modiloader | hxxps://linkvertise[.]com/1208172/solara-bootstrapper?o=sharing

Analysis

max time kernel
156s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-12-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/1208172/solara-bootstrapper?o=sharing

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 7 IoCs

resource	yara_rule
behavioral1/memory/3096-867-0x0000000000400000-0x0000000000545000-memory.dmp	modiloader_stage2
behavioral1/memory/3096-868-0x0000000000400000-0x0000000000545000-memory.dmp	modiloader_stage2
behavioral1/files/0x001900000002ac56-891.dat	modiloader_stage2
behavioral1/files/0x001b00000002ac4a-887.dat	modiloader_stage2
behavioral1/memory/3096-909-0x0000000000400000-0x0000000000545000-memory.dmp	modiloader_stage2
behavioral1/memory/3096-910-0x0000000000400000-0x0000000000545000-memory.dmp	modiloader_stage2
behavioral1/memory/1444-922-0x0000000000400000-0x0000000000466000-memory.dmp	modiloader_stage2

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Executes dropped EXE 1 IoCs

pid	Process
1444	sdfsdf.exe

Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power	sdfsdf.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys	sdfsdf.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc	sdfsdf.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager	sdfsdf.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys	sdfsdf.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc	sdfsdf.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows\CurrentVersion\Run\sdfsdf.exe = "C:\\Users\\Admin\\Downloads\\WinLocker-Builder--master\\WinLocker-Builder--master\\sdfsdf.exe"	sdfsdf.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
40	api.ipify.org
43	api.ipify.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinLocker Builder v1.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sdfsdf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794567882329959"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 29 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	WinLocker Builder v1.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	WinLocker Builder v1.4.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{8F4D6922-0B88-4B71-B2C6-ABC9E4B63973}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	WinLocker Builder v1.4.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	WinLocker Builder v1.4.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WinLocker Builder v1.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	WinLocker Builder v1.4.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	WinLocker Builder v1.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	WinLocker Builder v1.4.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{822CAB24-75FB-431C-AD9A-EBB54967E103}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	WinLocker Builder v1.4.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	WinLocker Builder v1.4.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	WinLocker Builder v1.4.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WinLocker-master.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\WinLocker-Builder--master.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe
1444	sdfsdf.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
1704	explorer.exe
1704	explorer.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
1704	explorer.exe
1704	explorer.exe
1704	explorer.exe
1704	explorer.exe
1704	explorer.exe
1704	explorer.exe
1704	explorer.exe
1704	explorer.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3096	WinLocker Builder v1.4.exe
3096	WinLocker Builder v1.4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 1992	2708	chrome.exe	77
PID 2708 wrote to memory of 1992	2708	chrome.exe	77
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 3452	2708	chrome.exe	78
PID 2708 wrote to memory of 336	2708	chrome.exe	79
PID 2708 wrote to memory of 336	2708	chrome.exe	79
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80
PID 2708 wrote to memory of 1284	2708	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://linkvertise.com/1208172/solara-bootstrapper?o=sharing
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e3d9cc40,0x7ff9e3d9cc4c,0x7ff9e3d9cc58
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4636,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4848,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5368,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4536,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4472,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4452,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5776,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6024,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5896,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5472,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6176,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5784,i,606221524904903242,8332898906430692975,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Users\Admin\Downloads\WinLocker-Builder--master\WinLocker-Builder--master\WinLocker Builder v1.4.exe
"C:\Users\Admin\Downloads\WinLocker-Builder--master\WinLocker-Builder--master\WinLocker Builder v1.4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3096

C:\Users\Admin\Downloads\WinLocker-Builder--master\WinLocker-Builder--master\sdfsdf.exe
"C:\Users\Admin\Downloads\WinLocker-Builder--master\WinLocker-Builder--master\sdfsdf.exe"
1⤵
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1444

C:\Windows\explorer.exe
explorer.exe
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4cca729a7eeae9109e871d32615cbd1d

SHA1
ab9d78d12c552689607336ca03eb2d19ddc96cd1

SHA256
86af92c6d85345b1703e42e81546aad690e850c851dd54b39177053c9de6b083

SHA512
87ad30b62e3ff381766df20397b1ff8d71f12c447d482c326a56fc02f1b7548c36d8505247ae954af047f802e13bf74b686088722b938b1578c5c8ecf7b0ab0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
37KB

MD5
56690d717897cfa9977a6d3e1e2c9979

SHA1
f46c07526baaf297c664edc59ed4993a6759a4a3

SHA256
7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e

SHA512
782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
16KB

MD5
5615a54ce197eef0d5acc920e829f66f

SHA1
7497dded1782987092e50cada10204af8b3b5869

SHA256
b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26

SHA512
216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
b5bf3601630a08efa2b8c45fbdb6c109

SHA1
2fbefe95efbe84a435c575e070403eaa0b0e0095

SHA256
125bd24ece3e9d940fe70d396f8f5d38ddebc2c68f1802bc8b41eb047e893b58

SHA512
a73c7ad13b5916bdbc3fd970aaf2f8bf7d3b4cdb09fda60fe7d39883ace4339d393af1274267767060874df7cdb75d76dfb5cfde07396b9400779db9b74fe00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d024f4eec845b6cb34a3ea5f69852e8e

SHA1
8a66f9b30d2569a4584af995a755716dafbfd98f

SHA256
911f9d30f4c7c829f61c64b817edd759b507f1519a3d969792c03b15949da745

SHA512
45483f2814ef257d834e6cec05fa277aaa78fa56ee8cef57b26755beffc7a83645d42eb33e7ae5fb315aa0db57ee82f99d7ef5c69fa6e3179852db4b4b0b04e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0d9667b09883c7ca00d7965491ccdbf0

SHA1
a6b0b0b0ad24b8e957d1b7ece56f30b2ef2d98e0

SHA256
21208ba42b2602676459e0048b500102a6c6a66db33137fe537cd1fcf6c6fa3a

SHA512
ff7611fecfba94460cd8c8fa01654ccba60eb7a9a4c32549411bfd332c3e187d8fd76c17b63d85c86334b2733f1afb4b6814bc0dcf8cc0b999a0fd9dc49d2747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
402ddf7ad7824e38e32f34118a86d426

SHA1
d2b10d09433beb3e0cb4cfcf6e6bc62e947ffc67

SHA256
0117c5ba6dfb181f13ab73e06bcbc281895540effd99046b528f39b213072f92

SHA512
2493aa4d7ef1a50507db62966d3b3929ad80bc84ca0ccedb4209dd8d56f9be4fc59d8daf6dbc22dd99ed446361f025cac33bbdd54f472530d3cc57e9d7dc5ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b02bc71cef69ce9635452abd7ab3a6ec

SHA1
388e30220647c9ef906ca4182df81ca1e5332a06

SHA256
ea4b3242eec83c2eeb4b192895c231677bd3b6a6ca920c2a3493e344d1780bb7

SHA512
c622a3010786fc5b99d8c86c48c9d8e07ac954aad8107ee00a5022c6e3a2c4955b353ea51ed12cb9c7ffee1ecf603b6fb2e326e54766d3a95cf828300a284f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee16c27864980b445aa79b49bcec0d84

SHA1
5646854a63e275782408cdd00f4d36f7595c4a58

SHA256
6b00d86187ba1e3cf07829ee903e7cccac85d877be3ade83a33874e3c014f621

SHA512
2d742a6d1b998f11ffc4af65d165c7cae542632abb2c37b0925c99bcfef5f4d78ee6d707826424beb8c0fb0c4438021f326405e3d2527ac4c280f49f25f662ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
671e9cf09df0b0a71a9f9f92b38a784f

SHA1
95d003644f003d2358c6e6cea1da08afb47f9b34

SHA256
cb3c99b20bcb96750acdccbd8be7d86ba51aa0d0942adf7745f523e4ddcdc14e

SHA512
313f16f37bbbac2b3b6e1a163f1c2e8069190d3a7e0e4f0d30ec2a426871944c0a177318b7d327aac1cf3fe97fea8273aa667ccb5fb55162d735c18ae226f072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8e5d674b48da7975d0e267621b97f4dc

SHA1
a309fb2e15972103f0675e2b7014079475fdda8b

SHA256
3370f901b72fa3767851aa8570d348d3f36d89132f1c15b41d77cc23c053879a

SHA512
53d9a7bcb0d8fe724cafb0a4bfec9146109aa9ae8b9c72cfef418274220b9c22f13ffbe6d35e814cdf8b3d16632294ec1250099658bdc39d6be3428bc74a353e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5febe549fe7611cff3b242a731347c41

SHA1
70402fd3abb003016f8dbb0e54dce70a8ee4c6d5

SHA256
a82e5f33c940d0a9641fa8c14621779d8284a91e5fa5c9dac9ed1cc7498fc8af

SHA512
daab83fb3062fbb75981ea8ef3072f973f3da558008c092745f501e9b321d3994f5e6969acc1701a836ceff21f4f673c04f164267927196e3cf6c929bc48ad9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b155383f250b197465a3630aeff4664

SHA1
101fa4f6f3b082b5c414bfdfc26c05ec3753685a

SHA256
5ed79334eb902e4ee5a235e29d2a53313eec29e6f6dbdace65390ca8f8c38a4f

SHA512
fc69f9f50e98819205b5b53f989040a0ed7bfdd85051262f051cb1b8b50ab69b874bebff6ec77b5d83352167ec144a41312d41f786541372abfcb62fafd77e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edec9a798cf14e2321b5c747a8e43b6b

SHA1
e44bb6c1e735c8720eed24b30c0623905578c14e

SHA256
a2faa2ea51a4c9d5e24cdc68ab8c7942eb88d08c42382c6bb29046570f576da9

SHA512
a34b26443711e51855d6fa3450bd6790a50a30c16fa41cd8f72ee6233b021f9cdaaff8bc777f2353c3f476452b6da3c48b2730c853f99b3af1332bd6a51fc82b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7fc9cb117bd80e54f16bdd56a9372ad

SHA1
a8fd80274e8b6f771a0aa7c3fd4b4666557f3486

SHA256
eff255daccb8bcd66eb2637645f2529025aa6c4fe680049f89dddda571e650ba

SHA512
37fe576b6b66c57ea9a724c1306e9d179189384ab418b73a76b92fa292fda2dca821caf4bcf6aff93057abd050b14f3909da1d21be0c98a7a72e6aa64875fcee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
460e908a5f68bd07a977a08fc1e3b9d9

SHA1
b9a6ef48cc62a806ff9b644444f4d69c0f5ae398

SHA256
e0332458ea85057a11a37483364552bcea689f30639bc38824449c25d52bab58

SHA512
afabbc87459faad152bc2cae955188141d51707def92e4a0ca13b861c79543bd5bde8fa1bc0df4b78260ad25c32a3bb82877bb56b4b83e9c283fd6f5b436d777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c16c4a144ac4f272d75445560a4bf752

SHA1
f2fd5d27a039a2a9cbef1784ed1d87a33001038b

SHA256
05d52615d2ff339670f8dd1d7e2144d5e1eec0c5ae66f93fecc7abb8dbb8d338

SHA512
9bdf3877a6a4b52602dd2271135b112c25865b913f305435c5a1ba5134b9dd6931263d5e9d47eaedd66fd9c6b4223d25051aed15018536146b8533d50ba27904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4cc2dfa3014e79951d1101fccb5b0d3c

SHA1
5c891809f6155395fd0fff759dc0d613e0145827

SHA256
cefb5ff56ec2f31a6822f3ecb2016af040b904217b07b216db4fb2bbfea4f8b3

SHA512
93871407d2553b237c3eb2665806ec6a89745de79968353dec0741e30d94abeb41f2571f5b80fcc48df5055ffbd8dfbf329fddda549bc20464ba0dbe39e8fedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
673ec2b7fbee40f380f7862de878e9d3

SHA1
2d4a69c4da47acb30062fefb2dab58ad7bb31c6b

SHA256
b77e9a087d985a76f22439905301f845e6706ebf1d24cce6ecf2a7de755f7c8e

SHA512
6152ab523b86151d20c4a9d471c349760a21d957eaabd2cf03afd2c2c8c15ec8a74f8b7c86072fa3dae33c8c6de762e64c68bfdf0d3abdfb0409d890194c9b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
01110e88f94f52cceb88f65c33d49ff5

SHA1
5e709f7d6caecf51117ea344a540245c3de0c9f4

SHA256
cd946941167814a5417560943f81124b83beda0437d208d0e568c749d4def048

SHA512
03846dcbcc78c642c80dd43c1d9e42af77c00a7c40bdaeeaeddd497deb0cd7e7d9b0c554b5474194fef051ed751d4584aaa1c30bc650f4adde7ebaeebab09af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2a2e7e9a07673c43b551581aed0e9fa7

SHA1
660e532561d0f6e02291f536a523ecb9fab5faba

SHA256
929593f4cab1e670220351c164baab8e3203d1d9a6161f2738ee385b60aa5e00

SHA512
224a5df4d6eab1734fa4aa357848c0b4402bab955b352b32fdd99c090fe4c6b63ea673419094ac84a472203034b04a8ec71e265f6516c62c4d7afe89b57a2ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb989c41360c4467c009b6bb1460a3ec

SHA1
bd8d22954263b58609055119a4d3b44eb46d17b1

SHA256
7a65888838634110836da50d3f268a2cfab66bf3298df5de608fd6613b4fe18f

SHA512
888684e5c06b21a4b66fd1dbedeb25898bfc00551ffa67f905e67fdb6dacd38fa9901438fe68d3dda5278a917a21a93be68c61dc154b829cb0644aeb3be581d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2ee094318587a1ef58ee01aee61c6ff1

SHA1
13b77fcdf5e56aceac6b1d5d82a155739dea9c4d

SHA256
7b2dc1c6f8caee44161578e2c1d5ba1239c4198ed1ac47fc829601e9be3d9baa

SHA512
f8503b90e3e1c209b826626a29739725cfa016de2ba9557ee74255a7ea63ae59aff1538517ebc87765429a7d3b26acc6aa374c6343bb71834b475fe3ac0b5b32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6c5d0bebdde608b1f0e148f80704126c

SHA1
4ebfce19e948fb0ed14bab891f00abfbab72dd99

SHA256
538767208f1dd5966fb72e3b0208b2ba14a74929403471602ae28acf358e3761

SHA512
a20d2e22634ac47d188197276ae669baa8c59fb81cc1d0b18936b1dd9f6b4bdcf98b36d37614c9b313ef3904a532721c9fc7647a3408e64620aa1ee5c087bd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4d3ecc22f65e4cf355c26064476cb224

SHA1
0e062b865cacf63678e2604c3bac755a124713df

SHA256
d79a5ad0ed2550b6e8942f0b549ce78a3c4e308df5a55561a42c0d13813d0fd4

SHA512
1a6e6ee622c0fa54fb5a23321c026712c0856493b6fce6aabda1c6b80406c449d1472ab4eeb9e1a5dca897377c0b9f5b0597b00f146b4636c905ebe90065aee6

Download Submit
C:\Users\Admin\Downloads\WinLocker-Builder--master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\WinLocker-Builder--master\WinLocker-Builder--master\RCX6559.tmp

Filesize
387KB

MD5
b7a9bac5e1d13510aabb8873da52af23

SHA1
1d11860c87b1ed4855cfd1372b9d534cfc79c839

SHA256
b5de3b8a184dc755d8f009025e37d5de230215b8438baec52ae3418e7d8ef669

SHA512
a175ed00d491d418e99a858923af3c7ab5c33328c4cde9d7297fba81d1c07b1cbc546aa37eae885d6ed02ac9e9d4655c3f69c089287486364e1b832acb40d5f6

Download Submit
C:\Users\Admin\Downloads\WinLocker-Builder--master\WinLocker-Builder--master\sdfsdf.exe

Filesize
382KB

MD5
97eb6f7ec0586fe37b82dbe2f522da35

SHA1
7b9995845a89aec0a6eabe7e9eeb446abe8e5d58

SHA256
f738afbd4c316267d35e2f4d7b818139a55d8ef6b636c3bf736f1672cb4c8ea1

SHA512
888850fe4ea693a5168d6c0f2ab638862dc1a09a1e25f1de8cbfb373753cad982f2461826f5fa54144ba04ff6ed2c19c5850d70a3a2edc3bbb2024cf42710c49

Download Submit
C:\Users\Admin\Downloads\WinLocker-master.zip.crdownload

Filesize
701KB

MD5
0f0dcfe53dd48a821c945ad91820cdf6

SHA1
8fdd04c6dd90232c8bfcabbcbef920ed1c090151

SHA256
42154343c910d8e93d21a7e6a124f8e8d60d120241ed72c77b4cd69eab122145

SHA512
de12a8ce79c28b72c0987ec9aa734c746683fb201bc39b6e004b59fdcac81dfcf97fb195175a55182da5ab6d66d7b70d57c3357477a20f68dc880cbf0b72ae2e

Download Submit
C:\Users\Admin\Downloads\WinLocker-master.zip:Zone.Identifier

Filesize
76B

MD5
8642aa7fad7bb9967cb6b79e8556a2ab

SHA1
ae946d58ef19cac25714d8892f045b40b0f54e3b

SHA256
0112dba94c311f031a1fae281a69e6270d0b0bde94eca8939e69ff6e7f56c3a3

SHA512
334b3dc6f5ce830a1d4a629212592e8a415da47e3f7740c8ab986c272e77bb98448f52345f8743be61c13ae501b07ecd556160eb47a57b0b566e912d23f6f0e4

Download Submit
memory/1444-922-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3096-867-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/3096-869-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/3096-868-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/3096-841-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/3096-840-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/3096-909-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/3096-910-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download