae46b7b3c8f7cd6dc42ac398ddab3dfd52

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.setup.ui.core.dll

    Filesize

    89KB

    MD5

    2c8f5ec07cb84d844e3fdee32b2a8e00

    SHA1

    2e27daffed27a7e6ee3adc50eef1710da318ca32

    SHA256

    8d5bd8184fbc3f79ea9edc2c25e1a5a935514518c3fba89bde308c06722375f9

    SHA512

    ef37109b456a68d55dee8a45340e25cb9901909b30f9f882f62060951bec20d838561dbe5ebe0480aa2feb668c6ffbb2137ed2f69cd3d6337c6f38cf395f6eca

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.setup.ui.dll

    Filesize

    278KB

    MD5

    1bebc399a1b31eabc3361169df0316d1

    SHA1

    56091143fafa680dc65dd5f2b5d6fafa94590041

    SHA256

    894914e74da8c8faf8bb9b34e0f9b586db3cb248c3f6edb715a7cb8c930dd66b

    SHA512

    d0d1fb7e23391a352f6bb3d5756dbbcd5a3558e0c477b265453931940a223dfa31cafe20232a9d08fbb127158bce325dd8b769e7bb62907be89019cd3f02f1ac

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.setup.ui.interoplayer.dll

    Filesize

    56KB

    MD5

    baf69d3c6977161e0c2b631b3f9958d4

    SHA1

    a1b2982c11811c4e5f6bce95f3072a855d11c369

    SHA256

    e6392d0cf3a5984034ca0b346476d7482243550ddd0c65a8c0ff2f03a15867bc

    SHA512

    2fb765d07638d239b666d4043f9ae75e91dc271ddf399dfe5bfd1c894bcabb95e6e965b478f5208687d9ebaa18cdafd6fc3400cd47694fd9db4ac30f3f1d5839

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.setup.ui.visuals.dll

    Filesize

    420KB

    MD5

    6181240bc579d2dfb176a1ca260f5a90

    SHA1

    eb13b6cd4a242c8399396795d1863954b8d79507

    SHA256

    b07c4d99d4cbb62b31a425e60c993b809c7043518a9ef0b7b561abd180a1b768

    SHA512

    f5bb4bdd05836c494a560dc9aa16d62d29b90df7c5854d4a97b8e274890dd1476de955637237867a666c1f08785f5dc06d571e023b124530ee87cf6fdb98689f

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.ui.framework.dll

    Filesize

    264KB

    MD5

    2ad2ab4f8517da8e2efdfed22ad49f1e

    SHA1

    55916e3e5c4c40cf2e5644fbad07baf31459673e

    SHA256

    6efe8efc6701c80d59ad33bd139aeca1b47a27f49d3ccc16ed01a49da9bfc2e7

    SHA512

    12800c7d475af627c98cecb6e6c2de8247094166126978e24bd8be3f7193828781e853ee10b3133c989d625f0e2860ce4551369d864748b70db4ec220c515bbd

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.ui.framework.localization.dll

    Filesize

    283KB

    MD5

    079ac68d4beb2ab9602d754b09ff652b

    SHA1

    90032834cc5cffd0b00119e4e38b5f4c5f877e4c

    SHA256

    9377c35b19c30ee75c010b1e592796daf1d3493b397ef9d61a1c63a5ab30a88e

    SHA512

    53782adc516950888ec69b21e744fe4d7f8567223e7c067e362800c78e3621dc148d5aa19f6011962bece1ada3691ef1ef40838a8072480c54aeedb2f4e0c9b9

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.ui.framework.uikit.b2c.dll

    Filesize

    631KB

    MD5

    445e34aa976419cae54e13ede8d41ce5

    SHA1

    98ca3ee808f97ae16970b0fcefd3387bd07278eb

    SHA256

    a255bb5dfaa685d7443dbc8bb7fca71417c8f0b1f617ade7077ee437a23a9b24

    SHA512

    86b4084cf781d4efbb814fce3ed6ca48addbf4c15c5ed3630673350cf65056a80e2a9bc00581a45ae370a64f0bc720d506622eccd9d7ef170814faab1cce14c4

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\kl.ui.framework.uikit.dll

    Filesize

    2.7MB

    MD5

    18defb1e3b7460f592a8ca61e4b40ff0

    SHA1

    8f8f7d7d1ee8a048d162603cc21a0f4c40b9036b

    SHA256

    02a884babc5584fec80b227eb1c52dc800c516f1117ff9637617ad84c632da9d

    SHA512

    7cbdc0c113a0c7ff9628674a8a23f4224290455d4a9a41a66889d01baf1f28b0175197c3078a791ecf6b2052c3fdfc35cf38cfae5bf5917bde80f82499d40b12

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\setup.dll

    Filesize

    5.5MB

    MD5

    6574e9998376a63f60f4d25df7c96194

    SHA1

    39b2a415e26ec682c131ecd830ded6ec9e5458c2

    SHA256

    d8a05cd2983e228d02a575fc4f3a3123cb9a26464e9c2e2e079a12e6a8a9ab03

    SHA512

    7eacc2c288c11c7a399d25b0e4ba20043d10e0681ff78a5493480cd6a09b57ff026b84214a950860379c4e9974c0597bbfc045c2d675556355ccbe68132aa465

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectorconverterswpf.dll

    Filesize

    137KB

    MD5

    a56a73b39703d5ff85b5cf12f9b00009

    SHA1

    e6448c87f969e19ae4c6514d69d8286d26a2b5db

    SHA256

    bb5966185017d904d2d7fd952bcc6d5c19fdf6bbbe34ab29c63a3784cd1074c7

    SHA512

    7fa07a1fcc0735186ee71b3c123b1c4076f04dba5ad319588ea695ef117ab7c39918593e4ee42f18cbd3fe01d043e896981ca6f07293fc2fb0a9bce5d66992b5

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectorcore.dll

    Filesize

    201KB

    MD5

    24e3b7177eeabdf085a01796b49c8e55

    SHA1

    6916a0bb98892252f59692fd0405e6da62af0f8b

    SHA256

    eab963926cf2d62b575c6f33804372fea04db328b2b3f0adfb45fee3f27e5386

    SHA512

    5e377e609673f3d84e22d070012578b8a18fce848a3815d9da05e10043d3e9fde8070094d1841acb44a4f876d8741e371a5fbcc86cce80cdf826131370a41e64

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectorcss.dll

    Filesize

    109KB

    MD5

    726d04bbe783a3510b18a491adac05c0

    SHA1

    11a01c68204dd80b32c01dcdb2e51f5b0ee34d98

    SHA256

    639e091c9e87986eaf9fe00f0f401834e14878ebc48084697fd4307713a065ca

    SHA512

    90592ddef83b6640cf8f28f0818098f95acc4139c7b3f5e8afa63bb873530be1613d42ee02dae12160737ee612187fc0139e19ee4a7f1abb3fec1fcaee1ae297

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectordom.dll

    Filesize

    55KB

    MD5

    e4f6efef27708458ecda4ee22edf3cef

    SHA1

    07ccb5fa980dead816737ad83802cbfed18e4a4f

    SHA256

    413e485d8dd07231d70107d86ee1a17ce705517aed8346b4701747d1fdbfdfc3

    SHA512

    4920e508304df14041df1189938a1102e4a71e2e57ac4b9b804b6b0405c89c8292012a5ff4dae21268204ed6d9b56a279f4ce18d709074d1cba71cc9d5e11a1d

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectormodel.dll

    Filesize

    998KB

    MD5

    225a73e5a0cf87453832b578db6daddb

    SHA1

    a36717a1b2c7eb2ba160fec5fa80e48b9e57c4ac

    SHA256

    0499708762c56b9339c980e731ffab294e9b18362af3dcb4ad4481f1c7bd60c1

    SHA512

    565ee2105bd626650857e0e6f9c8f7d87a68c3ec41923de119a3b710038a4785e16ccf79feb4c1c4f8a308f682163089228ac4ac81295cea754ae1189311c965

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectorrenderingwpf.dll

    Filesize

    203KB

    MD5

    faec58e7785c287a7c688f274207048d

    SHA1

    66c038c720035b7212a7d3733da4520e3b95d63b

    SHA256

    4c76dd0441a8021a308be24cf0c1957bee280451abcc1467acf47f1a6f7f5dce

    SHA512

    9269a91a5bab01f076d8e9fde2991463fb224dc6382f8cde3a118e83cb35bdf580b4ea7686f2ea767a2a9c04650222edfc3a8b2569978b734c51b7135915448e

  • C:\Users\Admin\AppData\Local\Temp\2C4C8C07E5F5FE119921A4A403B05A9D\sharpvectorruntimewpf.dll

    Filesize

    69KB

    MD5

    0e203d24d04e89779638dd70d5335b39

    SHA1

    98ffc3718c6e34bd6d696bbcce605db666f99b01

    SHA256

    f15b5199850b8ed98d2202972ada759823a17893a68d60ca3a0f76ee31aeb204

    SHA512

    a07f54cce2add948340807b8ecf430e72c07032332046e5dd05d9da90f7d732921c0ff628592ff0710914ec9d9b7188b46377e1594a9f9809a107a022de1cfee

  • C:\Users\Admin\AppData\Local\Temp\70C8C4C3-5F5E-11EF-9912-4A4A300BA5D9\GuiStrings.loc

    Filesize

    22KB

    MD5

    09c4e9f41c4b8bfdb6bf8916af730ecd

    SHA1

    a215913aa718b459d8e3c13dfd22e5246dcff38c

    SHA256

    57bf969d3c10d5be0a4b31b8e530c1e005622c8dc809ee4fbd4c214f3b3e9a37

    SHA512

    7767639c5e068fd3e83a527dfce0345c902673e50102a6c5ba3998ffa2d16f0417a74bee15fce9b6825eabe94f6d36c4528cc70c4541294415b26b9f0f64937e

  • C:\Users\Admin\AppData\Local\Temp\70C8C4C3-5F5E-11EF-9912-4A4A300BA5D9\GuiStrings_KFA.loc

    Filesize

    3B

    MD5

    ecaa88f7fa0bf610a5a26cf545dcd3aa

    SHA1

    57218c316b6921e2cd61027a2387edc31a2d9471

    SHA256

    f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

    SHA512

    37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

  • C:\Users\Admin\AppData\Local\Temp\70C8C4C3-5F5E-11EF-9912-4A4A300BA5D9\GuiStrings_pt-BR.loc

    Filesize

    40KB

    MD5

    e6fc57e26efef5b32d65088fce06cb66

    SHA1

    0b149841d6245ef147d4b807d6788848aba08a29

    SHA256

    7123d1ce7b20e9458706236c25c8862986ceceac2e85157b550e618d606694fa

    SHA512

    8459d19e6f2b47de1364b844d63b6d655484475adaa3e94486a641c6952feafb94e29cc8acedbb441aaffefd61eeef47cac9b13e900c36de71220d60d7279fb9

  • C:\Users\Admin\AppData\Local\Temp\70C8C4C3-5F5E-11EF-9912-4A4A300BA5D9\GuiStrings_pt-BR_KFA.loc

    Filesize

    566B

    MD5

    ad6ca585f8c879baa4e312dfab1776e2

    SHA1

    615a941fc1441791ce0bb64242c969605fa30e17

    SHA256

    651c2ee3a44cf4bdf17125637ab9cd851775cd5a4df50af1b1ed04d32a495e7e

    SHA512

    652d83f69d1b6fe8b182d185ad875d90128f2942c9badc5b1e7b6188c3ca28f23591a9c0ee95c828a8b483627062f36d435d7c5d7d62e5a7348af7d189e45552

  • C:\Users\Admin\AppData\Local\Temp\70C8C4C3-5F5E-11EF-9912-4A4A300BA5D9\downloader_neutral.ini

    Filesize

    18KB

    MD5

    66388e1c536028a65914bfdcf6b27ba8

    SHA1

    6cd300498c354dbd55432e8983c4ec31a00d499e

    SHA256

    10dc4d10376b8b19bc8f15cdc221c06c59680b5cb3855b23440dc2be64c4a5b2

    SHA512

    19a84e9628b662636c4fd80c8139669dab78a071bcb9ec30a3954a9892b3e65c2497b34e2666fe26ea589bc7e7b2b4a0b3735994a872b3c86bb71297494c176e

  • C:\Users\Admin\AppData\Local\Temp\70C8C4C3-5F5E-11EF-9912-4A4A300BA5D9\downloader_neutral_KFA.ini

    Filesize

    1KB

    MD5

    2e10b2d4181d2f07d2dd305bd4285bd5

    SHA1

    9c05f3e03bae36da24a62b08729074cd12b0077e

    SHA256

    cbb72cdc1e461226c7d0e49e7ef955f77dfeef4f7fe12d0d8a8d0cf9658edc78

    SHA512

    a1bae84b8a9c0833bbadf29d4532b64f0216d7c1c13be2b4ebb75dd4d2b18244eb67fee52743745ed0a5818e745cb9aae9a8bfdc415ff59ee8aa7de77f122819

  • C:\Users\Admin\AppData\Local\Temp\7813947B-5F5E-11EF-9912-4A4A300BA5D9\downloader_pt-BR.ini

    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

  • C:\Users\Admin\AppData\Local\Temp\7813947B-5F5E-11EF-9912-4A4A300BA5D9\mykaspersky_pt-br.txt

    Filesize

    5KB

    MD5

    367253e6ff15817050f5f6675d30aded

    SHA1

    d07b27c132682d3cfe090b5d371879c29f33d9e3

    SHA256

    8852b8fef4f8b39bfd5edf125c3aca9473b5b16d9818b743a8af173f39bce07b

    SHA512

    f1f460c8957769ee6f641fc5bffee8b85153949f3b0f97609a0ad2e2187fc1f78bee49db31579b1f14ecb2d539ae025e8180cee5c2d2c2c687bc83278af5da30

  • C:\Users\Admin\AppData\Local\Temp\A7493187E5F5FE119921A4A403B05A9D\setup.dll

    Filesize

    5.5MB

    MD5

    c1bf2b8f7b759a0728149cb6735c0fa6

    SHA1

    93f8c0097790a993b6c430045af47d83de204317

    SHA256

    0ac2f32a10ed225dc04b30b4bb344e2e3864fa0a26e875a6502985023791f9f6

    SHA512

    6b8a383496b7ce27a539dec4abf493a95852984796c397f5da1380f255c00ec630701c587d998b53c5d0b861867c49f9598a343013d0cb871dc708109617ff40

  • C:\Users\Admin\AppData\Local\Temp\discovery.cfg

    Filesize

    30KB

    MD5

    8e4080fdeb0c1c02c7697efe69edca7c

    SHA1

    a7503be947fff11671f1b8b7126bde5af7d00828

    SHA256

    ba80be9d85b93b21afef1eb30c67ff9acb01bd2c1dfa7cbf80287db991b26668

    SHA512

    3a9dcb338a65593f1613740a9f23c0e0527b8b80af5ad7c8995f79b1b0c17c495fe01d555d8c1307fed28febbbb97b737a254bf3e7d10b63681a4020bc8b5118

  • C:\Windows\Temp\C5BE0B07E5F5FE119921A4A403B05A9D\2024-08-21_6d28d8e62356835a8ab3a81e89412600_avoslocker.exe

    Filesize

    4.3MB

    MD5

    6d28d8e62356835a8ab3a81e89412600

    SHA1

    99164dde5f40922b122c924d42c0211e22424472

    SHA256

    c97c7a1bdd60740fefb20d222dca4ee0cb29e643cfe32295e4b44d29e606cc8b

    SHA512

    b71c18d2406fd8aefa451e907d4aa897728de0d29e7dc8a9bf71ca35c2649be5722adcdd25afa31b83126cb2b842fabbb1d6d23dc6f25c67717301ff2750ab4b

  • memory/744-2-0x0000000077100000-0x0000000077110000-memory.dmp

    Filesize

    64KB

  • memory/744-3-0x0000000076F92000-0x0000000076F93000-memory.dmp

    Filesize

    4KB

  • memory/744-1-0x0000000077100000-0x0000000077110000-memory.dmp

    Filesize

    64KB

  • memory/744-0-0x0000000077100000-0x0000000077110000-memory.dmp

    Filesize

    64KB

  • memory/1192-488-0x00000000770D0000-0x00000000770E0000-memory.dmp

    Filesize

    64KB

  • memory/1192-486-0x00000000770D0000-0x00000000770E0000-memory.dmp

    Filesize

    64KB

  • memory/1192-487-0x00000000770D0000-0x00000000770E0000-memory.dmp

    Filesize

    64KB

  • memory/1248-140-0x00000000081C0000-0x00000000081DC000-memory.dmp

    Filesize

    112KB

  • memory/1248-52-0x00000000061A0000-0x00000000061E6000-memory.dmp

    Filesize

    280KB

  • memory/1248-136-0x0000000008D20000-0x0000000008E1A000-memory.dmp

    Filesize

    1000KB

  • memory/1248-132-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-131-0x0000000008150000-0x0000000008182000-memory.dmp

    Filesize

    200KB

  • memory/1248-144-0x00000000081B0000-0x00000000081BE000-memory.dmp

    Filesize

    56KB

  • memory/1248-165-0x0000000008700000-0x000000000870E000-memory.dmp

    Filesize

    56KB

  • memory/1248-164-0x0000000008FD0000-0x0000000009008000-memory.dmp

    Filesize

    224KB

  • memory/1248-173-0x000000007374E000-0x000000007374F000-memory.dmp

    Filesize

    4KB

  • memory/1248-174-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-175-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-176-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-125-0x00000000084A0000-0x0000000008532000-memory.dmp

    Filesize

    584KB

  • memory/1248-119-0x0000000008390000-0x00000000083C4000-memory.dmp

    Filesize

    208KB

  • memory/1248-123-0x00000000083D0000-0x00000000083F2000-memory.dmp

    Filesize

    136KB

  • memory/1248-489-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-9-0x00000000770E0000-0x00000000770F0000-memory.dmp

    Filesize

    64KB

  • memory/1248-10-0x0000000076F92000-0x0000000076F93000-memory.dmp

    Filesize

    4KB

  • memory/1248-8-0x00000000770E0000-0x00000000770F0000-memory.dmp

    Filesize

    64KB

  • memory/1248-124-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-7-0x00000000770E0000-0x00000000770F0000-memory.dmp

    Filesize

    64KB

  • memory/1248-40-0x000000007374E000-0x000000007374F000-memory.dmp

    Filesize

    4KB

  • memory/1248-44-0x0000000005D50000-0x0000000005D5E000-memory.dmp

    Filesize

    56KB

  • memory/1248-45-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-209-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/1248-96-0x0000000007DB0000-0x0000000007E1A000-memory.dmp

    Filesize

    424KB

  • memory/1248-106-0x0000000007FC0000-0x000000000805E000-memory.dmp

    Filesize

    632KB

  • memory/1248-88-0x00000000074C0000-0x0000000007508000-memory.dmp

    Filesize

    288KB

  • memory/1248-92-0x00000000077D0000-0x0000000007A90000-memory.dmp

    Filesize

    2.8MB

  • memory/1248-84-0x0000000006CB0000-0x0000000006CC6000-memory.dmp

    Filesize

    88KB

  • memory/1248-80-0x0000000006850000-0x0000000006892000-memory.dmp

    Filesize

    264KB

  • memory/1248-148-0x0000000008450000-0x0000000008462000-memory.dmp

    Filesize

    72KB

  • memory/1248-48-0x0000000073740000-0x0000000073EF0000-memory.dmp

    Filesize

    7.7MB

  • memory/2356-193-0x0000000077100000-0x0000000077110000-memory.dmp

    Filesize

    64KB

  • memory/2356-194-0x0000000077100000-0x0000000077110000-memory.dmp

    Filesize

    64KB

  • memory/2356-195-0x0000000077100000-0x0000000077110000-memory.dmp

    Filesize

    64KB

  • memory/2356-199-0x0000000076F92000-0x0000000076F93000-memory.dmp

    Filesize

    4KB

  • memory/4516-210-0x0000000076F92000-0x0000000076F93000-memory.dmp

    Filesize

    4KB

  • memory/4516-206-0x00000000770F0000-0x0000000077100000-memory.dmp

    Filesize

    64KB

  • memory/4516-331-0x000000000BB40000-0x000000000BB48000-memory.dmp

    Filesize

    32KB

  • memory/4516-207-0x00000000770F0000-0x0000000077100000-memory.dmp

    Filesize

    64KB

  • memory/4516-205-0x00000000770F0000-0x0000000077100000-memory.dmp

    Filesize

    64KB