894088e91cd5d8503b93a13a05e18e9efd658b4924f337a5a4dc30e07219adcb

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
Size

4.6MB
MD5

fd6b8f68b8676e17e6860c429065673f
SHA1

398b9c1b6da5698a3976ab2aaf2d3a8ca68a01ad
SHA256

894088e91cd5d8503b93a13a05e18e9efd658b4924f337a5a4dc30e07219adcb
SHA512

e06624bb3e15023ea467a6850f2f455a7fb4315552d714395f98d6746a7f84ab557a42075f19f56eb4b90825a082e7a96a7fce1c6c4e9f56138a80316f7c737d
SSDEEP

98304:tWqq+Mb+1yWvvIy5YFWAvwznlaFrTpa1syJ41L4o8nw:tWaQWvvIy5YPvwznlePI1V+2o8w

Score

7^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
1680	setup_ui.exe
2832	startup.exe
2764	startup.exe
400	setup_ui.exe
856	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe

Loads dropped DLL 64 IoCs

pid	Process
4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
1680	setup_ui.exe
2764	startup.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe
400	setup_ui.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	startup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	startup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_ui.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_ui.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	startup.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	startup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	startup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	startup.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 4796	2144	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	83
PID 2144 wrote to memory of 4796	2144	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	83
PID 2144 wrote to memory of 4796	2144	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	83
PID 4796 wrote to memory of 1680	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	87
PID 4796 wrote to memory of 1680	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	87
PID 4796 wrote to memory of 1680	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	87
PID 4796 wrote to memory of 2832	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	96
PID 4796 wrote to memory of 2832	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	96
PID 4796 wrote to memory of 2832	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	96
PID 2832 wrote to memory of 2764	2832	startup.exe	97
PID 2832 wrote to memory of 2764	2832	startup.exe	97
PID 2832 wrote to memory of 2764	2832	startup.exe	97
PID 2764 wrote to memory of 400	2764	startup.exe	101
PID 2764 wrote to memory of 400	2764	startup.exe	101
PID 2764 wrote to memory of 400	2764	startup.exe	101
PID 4796 wrote to memory of 856	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	104
PID 4796 wrote to memory of 856	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	104
PID 4796 wrote to memory of 856	4796	2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe	104

C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\temp\385709C68E6AFE11EA2EE7D387E5C6E2\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
  "C:\Windows\temp\385709C68E6AFE11EA2EE7D387E5C6E2\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks for VirtualBox DLLs, possible anti-VM trick
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\setup_ui.exe
    "C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\setup_ui.exe" -cp=objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAABkTIHthToYVchQ01fNDVV5AkAAALwS//9xTDw9SxqKnC8AGQAHAFoAdABzAGwAbAByAGYAaAAAAAcAMQAwAC4AMQAyADcALgAwAC4AMQAxADcAAAAAAAkA//8AAB4A//8AABAA//8AAAoA//8AABYA//8AAB8A//8AAA4A//8AAAAA:
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1680
- - C:\ProgramData\Kaspersky Lab Setup Files\KFA21.19.7.527.0.304.0\au_setup_6D0ED527-A6E8-11EF-AEE2-7E3D785E6C2E\startup.exe
    "C:\ProgramData\Kaspersky Lab Setup Files\KFA21.19.7.527.0.304.0\au_setup_6D0ED527-A6E8-11EF-AEE2-7E3D785E6C2E\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe" /-self_remove -l=tr-TR -xpos=270 -ypos=58 -prevsetupver=21.18.5.438.0.282.0 -prevsetuppatch=a
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Windows\temp\3894CB378E6AFE11EA2EE7D387E5C6E2\startup.exe
      "C:\Windows\temp\3894CB378E6AFE11EA2EE7D387E5C6E2\startup.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe" -auto_update_mode="C:\Users\Admin\AppData\Local\Temp\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe" /-self_remove -l=tr-TR -xpos=270 -ypos=58 -prevsetupver=21.18.5.438.0.282.0 -prevsetuppatch=a
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\26C00E378E6AFE11EA2EE7D387E5C6E2\setup_ui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26C00E378E6AFE11EA2EE7D387E5C6E2\setup_ui.exe" -cp=objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAAAxGp68O0+E/fGrDGat1QloAsgAAMwK//+p0iZx+kBiei8AGQAHAFoAdABzAGwAbAByAGYAaAAAAAcAMQAwAC4AMQAyADcALgAwAC4AMQAxADcAAAAAAAkA//8AAB4A//8AABAA//8AAAoA//8AABYA//8AAB8A//8AAA4A//8AAAAA:
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:400
- - C:\Windows\temp\385709C68E6AFE11EA2EE7D387E5C6E2\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe
    "C:\Windows\temp\385709C68E6AFE11EA2EE7D387E5C6E2\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe" -cleanup="C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2;4796"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Kaspersky Lab Setup Files\KFA21.18.5.438.0.282.0\kdscrl.rdb

Filesize
3KB

MD5
79a78149e4ef2e6e09cc061338c7b151

SHA1
99505d2461a18f16d4d185603887c60e226347ee

SHA256
e6c0da20fc5d9eda24e4128faa5641f8b2d39951e0a0236c013e1f1efcbf83fd

SHA512
a3baf55b373b943f8f1c8840cdc2f02a94aed436c54fdcb8cf6eeac9b5840a5e1a11be0c70460da0c17f6fda1b01b87f4e2a688abb5ddeb7819301a1354d688e

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.19.7.527.0.304.0\au_setup_6D0ED527-A6E8-11EF-AEE2-7E3D785E6C2E\dynamic.ini

Filesize
142B

MD5
9bf1b78bcecc8737f0e1b4404f697a88

SHA1
0b75414972ea8c6ba2f427345671a28dd4bf5c65

SHA256
ef1063d6f66ef2ce4e28439d3f40c22742f30d4f7b64ccb41870ac916352f324

SHA512
4148d6a1b4efdf2a0ab3cc190a1a2c12269901dfe77c03623e783f5376b1d10ee4ec517cbaa22874cfbc5490c458205f212df3913261788eb389e943e8277c1d

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.19.7.527.0.304.0\au_setup_6D0ED527-A6E8-11EF-AEE2-7E3D785E6C2E\startup.exe

Filesize
4.6MB

MD5
cd0b5fc8b179e63cb47e671eeb04bdbf

SHA1
75be50795919140c9cdeed6060898a20cc63832f

SHA256
cffac5c766bc57131cd05774ee5ee638ee32fd8acfe2b7e2284e923d77147fca

SHA512
c8e7f42c4bb40574c0f76e200e938895b1a5e3438c907b09c430ff63ba6c0469b0774b8773b0a77507f48f2f20de04466f340716757a6b2bc31a62bf74062342

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.19.7.527.0.304.0\au_setup_6D0ED527-A6E8-11EF-AEE2-7E3D785E6C2E\static.ini

Filesize
582B

MD5
ae7d1aa0eed1cedb7bbed567fe59f8ef

SHA1
833ec047c33510a89c6610b4be752afde3a8c1fc

SHA256
71bb8a59ee3f6e1009f72966bc9fbbec145ff54b61d954885f151c6d3586e0db

SHA512
489eb87bd6782e756503038ce28fed84f54055e2c3702b9f8b34fbc092b90e064d5189e68fd2045f0f5ea180fefee265e19eec055078da5cdd232b80e3500af0

Download Submit
C:\ProgramData\Kaspersky Lab Setup Files\KFA21.19.7.527.0.304.0\kdscrl.rdb.z

Filesize
5KB

MD5
562f0a8d2c4a2f794f8e29f800151513

SHA1
bbfbd2863061fe8ecc1c966a50e09b98b687cad5

SHA256
07de9d82c882b8cc753c77280a7799c7946b23e98c68c3db2d152c9c399ece1b

SHA512
771e89e4d941f203e65f97755b7911a898915149780bc5529ef7eaeaf8c882a20b3c6d107611ba7636c2f9be05a88eb8daa7ef535c2d9be2719862fa364f8c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\26C00E378E6AFE11EA2EE7D387E5C6E2\kl.setup.ui.interoplayer.dll

Filesize
57KB

MD5
d5670bcca45460886cfb007e826f3395

SHA1
d10130883a589ecc75d6a9f2ce319ad8fb08a4a7

SHA256
f0955dc59e3182a135bbb9b9ee6418ba972f89a99356c288b0b83572531bdf69

SHA512
c8b149f939a76411c2ce71048235a3faf7f31ad477897f303bb96ee2d2be934eda3279a5f2a6b7d102aa999e5c54bc3accbc566eaf40623bc130396172ba10a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\26C00E378E6AFE11EA2EE7D387E5C6E2\setup.dll

Filesize
6.1MB

MD5
5747c93c2b6d8938cd800f74d5d2fd51

SHA1
461877b32a57b5b37329ba3bcf67bbd8634504ea

SHA256
9b70d9c2cded74b66088e76b406c855fba2942c89a701f7abeb7775cd99a7c9e

SHA512
a355648266e859d5eecc497d8b820a6181e5454adf3b209d3ae28dbe4b6dba882f03ddbbff07ab28b4dbc1ca9f6d81c15236adc23ce9d3ca872a88ac937a5aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\26C00E378E6AFE11EA2EE7D387E5C6E2\setup_ui.exe

Filesize
658KB

MD5
7ac1f99c07064f699b30ceda9060ab0a

SHA1
5eac3a8b9760a52b4ecc798892304bd48d66a629

SHA256
5875e20179a325fbae7816040f9e5409d2a3b809a43e762fcb34c5e3c96caf12

SHA512
2f1a3c7082aa1d43e9e2e684ebb8336e6bd889cf45b4a8bce90a6d2f26e7d7eda707c8e899cdcdf831b6803183948d13d5e81ac374bddae3c40174b910534a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.setup.ui.core.dll

Filesize
73KB

MD5
3d791db3fb8df9cfb95cdc1c89f576cf

SHA1
977725bdd90b7e20d86285c9d91c294a98f76ece

SHA256
6ff013a27dab58effd6b1fcc885e49302ac99a371c640f01001e036c4f06c6e0

SHA512
64cb627d2fefb9245462b5410cc7bbc111d84838f3be2fb8091cb5847faf115fe00397159db01ef6079cf6bbee0062ba71bf8a253b103f271562c61a79eb4a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.setup.ui.dll

Filesize
279KB

MD5
3c7d941e01763db131f05cd5e17909d0

SHA1
a7f8afec2bae02d5e71de09691ed23a59afbb36b

SHA256
a985540c3dedab11d80faa0537ffc3e91f3f778da28f7d60dff3ccbbec97de74

SHA512
78ce5069df9da39b01ebea7ef7c6b582a2b266e51359d1d2561413df290f3eb2039341fc474317c116232542899d7cdd0d84e92837677770988d164f53e2b65f

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.setup.ui.interoplayer.dll

Filesize
55KB

MD5
b7e44cf662827b55d7f1aff8ad75bd01

SHA1
26447133da5fa2b79abb4004062d088501492a1f

SHA256
a82b14a1f48329b1288e92cbe72c033c1446fb813f6a8551a86c5dc1ade7aa16

SHA512
c46e8141a42dc5e0e491f1da09b5e2133fcc92f47e224309fdee1010229b262e94460ccfb63ebfe1ee7edadf10c3d1da3439e5d7e8a885f5f04f729657ba377d

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.setup.ui.visuals.dll

Filesize
406KB

MD5
70f74920e8265226ea92aae61e555df1

SHA1
1ba3bec7011418d63d181c1ac452cec1f7beb3a3

SHA256
6ac4ff8fd298f8f78c825eb714c801f026db14a1862eec9562952b59a2f862f8

SHA512
4ca6d4f881a2dbc1f6c0194451429c389fa0b6a9bd18f5477227895fbb5a5d513c212c4adb48d956603a95216f70c52f07016be2ad92a5c5ccf4f5c44d592673

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.ui.framework.dll

Filesize
213KB

MD5
676bdc05672d36e2ef7de38aa83a2803

SHA1
1a87a7c0b8571631800c517fac92a06bd88657b9

SHA256
79c7455735eb0b7e8b3cf46da78b06fb81229169d85039afab44ca74fe3f9a43

SHA512
c136de38e9bf50b901ab79d51169356f6f8077c18d440ea39d6920f2335f7cd67537697b90479be4a6dc59529842121b84f2e7b9223c740e6453ae47ac3de78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.ui.framework.localization.dll

Filesize
285KB

MD5
2985b28c3485039cbee81b840b5437b4

SHA1
c7020d197d094196137655da3b0196720d99d2de

SHA256
586c371ecc1b17c7cac9f8d72961d9d6504b0bf855ca3501262bb0338c6654a4

SHA512
9c2c82c1c1bee1a9e76868a7598998c0b927505395e700d6aac05e7c2a4f522f715534bcd8a512152b7879fc87ee11ceb07c4ef440de5519295d8ababdac6022

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.ui.framework.uikit.b2c.dll

Filesize
659KB

MD5
8acd5d780ddd04ce22f90db393027cc6

SHA1
2466b7e57fb2997e50cfac797065cbe7c565e671

SHA256
029317b7e585abd3561020ae0d9a941f64abf01302024270c7fa55648d0c5360

SHA512
a57c323a7267a21d2f262d99edd4edc7ba8254e301c3f9c0f8b9d9fbf21914896c0e4517a3a1985976cc80dc2afca595c7369537fa11d10185be26b734179946

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\kl.ui.framework.uikit.dll

Filesize
2.9MB

MD5
05b722edf678407e6da411924d11bf74

SHA1
2df3ba610c858ea6156867f1ade8aebe3f278d28

SHA256
41eb3558586ee2eacc0822b725fba7f755f54c7b0ac450dfeba5a59057192b44

SHA512
16a16d35cbb0a71298ce3413d44fd790ee49d8649e0eb9587cd6f20621a3ede6987de6bdb2377180d4616c4fc2b677cff378e89aa9e8e37da3b5a7e6e5ab7484

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\setup.dll

Filesize
5.7MB

MD5
ba1eeef5d0897ce0740349ba8a325597

SHA1
b9c4d595e15f3009d373aa220c010a8dcb6be034

SHA256
b676d0aa7ca793a211c7e4447ab586b24f3eefcdaf8205310708b453b6d9e6f3

SHA512
90772939ff7ba2e08e1cb53b602449cf2578e5259a9eb4ecb296fd792a3c2c414477298d16dd9de686332822100a29e2c544e27de8f8baf08074def36854ace7

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\setup_ui.exe

Filesize
655KB

MD5
a0c47318617899694e162794235eed96

SHA1
40f579a039f96f02074e6de0d98908ce57c1ffd8

SHA256
8e74d5119d9047d518c6bd9750dd1f467be804eac5df659d409ba92b2021b334

SHA512
323577bfca501a5271eb9dfd8971749dc7313b468662bf8ebd6d04e86c2857943bed535748636d7dcaf4b074c45fc398d33bd008834f94ed882229dd8f7fa60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectorconverterswpf.dll

Filesize
136KB

MD5
9ed0b05697672396a56f9d5c249b7c53

SHA1
928e251256859ed146c8b566287ccbcece647878

SHA256
93a87c48b86a10f6c0e59827ae90e7af45a0fc61f92df2a64ee47e4219b3873f

SHA512
e0ab1c3a50d09ee5174cd1a3ff27566a0e23e5a75c7d16da6635df227e57d68e9cc3cb0f89a14148fe5a9d506e0431f2654bc678a26c928fdd093140051b974f

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectorcore.dll

Filesize
201KB

MD5
9620b9b61a710c8a2178747a74d066ac

SHA1
1d48e8583dcff441d880b2e2d00fa2c9b6ac905f

SHA256
3929ef5d1c09611bde783054cdaa6f19e07a9f22c7e9c85edf9510d13c7c423e

SHA512
c88b2dccc17e04ecb9afe3133069778a88873a98133cc2989fde6ced1cbe00c434c9bc6019fdab02b0b65db65f81efc18e235dc2dc827a28cbd0f6397f3b7f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectorcss.dll

Filesize
108KB

MD5
3249c9313d6902a72ef8f971c26f5082

SHA1
726f2eb6b2a82e21eee0e5e497a028f461fc9f95

SHA256
393d5ac9b4f30928496f39120ad300b7a81cd7533133adc8c935ce3d1ccacf60

SHA512
22ab9eadfcfc24680f5c568024e062141d00a9f4d929ee452cafae3c5ea0d039513b8c17ea85ca2d104f1d4e60ab8b9e44a5ecb6818617d008549ae08215214a

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectordom.dll

Filesize
55KB

MD5
46f91941e61609973979d8e5bf321a31

SHA1
1b86653c3fdee62d587d3afdad0ffa5aad01235e

SHA256
21675b87be651e4a2e7ce2af5a62d9e10a1a04dc2c58e1751b304089a7d5a070

SHA512
1a251c8491061a9b01406ba4f89d356edf8417cd89e29a961007964b501ed5ce10baeeb7a388cfb661b21b4cdb09d2a8b2c1c207a85cc285a76614775e71c923

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectormodel.dll

Filesize
996KB

MD5
768fd4b2b69b57e5a3370dd19db5bd9f

SHA1
6fe8859921169d25cf67af7567f2a97df7da7941

SHA256
4eb40c9c1019c0804c813cd0eff2c0da709724b022a4e510be5d6a89cc05bab4

SHA512
e08ce0545235b1acc43798eff56570752ae2bf77adb38cb3fae8e2781f8c9cc1709d251709e2491fd8ef203676c9ab7fe91590792ae37226c6e605eb36c4a61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectorrenderingwpf.dll

Filesize
202KB

MD5
e53fe31b6e8e76e82321b1a7333cece0

SHA1
d70a43434b8c3022fe9c9b7f2f3be15c49bd8b72

SHA256
97ec1da3c2bfa0d12f3f6d03ceb7316214a07e55f183c324746b1ce8f050503d

SHA512
e1679116976918d520f01885498d46e0233a1750a47979cbd675ddc4b8f3047a616cfd94bb60ad15c5dd1a9f49357eefced5b012f7e2e90a5ae21515fa51e3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\425DE0D68E6AFE11EA2EE7D387E5C6E2\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
551b9e8050754178469ec56cd0a61c3a

SHA1
e8d0ab21a7dad026f50a64d14d5226a7cc1c8574

SHA256
560366743fb87ac7f1c3236f3b21856b8585b580d785b3e79349e603fd80fb14

SHA512
c545860998595ff730271f94588841e99383138fd6b6ab5064708cf99ad4e88ba22e7573ed49f5533be1d588dff0cb4976de35d32237b99015019aebd4d3112c

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\GuiStrings.loc

Filesize
22KB

MD5
09c4e9f41c4b8bfdb6bf8916af730ecd

SHA1
a215913aa718b459d8e3c13dfd22e5246dcff38c

SHA256
57bf969d3c10d5be0a4b31b8e530c1e005622c8dc809ee4fbd4c214f3b3e9a37

SHA512
7767639c5e068fd3e83a527dfce0345c902673e50102a6c5ba3998ffa2d16f0417a74bee15fce9b6825eabe94f6d36c4528cc70c4541294415b26b9f0f64937e

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\GuiStrings_KFA.loc

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\GuiStrings_tr-TR.loc

Filesize
42KB

MD5
e678baa96b5cdc0bd28c74af7c3c7074

SHA1
8bf794d5b644a68f8c532186717d1d37651fb9e8

SHA256
d6c64b50f64af1c2a8246e04258ac43036cd86850cb137410bdb5169c3c8da21

SHA512
3603979d093ed806d831a39635e28acbc4e975f98f35b756a6caf83ec8c8854a43bd87c70c2f4e1c4d3e7c5524849902f38c04eaf19ad14e372fbc310a9f8329

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\GuiStrings_tr-TR_KFA.loc

Filesize
95B

MD5
7ce3d16a4e20184aa09db03bc6fff874

SHA1
40f5ffb8d802820e34f0ffdfe6b2e0570f570662

SHA256
35bce8383dd1a2e8a4ca4995d0be5fc2ebbf6ff28d23ee1880cddcb03ed9d4ea

SHA512
0979c24e3b2acabb648c29f3cdd2be5b3edb173518602efec747aa8429f9af0e47c6cf146d7de609d16e4576e2c52ee4d790c5a04728ff868ac2428482410557

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\downloader_neutral.ini

Filesize
18KB

MD5
635000d027160a52e2320ad7d4b0a857

SHA1
1ee38c9619f30031a112e0980ffc6a400a7c1e66

SHA256
8e6025b49c9d1f8b3134357125d01b71ebd69258e7f90e97c0b3bf8d3886d1c6

SHA512
a227bfe29e0c4c4ba0754d7b2e24b869ca0ce0a12c1dfb38165ec87bcafb183ee17978ae3cd99c8cfa21f4c54cc56889cbf0a9a5cdd7a7e9b6c80e5eedeef279

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\downloader_neutral_KFA.ini

Filesize
1KB

MD5
2e10b2d4181d2f07d2dd305bd4285bd5

SHA1
9c05f3e03bae36da24a62b08729074cd12b0077e

SHA256
cbb72cdc1e461226c7d0e49e7ef955f77dfeef4f7fe12d0d8a8d0cf9658edc78

SHA512
a1bae84b8a9c0833bbadf29d4532b64f0216d7c1c13be2b4ebb75dd4d2b18244eb67fee52743745ed0a5818e745cb9aae9a8bfdc415ff59ee8aa7de77f122819

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\downloader_tr-TR.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\downloader_tr-TR_KFA.ini

Filesize
56B

MD5
5fc1e104c2c6eca5eaeade1f931736ee

SHA1
3252bdad7d8dcd9dd22b5d5cacdf1537b6a84b11

SHA256
56df17509b96ba8fade248fa3f64f30d8939b060d7b78f92135c3407c92a1359

SHA512
7787a2305db0feff04ae2e2bf8ec7d44a1ac595bafc5be8c5f07abb567e750805708ec6c78db5ed9f1d247e9db9f915bcccacfe37ebd766a514addaf0b6e5576

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\html\yandex-logo.png

Filesize
10KB

MD5
466f4bbe54d76b634f1c801988323859

SHA1
e02ddfb73c81e4e4fdb0eec5b8b8606d3b566a27

SHA256
3b04135e2025179683213499aa09a73207c21dc4cd38152062ebb94873c47554

SHA512
645e5b1a517965073961ef9fab6c92628a689c80b45ca9025f1ab7301cfdbbcd8fe6e60c40aa68944253eed565b5f7fe1d3e1fb609fc818ab0da3b67babb5e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\ksde_ksn_ep_tr-tr.txt

Filesize
6KB

MD5
db8b24df0d43405b3b4b787bb316ac9c

SHA1
6bb8eaf4416e0c8bfbbc49cafb75b7d97f1e5554

SHA256
1dd7c0667344d5fd05960bea37125550f51fc595c4801df62450ac547db55b6c

SHA512
a3b75333e0c694b62ae32668d910db58720355b64df315232a2a3697db16d646d9d2031ff46e8d46b79e115c76950ccb4c3c13ac5546680167104d09a746abb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\6D0ED525-A6E8-11EF-AEE2-7E3D785E6C2E\mykasperskyfeatures_tr-tr.txt

Filesize
4KB

MD5
93717b0d24f863fab93a8cc88d2d2e8e

SHA1
6e1889af69927e52b793533b87a35d5dda118587

SHA256
34bc65010efcc70cd8a1b890fc742ec26d7262f188b7d7f304cb30108b9712f5

SHA512
0adb48e77ad402e40209ae7b1d719dd37efb0e434ab59e05ac6a7c3fc08e20a24e074b5990e2e85d979242f4ffed962fa545b6b86b9742a56cb859bd8df12209

Download Submit
C:\Users\Admin\AppData\Local\Temp\discovery.cfg

Filesize
29KB

MD5
c45db4accd32bd23f4c3b38a61b3a765

SHA1
acb5e35c77562177b4216ed420d9627df30fee6d

SHA256
83521c8ac98c03465cb3ef113d19010fcd2a4121171418f1b8b63e54b77b4ef2

SHA512
62ebcec25eae790c758b696fe34bea44c09845940903f42ebb954d859cabfe82ceac02b483ca24cc1be203784880ca81749b4329768b1a49e1006192cc1d9754

Download Submit
C:\Windows\Temp\385709C68E6AFE11EA2EE7D387E5C6E2\2024-11-20_fd6b8f68b8676e17e6860c429065673f_avoslocker_luca-stealer.exe

Filesize
4.6MB

MD5
fd6b8f68b8676e17e6860c429065673f

SHA1
398b9c1b6da5698a3976ab2aaf2d3a8ca68a01ad

SHA256
894088e91cd5d8503b93a13a05e18e9efd658b4924f337a5a4dc30e07219adcb

SHA512
e06624bb3e15023ea467a6850f2f455a7fb4315552d714395f98d6746a7f84ab557a42075f19f56eb4b90825a082e7a96a7fce1c6c4e9f56138a80316f7c737d

Download Submit
memory/400-267-0x00000000078A0000-0x00000000078DA000-memory.dmp

Filesize
232KB

Download
memory/400-259-0x0000000006090000-0x00000000060A4000-memory.dmp

Filesize
80KB

Download
memory/400-271-0x0000000007BB0000-0x0000000007BCE000-memory.dmp

Filesize
120KB

Download
memory/400-274-0x000000000B9C0000-0x000000000BA02000-memory.dmp

Filesize
264KB

Download
memory/400-275-0x000000000BA10000-0x000000000BA18000-memory.dmp

Filesize
32KB

Download
memory/400-266-0x0000000006E20000-0x0000000006EC4000-memory.dmp

Filesize
656KB

Download
memory/400-265-0x0000000006D50000-0x0000000006D66000-memory.dmp

Filesize
88KB

Download
memory/400-268-0x00000000078E0000-0x0000000007906000-memory.dmp

Filesize
152KB

Download
memory/400-272-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/400-261-0x0000000007020000-0x00000000075C4000-memory.dmp

Filesize
5.6MB

Download
memory/400-260-0x0000000006710000-0x0000000006A64000-memory.dmp

Filesize
3.3MB

Download
memory/400-273-0x0000000007D00000-0x0000000007D12000-memory.dmp

Filesize
72KB

Download
memory/400-269-0x0000000007B50000-0x0000000007B82000-memory.dmp

Filesize
200KB

Download
memory/400-257-0x0000000005F30000-0x0000000005F8C000-memory.dmp

Filesize
368KB

Download
memory/400-437-0x0000000000CE0000-0x0000000000D85000-memory.dmp

Filesize
660KB

Download
memory/400-270-0x0000000007DA0000-0x0000000007E56000-memory.dmp

Filesize
728KB

Download
memory/400-249-0x0000000005800000-0x000000000580E000-memory.dmp

Filesize
56KB

Download
memory/400-251-0x0000000005D20000-0x0000000005D68000-memory.dmp

Filesize
288KB

Download
memory/856-434-0x0000000077070000-0x0000000077080000-memory.dmp

Filesize
64KB

Download
memory/856-436-0x0000000077070000-0x0000000077080000-memory.dmp

Filesize
64KB

Download
memory/856-435-0x0000000077070000-0x0000000077080000-memory.dmp

Filesize
64KB

Download
memory/1680-96-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-123-0x00000000072E0000-0x0000000007302000-memory.dmp

Filesize
136KB

Download
memory/1680-191-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-42-0x00000000736AE000-0x00000000736AF000-memory.dmp

Filesize
4KB

Download
memory/1680-45-0x0000000005830000-0x000000000583E000-memory.dmp

Filesize
56KB

Download
memory/1680-48-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-49-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-58-0x0000000005D70000-0x0000000005DA6000-memory.dmp

Filesize
216KB

Download
memory/1680-54-0x0000000005D20000-0x0000000005D66000-memory.dmp

Filesize
280KB

Download
memory/1680-165-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-258-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-157-0x00000000736AE000-0x00000000736AF000-memory.dmp

Filesize
4KB

Download
memory/1680-148-0x0000000007E30000-0x0000000007E68000-memory.dmp

Filesize
224KB

Download
memory/1680-149-0x0000000006270000-0x000000000627E000-memory.dmp

Filesize
56KB

Download
memory/1680-144-0x0000000007720000-0x0000000007732000-memory.dmp

Filesize
72KB

Download
memory/1680-136-0x00000000076E0000-0x00000000076FC000-memory.dmp

Filesize
112KB

Download
memory/1680-140-0x00000000075C0000-0x00000000075CE000-memory.dmp

Filesize
56KB

Download
memory/1680-132-0x00000000077E0000-0x00000000078DA000-memory.dmp

Filesize
1000KB

Download
memory/1680-128-0x0000000007550000-0x0000000007582000-memory.dmp

Filesize
200KB

Download
memory/1680-124-0x00000000073B0000-0x0000000007442000-memory.dmp

Filesize
584KB

Download
memory/1680-119-0x00000000072A0000-0x00000000072D4000-memory.dmp

Filesize
208KB

Download
memory/1680-190-0x0000000000660000-0x0000000000705000-memory.dmp

Filesize
660KB

Download
memory/1680-114-0x0000000006E70000-0x0000000006F16000-memory.dmp

Filesize
664KB

Download
memory/1680-110-0x0000000006D50000-0x0000000006DB6000-memory.dmp

Filesize
408KB

Download
memory/1680-99-0x0000000006840000-0x0000000006B2E000-memory.dmp

Filesize
2.9MB

Download
memory/1680-93-0x0000000006420000-0x0000000006468000-memory.dmp

Filesize
288KB

Download
memory/1680-89-0x00000000060B0000-0x00000000060C2000-memory.dmp

Filesize
72KB

Download
memory/1680-286-0x0000000000660000-0x0000000000705000-memory.dmp

Filesize
660KB

Download
memory/1680-287-0x00000000736A0000-0x0000000073E50000-memory.dmp

Filesize
7.7MB

Download
memory/1680-94-0x00000000064E0000-0x0000000006546000-memory.dmp

Filesize
408KB

Download
memory/2144-2-0x00000000770A0000-0x00000000770B0000-memory.dmp

Filesize
64KB

Download
memory/2144-1-0x00000000770A0000-0x00000000770B0000-memory.dmp

Filesize
64KB

Download
memory/2144-0-0x00000000770A0000-0x00000000770B0000-memory.dmp

Filesize
64KB

Download
memory/2144-3-0x0000000076F32000-0x0000000076F33000-memory.dmp

Filesize
4KB

Download
memory/2764-188-0x0000000077070000-0x0000000077080000-memory.dmp

Filesize
64KB

Download
memory/2764-187-0x0000000077070000-0x0000000077080000-memory.dmp

Filesize
64KB

Download
memory/2764-186-0x0000000077070000-0x0000000077080000-memory.dmp

Filesize
64KB

Download
memory/2832-175-0x00000000770A0000-0x00000000770B0000-memory.dmp

Filesize
64KB

Download
memory/2832-176-0x00000000770A0000-0x00000000770B0000-memory.dmp

Filesize
64KB

Download
memory/2832-177-0x00000000770A0000-0x00000000770B0000-memory.dmp

Filesize
64KB

Download
memory/4796-8-0x0000000077090000-0x00000000770A0000-memory.dmp

Filesize
64KB

Download
memory/4796-10-0x0000000076F32000-0x0000000076F33000-memory.dmp

Filesize
4KB

Download
memory/4796-9-0x0000000077090000-0x00000000770A0000-memory.dmp

Filesize
64KB

Download
memory/4796-7-0x0000000077090000-0x00000000770A0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads