redline | hxxps://github[.]com/vscor/shokify

Analysis

max time kernel
268s
max time network
270s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-01-2025 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/vscor/shokify

Score

10^/10

redline defense_evasion discovery infostealer persistence privilege_escalation

Malware Config

Extracted

Family

redline

45.15.157.131:36457

Attributes

auth_value
0b1c7aa3f8d9eb1607fd8100272acb83

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/4388-1724-0x0000000000570000-0x00000000005A0000-memory.dmp	family_redline
behavioral1/memory/4896-1745-0x0000000000400000-0x0000000000430000-memory.dmp	family_redline

Redline family
redline
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 8 IoCs

pid	Process
440	winrar-x64-701.exe
4616	7z2409-x64.exe
1924	7zG.exe
3684	7zG.exe
32	Setup.exe
2064	Setup.exe
4972	Setup.exe
2356	Setup.exe

Loads dropped DLL 3 IoCs

pid	Process
3328	Process not Found
1924	7zG.exe
3684	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
26	raw.githubusercontent.com
27	raw.githubusercontent.com
28	raw.githubusercontent.com
18	raw.githubusercontent.com

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 32 set thread context of 4388	32	Setup.exe	125
PID 2064 set thread context of 4896	2064	Setup.exe	128
PID 4972 set thread context of 672	4972	Setup.exe	131
PID 2356 set thread context of 1460	2356	Setup.exe	134

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppLaunch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppLaunch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppLaunch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppLaunch.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133811986591416001"	chrome.exe

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Shockify.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
1924	7zG.exe
3684	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2336	MiniSearchHost.exe
440	winrar-x64-701.exe
440	winrar-x64-701.exe
440	winrar-x64-701.exe
4616	7z2409-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 3576	3504	chrome.exe	77
PID 3504 wrote to memory of 3576	3504	chrome.exe	77
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 3172	3504	chrome.exe	78
PID 3504 wrote to memory of 4224	3504	chrome.exe	79
PID 3504 wrote to memory of 4224	3504	chrome.exe	79
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80
PID 3504 wrote to memory of 3444	3504	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/vscor/shokify
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa1dccc40,0x7ffaa1dccc4c,0x7ffaa1dccc58
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5100,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5060,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5432,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5376,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5316,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5648,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5396,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5488,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5516,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1956
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6024,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6392,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6492,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5128,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5496,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6628,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4876,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6520,i,11433983491146997003,15697410883547642629,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1156
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4616

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5052

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d2c8956b9a6d4b85aa41631d6fd1c6e9 /t 2968 /p 440
1⤵
PID:776

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:672

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14022:78:7zEvent12066
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:1924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Shockify\" -spe -an -ai#7zMap7042:78:7zEvent31157
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:3684

C:\Users\Admin\Downloads\Shockify\Setup.exe
"C:\Users\Admin\Downloads\Shockify\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:32
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4388

C:\Users\Admin\Downloads\Shockify\Setup.exe
"C:\Users\Admin\Downloads\Shockify\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2064
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4896

C:\Users\Admin\Downloads\Shockify\Setup.exe
"C:\Users\Admin\Downloads\Shockify\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:672

C:\Users\Admin\Downloads\Shockify\Setup.exe
"C:\Users\Admin\Downloads\Shockify\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2356
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
88518dec90d627d9d455d8159cf660c5

SHA1
e13c305d35385e5fb7f6d95bb457b944a1d5a2ca

SHA256
f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced

SHA512
7c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
c4aabd70dc28c9516809b775a30fdd3f

SHA1
43804fa264bf00ece1ee23468c309bc1be7c66de

SHA256
882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863

SHA512
5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
696KB

MD5
d882650163a8f79c52e48aa9035bacbb

SHA1
9518c39c71af3cc77d7bbb1381160497778c3429

SHA256
07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff

SHA512
8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\78cadc04-4945-4f88-85b0-8b0c022a72f9.tmp

Filesize
11KB

MD5
1077aad9ec2fba1f80b8840bd1b84e32

SHA1
03a6c90cc11d0ac190a796ef08dc158851847e20

SHA256
15fa54f7f8df5de1ee9ca0de9ad25264ec755ad8d81221f51e3fbf793c84f067

SHA512
0a669087706f1dbf31fbee2fba95db263917cb2ba1b7914ee366803ba4cea8c6dcefcb23761d6bce5651e841468fca2c22d129e533e12f04dbd8fd524a030ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4c4d62445df00b6b872a72b3a82a9297

SHA1
c50100d156a39e2b359923f5eac0bfddb578b877

SHA256
00c8830093b476a4b8495dbe88da168e9ba4e43ebb3576a29e47986afb10ae03

SHA512
47135b9bbdb48e0da8be8807a8613e68828165e959379f7dae6473bfb0c6d1b38fa146042e6813c2aceb2aba1a7f9f3a487d6877ba26bf4e278fefae70418fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fd1fd388ad17c3e2816aca475545a316

SHA1
2fcc3a1b6ccd709ad50ad3d02f0eb7a9abfba918

SHA256
df20a43bad9ab21c4c0e1c35f94226e97cc2f0346b9e2ed5e76e56f4d803f18a

SHA512
4396b86c7cfb2b9da67ee05b664ed41add3e489211fbf6ff1bff8d0f39b24c3db54e6251702a56c0e01a7f25b8577a7adeb92c8192cc124e1114712217e7d52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
985b3189e3a8e496a8399496f9e69776

SHA1
3dd3534c32482541e979113c031314a517a62f87

SHA256
67f009dfbd2b565e9e671866a31a06430f15f748083367e1eb97f348df47f5fd

SHA512
099a1b23da832184d9894621a7791528bbb5fd69e507058fd6171b8e9b99384b9a29b7f674d362b73ffb416339976adb589ac340d821be25068cc8e9e84c663d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
954a1147b478f8048ca1454e4dd723c5

SHA1
f4038cc2a424391f536e5fd7a08a6b5736361d50

SHA256
e0d848492e58d5b0a1fe63d57e62705635c49accb3d60cfda04af498b3bcbe02

SHA512
d19dbcf542b5588bb4958c073850d79144aa02f819f7811ebd628c011983fbfa5bad32335774f608c0ebb9670d8dea1b35fe87a9ff533bdf9c84696e7b3b3a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\13020c42-12e3-4bf8-8ff4-5a2accc1b049.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ee4261c0560a359443976f499aa32a0f

SHA1
7d5536083d85f002428113e917bce733cb26f47e

SHA256
db19934b3094e8502b65f8fa5fff05e352b9a93cafaaec9205501f8661666015

SHA512
97c98ad503a1be784c4ebfb7c98c61dff198803d64c6c786c541c0a91760a8044d9561fdf9f868cf8b97c1ddc1832d58cf67574303eac56bd1a9f25b2162e373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
036ba03031b4eb81b06d53c7639688aa

SHA1
8aa0a883d18d7e3af3d994aba5fcfc0845fdbaf3

SHA256
6be78acd90f35f840aafa105f2f67aae1aedbbe2cb7019067bfc7b7351b97528

SHA512
f4dd51a63f11babdec64f263d7c3a13b02b925c9d5cb6660a9bd3db93d9cbfded4989d4b6da5b0b8fc181cf13eabdaa838c76d92e15f2d25bd99a9c8010a4762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ba70260233ae3e0f18cd22cf63a6065e

SHA1
81744c3dff24c2829a57d14ff093f8282f676587

SHA256
594f50917c6f80dc5dfdcfc0300c2973baf4c06c4ec254a7f2812f1e1e8cb29d

SHA512
979a1a45226f01c521a3b297ba047a06fe60d6aa60450445552152759545d1e3f21c9e98848d5602b43f0f20808eae9089efac03fd6d65b6b0a1c5edc014e5ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1bee1a19b44c8723f986f6f0dba0dd82

SHA1
b6d4149a6af9a7626b99635d9613b7c3ac0523fd

SHA256
ae00a5bdabbe7d7af22b30a474adfea64cd45abd1dd2cbe4a93dbde4c0302d4b

SHA512
f77ee6bd46f8a75d5028f89911e30898e0ea68182d75d3413b36dda1b988ae901f1ead69be195acf36b51b5657d1ee9a7b05d96d9a130266f08e8a225b7e9139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a0ac8fd2b4a40689a010f41abb2a6a3d

SHA1
00e42dd170a6d9250799dd41060699f860cc2b19

SHA256
58b030ea63cc855bb22546507d9b02c89f68bece39f59d9cd218ada5e2435871

SHA512
0c67bc41e66fc70577d326a25be38da58c22b3d74e92c03544e974465445a93c68432302d94c47328c28e2ef00005e73eb5896899254b840e3e3f2efb941b6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d7780c86914996f8023fe21c266fab42

SHA1
7a9e0aaef6bbf4457328dc42c8cfb1a16b854a8f

SHA256
20c270a3919f31d238c16ea292f22220f325ed57caa0f4f9f02754aeb9c3cc32

SHA512
6f5867baa143ca53397593636d62de06547b6c92abf8560ec46685b09fd3a80a613e2bb13df42801cdce35817ff6c4e170f256ffe2d9de4d9cf9f8731f5ad642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56605a7ed4e798a851c4f9385c5800e3

SHA1
35210b5eb349eef516c13bcea5f82f0558d67106

SHA256
771682999da6cf8ee9face27a8fa98385ff28236b8264b87866fe7e886b5471a

SHA512
41b62115e60bef56e36b96e6877f02b7dbc9d740d919ce1a57e18c593f30817e7df0fee9e7d35c76556a1b3edca570c0c1b409b13a5e9a247e641bf48a3f14d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f9468dac0af4e08a6cccfad541970ea

SHA1
56b6b316c2b757eb95cfd4ef9deac26d42e5d6c8

SHA256
fa33d6ff2922943ebe21ef8e414317c107021f2e42db5a3e28fe3da2a6f7977a

SHA512
96d3eeb2dd0f051044a26e8b754e9e5dede989dcbf8627d6bdf54a06a897039df2adaf470ec2308980658b37211b2852b6ad98d6c54d4dad79618ce4f9f55902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
059f9a0db01d12f89a2fb6aeb29dee19

SHA1
cba3c4f90f43752dda80c158444ba2793f38d515

SHA256
536c1c4aa9909c823ed1e3cd82c673aa3f6096ae3816c97b648893515f77e1f3

SHA512
007fa27f6d44414cc3c13daa8ccbfe7dce45be822db346b80dfc90d1059cb2ca9326caf9355c12dacb166b9d7fd9127ba712bdebf331776ca3de2e4015d5dbab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a19df02a8d07ada175506b379e60a326

SHA1
36086fa898502ba563224945a07d1652d6064442

SHA256
f5a2ae9e40a182fab2e2d2e154116e7f032117a3dc98d6e6a414136df4b94f89

SHA512
b9a1ed7b7b34ebe78464e79e66f6744c0e9876bf1bede7c52b439dfbaa4ad6f6539ffa72145f8ada0b44feaaddae00bcb6d21ef865cae3981ed00983fa6cd6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a3e8cda0c8462a832d47970ac9cc74b

SHA1
118df78d88c40c486777cc10b8f3901c079b1cab

SHA256
e92d1886f8b312f686df448ef216bc9ac289a9361c92ede93888573bc8e17e26

SHA512
288d2be36794b8443b309e9932a3e61b5f62cf40dab5e95e707d85f60df40f264cd69341a312441ae011302913007bf4702a345fdf346b56b073e825f83b4177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
14817daf2c793a52b3afbd8bcc7cccf3

SHA1
e15765202ac64fd0bf641f1d7b521651b4f516c5

SHA256
e195ac487ee9818552394da8ad2d5704e6f7f13728ff92666aef58b85f5732cd

SHA512
6057e58ea710ab3fadfb534dfa49120d6ff3c5087c6144a8fde31d1b9db7f74a326d039560fd2d142e59903120de726bc8585b583e2606e98d9d210ac61c173e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8e8482f34461807814d0dc72f683469

SHA1
754b0a61828d45f0eed295968b46e39f62ba7d8c

SHA256
e71a4830357e86dce6f1ce266c8b066a83de5c752d9f8e3df7a52242eaacc5eb

SHA512
3373b3e1df4bc5be196ac3a6c798f9b82db29d332f31ea927a3c9df4cf0cb91fe08af6f83c106f2c5f271926ae5bb70ed78b07a25ae229e2690d97f627df0b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83cb3cd34d70d1c8fce4cc898cfc00f4

SHA1
8f90936fbd404349b57234a94c4eb87b6cabdb75

SHA256
0c382ba138894ef31e0e365a007a3e96440635db9a88ba3f30a329f7a626f595

SHA512
73af203a32cff41ec5afaaa90db397305e7c9b178e96f50e116994f2fa847fabfba15816cb18087400eb15eaa753958ee47784c755048f4e136dc3595066001d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
de1ffc44610d609d8bfa080a37c2d5bb

SHA1
f8aab7ecf2d54ec7c2f0ccd48e9857a2c841898e

SHA256
8e056019ec996bf75aa1501f33bbee7d3d9d5728bebf96724861592d37bbc3a6

SHA512
2d3f5fef5e2761d2bdb537d7378051bb1f8aa23f0f0403ed0b3a902b91716f9e3924636077004fd61cbd30ad719c435c9b91e8206e424d81e972812336632fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ca6a2b17929dbdead721ab26456118a

SHA1
be9c6e517df6196d1f1aae1ac90b0726306786a4

SHA256
7d51d5eed4ff1ba096a31e62e50385251cc66fab06b9f132ffc58dd93ff2c321

SHA512
cc5dd7b291c74acd61ab748e37f59bda7e9c06f82868287d7ac34300fd22ef212d3baf4852cf98ea9863d54ab301b27579d0c1568d00b36ca82fc63beb3976c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b9d25df0885e825f7888aacc1f6fb5a1

SHA1
d404cb6782468b794d1f539e01eda176230313d6

SHA256
ece199dc6f191ce0f001ad8d5f32ad8a859852e12e3aa85e8def2e528c693f5c

SHA512
d512ccabed3f506f3e32b0fc5c92f9c523923a025ba373f2536d7658de35e172bc65e5f1dbe15efd399eebba37a52e4c28f78afe909d07b26afa58925b1a5bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d713c58f182b71c1a133108bcb78fbe

SHA1
c23c83dac9b239c67ee78b66505a75d61f04ca23

SHA256
5c9a366d034f27246533abf46b8bb1b36458168d792bd9c5bff16d60c659f652

SHA512
582eaf5a8aabd1e453ac12a78aa1e5fb080f589bb4de1f8a70e0ae6eabc9c60af398fb1e1ae92273e6493f0024d1111ba54d55d3453687014cca304a1896eb43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
972baf606015ec6c7e28172f47410182

SHA1
71ce7c735af53f4450cbfd9878abdf55d56169ed

SHA256
6ae86361eb2d3d458eca1d35620ccc259a46e13e87d43124418e6201fa5e6301

SHA512
c7172e25ea9a029bc5a22cf44d9bf89eb3affab9c3588451f9551a49e008405ffcd52b9feff8494826c9bae7d5e99b8429696748c26dbb8c75c84a96a097f8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
72fb15e05babfd7a3d581e5f5f7977ab

SHA1
51640030d30bcdc08b07080b7509b52af57d30f3

SHA256
048dc8d52d94c671237dd12ae7d6c266eace32e7544f84ffd05176dc33622375

SHA512
08dfca4ea4f1e309b050d42795a6fdbf272a32d7a577af2b79c840c626abe19b5467a32f8953133fa0807c3fb05123b4bf17d36744dbfd3ad5974b0075ffe7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d9c36fcb6b13d8bb325810ca4c3e554

SHA1
0d73f508d76ffbfa627b4a985f78d7d5f3218966

SHA256
98fc18f2d3da5a1908259b87efab125890f38cce3d7814c7fc99f1257247e74f

SHA512
4b238a5d4000668918dff07d751db52ef305e6da8ba5baa71fe08d1d7a6731e9be6e3ffd91de22c9ca928c023c1d42fb3f112da7cae9688018fe0b4b928bb3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad1675234ad6681884c561e4cfbf32de

SHA1
1ec1529c1757bc58c366c51ed1fe05d6cea6d14e

SHA256
bcf1bd85f88b6f18166116496ad194cca9ac9ea81064fe2b411bb164191da7dc

SHA512
ccbd97680f28a9ef5755e9bdf68b2ff8b87163c1e8533b36aeb10aafd059861b240ae0ed9f570a8f600bd6e87a507da0fa388037736a38e1b6185308ae120424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ea380f5bc088b73697859783c724bac

SHA1
283332ab106496e7f1e23a680fdd3f04513a06c7

SHA256
3facd8bb2a8c899859c3640253610c9d312cf2b33d652d43819a58d5f98b778f

SHA512
130d06120cd345e424f7224b7740fced22c7e974c4dbb064e894f5699134134414e7409335f2c2d28ed4edf03a6cd7415788fa33aa14bad6518253dcf3fb9e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
efe09af165a289560e6c8411a97176b1

SHA1
5d6e488c74a566ae9ea34759ab7cb6fa26617f83

SHA256
0f90ad3d79745d8fc05a07bfc2f5d0ebae1bdc37f8d643d856a509cbb51d4546

SHA512
b29cc35e8cb6c78a09fbdc7261e1343e453f6dd65d4d3a1dc1010bf29d865a6f2eb85a23d5a0d9a348406e894059d73b5cccbd7365f71e5b8259ed7889dc0fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a4823a2641642b958ef4c25b4a34651e

SHA1
32855d05c8effc5dff2d7825a41d4827e9e37d22

SHA256
681408a9173061acdd2ecbb068d0bcf7eefac83920fc728bf400fcde2d897e52

SHA512
fc16b922020c0936009f2d9c4dc48d484adbe139eb2fabc2067d8c908207d7b74367d3068014e113c2daf0dd238d78f3c18117449f8834cb3338ffa9d8496168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a72358de4bbffe3b19792c60a3b01c00

SHA1
422ce3d69e70bb3d5a58f2019c47362fae273ef2

SHA256
5fdd6b671a2170f3540ca6733dd8c6fde3af1cfb770e962389ae2c4c085462f3

SHA512
9868a0cbcc9fad178020495a4b98dbf8ee872cb0de497901fd8494e0b775c78fe8272b380e5c11ad22cd99a9604e4300e65516aae96db6bc1512ba4dd5990a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91d1f5304407b56f5983ad0c8fac20cb

SHA1
2462328ed5a4794643f1692fcf10b0e85d31d046

SHA256
a173f507a84312cd2b752d9b32e3796390e75bc9f5069b2e1170a0e3a1e15532

SHA512
81c19db5a5a1ccf6567a00529026f670bfae5b02b7681e057c02282b1a97d0ef14af59694d790b8e205a60d2d2d7028cdd28c20a771dab5c13acbd49a54e9b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a5ef32e6076af92727ed72f2015cf65

SHA1
c9446d15c81ddaf36346c85d3e4eb9f7cdfca2f0

SHA256
e99e9f78c1697c519509034fa52239dabd439aa00f20553970c14b881dcb80cd

SHA512
22e3988f483b0e11bdd96be45c21e8f1b0c11063880b7c0c67353c3dc8034599f7ef02806f09ce2596671beec9e8961574018506aff745137e4f39e4cd7e8485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2489b356a65498d41dc42103b0bb59ac

SHA1
7c164c6dcddc8621570f383520e19fbd505ccaef

SHA256
b8ba4e53d08669c579f8ca8c177b917c651170c41633b673a8c1dea9dd41463c

SHA512
acb17475f2cd909c6838774d03963cc92e062048207f512dbbf5bdfd22126a5294c9ba38d63afea3f111b4623ae656ef757a06898e45f3dce7c14c2205273d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5617976979af78c6377cb33ef1f74ecf

SHA1
c7f4e40b2bc7a6394e559f988895b5b123c43ebf

SHA256
43db9e0c7aa1bf968442abe025006fc2da18bb34628441218340150f7fbaac4d

SHA512
59e6e9d31d5a187ed5bbc3c93bde8dd08f57b8476e0bb357f64f312f2009dcaf5bfc95d1b692c20b9b4ea54323a54804b20c704842a08c8d1265950e3b3f35f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4fe73e0e4bbb40c20b92a461db2e11f4

SHA1
03e699dceb6604f544c69bb2fb30d30a16090796

SHA256
36998dba6739f54650f505cbc233f940d323cca366d52d51da2788bf081826d7

SHA512
778f9569e22edd98c1d199e4e9e4706627cb6c83599c52e97705ee80ce70712a9e55ed2220dcc7c44e783f2fd8e80b2da5edc5e6de2b95147c439cf1cc9dee01

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\fa441d1c-f867-476f-9381-d7a16a7acf2e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
785073822344ae3813284ebc92bb596a

SHA1
96e2a933b38352ed2c8e6e34e94756b70c143214

SHA256
36ef4cbbc494deacf81f364b546281223a39bea01a32b0c4b0e2324f984d6817

SHA512
28b21e17fdf026a025503a2ae1014ea4e8ce5385e42396007a7a23aba3aecb591d225e2a90d47f6f9e02d34792d74b89547715d66899265dbf8372258ccf4498

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
327975ba2c226434c0009085b3702a06

SHA1
b7b8b25656b3caefad9c5a657f101f06e2024bbd

SHA256
6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c

SHA512
150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51

Download Submit
C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier

Filesize
61B

MD5
a60b1270735e21758697b3e3547585f1

SHA1
a2a7b144692aea613e617539f0541d6d1a5bd3c3

SHA256
86c9c0d829f03ae880749f818aa61e9a1066c0bd8c246098f87ebeb5866ec381

SHA512
dccc5afcbbdc89414e9942c8ae1cc9f48dfc62cf5189b5ece45d4dbb6d79ad7ea443fb4df808482195ac399d999fb8030dc7bcbe6f0b12a5d8f5d2ea158cb211

Download Submit
C:\Users\Admin\Downloads\Shockify.rar.crdownload

Filesize
2.6MB

MD5
4b6bfd275d3f279739a6b6b25166b2cb

SHA1
5f0ca47a034b87af90eb36adf573d6a03065d751

SHA256
1524cd57d4d6ba9e09c9aaba7916da6e977e12f189291e0101d1feb6aff30117

SHA512
d088bbd7594b6535a305c37bf86dd9c0f107a5a0d228ce490d5f5fa901ac62aa0c217a30cb4cf1bb360010cee93ced855a425e8db989425949f5336764a61d91

Download Submit
C:\Users\Admin\Downloads\Shockify.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Shockify\Setup.exe

Filesize
766KB

MD5
3a2edcc08db323bcb54a4b7dd3064c93

SHA1
40ee8e516f21720335e4e01e471471044a2f94ff

SHA256
c44b939c90c4a2532cf72c111ac8afd762661703a4e220f1c605bf71a66b2829

SHA512
040997f3b968a46920e9ef611a309eceadcb7e904be8f0ca94870213a5fbff4217c41820deee76062d3cc04b0a3643bb752c0b9bf7b1d53fd9c23914d4ecd4ad

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\assets\animate.css

Filesize
24KB

MD5
0739b7961029b811f08c0b8aa2b03663

SHA1
8d23a171a82310cd4bf79273b25aa17e5b8ac831

SHA256
53ffe40a8756ffb56b1a789449fb9ab2de1d26764c5d13f3dd969ed7d5c41db2

SHA512
653579e36f51cdeaf099bbb4b236737c55302a43e753954dfac2f4c66b8e19c5857e0406d65a8b99d279491ee110389fcd590426eaf79c4ed7fe87f4219fa8e6

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\assets\font-awesome.min.css

Filesize
30KB

MD5
4258bd5c7a06955b6dae720a835fb7b2

SHA1
84dceb26861254989c3af1b57179432ad0513f9a

SHA256
b139f243c33a32098b98fe104d2070f65662d47c93cbdee9b80ac9ea4e060830

SHA512
6302011adfd12b0cc8d5b9d05e3b5face32491a02c800d7a1acf03025dbfa0e4bd12da5bb2d6899ef18f410ca3c98502865efd135276cc49645c5ea9eac31b02

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\assets\hamburgers.min.css

Filesize
19KB

MD5
f4e16dee11e867f501b9aed5878fe1f3

SHA1
240a14f6f25bfd3338354f36574c617bb4edc6d7

SHA256
3149a74d701ee7dd476f83694f8962062a456b5abbdea234101d30aff2738bcd

SHA512
4f516690bbd6348c66188e4bd5c75d4dccf631c18846d7b94253302043dfe982e8308c238b2ce77ebb3a7788548d4b1a6185e643ea469f0af68dfc2fab656bdb

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\assets\icon-font.min.css

Filesize
7KB

MD5
94bcf8939dee79dd4259c0cc53cfb277

SHA1
f5fc01ef976616842191da032f1b5650c08b4340

SHA256
c5dc89b2d23c0788bb6aa78b72b6c28ff44c3b4a69d88d418aa6205ae46652e2

SHA512
a7ef40b05dd06b4b255bd19a5ed6bcfa67a54ac6c613fcac66206df23e6cf433784f37db9715a8dbb5664119af35820a70eaee1ae35fc5c29c5d779fbf3ae9b0

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\assets\select2.min.css

Filesize
14KB

MD5
6b4f5ec9ade1a6ba450f72cc6d573cd0

SHA1
b66d88c71d4cc259c8d77f8a9bf6300fad48ee1e

SHA256
6c622bd9e40cb6e0cc09b5a7e851de29f65efd7b455355ca105122143f0b131b

SHA512
edd27b0f0fd496f112205016fb1562d679618d55be5720a936c092e530005cfe973cf4a34913f634ed42d7a057905e8eb06c993025c9fd88c1f6074e56a4e7aa

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\assets\util.css

Filesize
84KB

MD5
589ff0236a2f2e53ebfebf479443bce5

SHA1
be6baaef5746a87fc27863fda63bafcb44ddecb9

SHA256
a86194cafc9b730bda22a49e7aeaa094069be49975e52cb1d1b258e577590b08

SHA512
ca81dbee4181247680962f2d2d8ea2b143b38ce7045bbcc7079ae439213b5d0924a6220def7a10e97c1c423cefa862ff12c9a131de832d5ce778d728fd91a909

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\icons\font-awesome\css\fontawesome-all.min.css

Filesize
57KB

MD5
ba36652a34207e815eb0e9c6e4bb07ee

SHA1
deed7cff2e82e49373a6b5bd39c785db933714c7

SHA256
a3939a0ff8912157a71ad32e94e55e42e94b5053f30bfefb66d549272b96202f

SHA512
4e6aa88c3e0444a98e5132184e36ac0a12390472a24f8e235263ec49fbe361171fb46d8a00d6bae6b371a5a38ce4320239c1b3d2cd54621092845395dbfae7b3

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\icons\font-awesome\webfonts\fa-regular-400.ttf

Filesize
29KB

MD5
dddf7b2cfdcc9f9da4354794809221c5

SHA1
79ff3e43370ee9d485040c8ac0c8755fff0ddc6a

SHA256
c25d1ee715f6ca69202404165aa0942709ff14d1bd99f9df5b124522d42077ef

SHA512
ee3602f63f4c59ecb2a1ac992e38ba7016138426349552df3249395f15d75da17a1af86c3b6cb823bf2fab310fbc4b8b4b81947da392912878c5dcb36cef2b66

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\icons\font-awesome\webfonts\fa-regular-400.woff

Filesize
14KB

MD5
da900afa8bd1d66d93fa576058d6a268

SHA1
6efcd906301f5890443561fdd7c24c547e679a4c

SHA256
e4d56ba6fcd7b99e7e83ee13aa2cecbf6391bc9965d18f43a13bec2957ecd851

SHA512
7814fac3828001eea918d5db3c0658ee170951ad17dbdd2f06011625f4e31f106d93c019818ef9cd3312a70c1146551764088de24bf86874cfbfe4d00d3f8bb9

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\icons\font-awesome\webfonts\fa-regular-400.woff2

Filesize
11KB

MD5
4758ad6071911a36d5b4ea7faa9d3c16

SHA1
6a09640d1f75f0ad0ad3982a7124120b84a25dc4

SHA256
b2bb708d78f9ce7490251f676f8f8f6dadc7e8d7e4b3d1ab560a4c1130b0c460

SHA512
561fd07a01d33ede881a970f564abbb68fb89b6d7ab2411f0023efc82d4a08923bfb17dc9e4d6000ba808ad2a2ffaa48a16c95340742e04500927809ca9aa93f

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\icons\font-awesome\webfonts\fa-solid-900.woff2

Filesize
42KB

MD5
9f3c8f805668d4182d2173b660a7a21e

SHA1
fe366898f9b2cc0e43366289503d5a718f0fd06f

SHA256
08f7874f8336b47e49d9719c38cea16cdea6362962f5001db3f2d0bb47332357

SHA512
efeb3a6c1e0b1f72f9f204472fd345ac4a76cba6f4336214fa08212ec71c3c6baef4ed44e560f3a34c58ec9a27802a3bbdce4309b605cce13f6ced91099fe526

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\icons\themify-icons\themify-icons.css

Filesize
13KB

MD5
f52f799d6faa05d12daaca2a55022f40

SHA1
76a7cbc542bed73c3a90b10289899f0b17b72291

SHA256
4491e18e3c2dbc0cf70f8ef860c46775f0b53a667275a5f81195274c3aad5c3b

SHA512
5bb685d415d6c59d3b8493ce5a6355c27dabeb3f3424fb5f731ebe61352409b50b66f1b23c321c2e5560b64501759ef1dd219f06aff6432ff3504a28c0827c26

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\css\style.min.css

Filesize
239KB

MD5
4c2e5ff4f5ae9b32341e402f13765f20

SHA1
f8c62982129c59eba3c3664254387fe0f8df93c0

SHA256
d37719357b13890b8b0226fe25252f47c87cdd0392882d464e93a87a0d78e350

SHA512
0564f66280c9616ab8a9c68c962e20b2972855dd697d644cbdd53b8a876a092f8136564b96a16980d65885bfddcff624dab43a18dfedbca0f64857d29192e090

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\fonts\Montserrat-ExtraBold.ttf

Filesize
255KB

MD5
9bc77c3bca968c7490de95d1532d0e87

SHA1
6c958d968de367f05f7a6b790609f22076b3910c

SHA256
257af9a05de6371e1f7b345d02a93af5c2e0ab9b9224418a45189b8cc86049cd

SHA512
f81509873f21a937f01d789fadeb67d6da5a47a2af7fb5f2d067eacf77be903cf4c22afdcd592d0725a346e90b747ccef6a7232acc9adad376323c5a7e177d68

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\fonts\Montserrat-Regular.ttf

Filesize
257KB

MD5
9c46095118380d38f12e67c916b427f9

SHA1
ff1eb5d360a42c0c675d8ecfca9a3e5b709d302a

SHA256
81ebc3916b524007b756d91d9df13c7673ec401161f2cad161662d08dcf1cc72

SHA512
66c32ce2e7a2006ca731ccbd7c116bce255e664f5ae5e259c7204c2154f9a6a76aca2a73583403033910ccb6aba454d1a1d12050e2f5880ef4b54f7ad2be798b

Download Submit
C:\Users\Admin\Downloads\Shockify\controller\fonts\fontawesome-webfont.woff2_v=4.7.0

Filesize
119KB

MD5
5f4ed23e275f98f3116280d19d91af2a

SHA1
4958257e1d734caaca53897da6a0e00a6af33977

SHA256
9107ec904c7ff3ce3495ed1dfd97330312d7af36794ef919b8f953f2f72aa70f

SHA512
0054033b3f8124b73c6665421c236978b2ec38184fed507644698b3047036fffc5ea31088ebfd9526e588c42c1404c73662eb72c2492c96812679850ac13e14d

Download Submit
C:\Users\Admin\Downloads\Shockify\web\cors\allwith.txt

Filesize
3B

MD5
964d72e72d053d501f2949969849b96c

SHA1
2f61cb7837b83df50a7fffb58e802b87679cdaff

SHA256
2062f80093066633876b542212c496501a5e79523cc4ea9b28667dff065afd8f

SHA512
ed71cd7b6d39f762ececdd307b18badaa81f920a51ac0f1e5e7376d0a739f703acc736709ecb7111ce2013d187a2a02ae3c47ed7ca9208ccfa9487745a681f07

Download Submit
C:\Users\Admin\Downloads\Shockify\web\cors\shittything.txt

Filesize
593B

MD5
a7e3865e9171fd16fe72e6918143dd81

SHA1
ac3a30b3535af4552aa7127b001da5bb02e3e726

SHA256
84e820448ae045e2e07e84f8399fa61518cf6f20d1f57eaea88e314c2059cecb

SHA512
f23335397afe49c19b9a6468da70f932370fd414bb1e55a474002791748739df92466e5f1563ddfd22d62a9774e35e92857c7e820c29e4ac7895505d45e45d42

Download Submit
C:\Users\Admin\Downloads\Shockify\web\followers.txt

Filesize
694B

MD5
2ad7be492a1899456d50df6c20089d7d

SHA1
47316067e2b3c40326eaac407bfe5193880dab31

SHA256
88d90603f15e24357051fb6cc0df8d32cc741d8dae4a900796f14be73ec04854

SHA512
0efd965e32e10bb44f220bcd556184eaa032475af1f6ac129929a3073a37bc14d43f15596f7444e54afb963401d5e182c98a87cd61a57ec32062cba1e6e1a739

Download Submit
C:\Users\Admin\Downloads\Shockify\web\javascript\index.php

Filesize
48B

MD5
eda529c66505dd2b2aea4fdbe76cf7c2

SHA1
e55e875d197f826af99c00ece51f029eeac00d18

SHA256
962e327929f34dd3c90637a9f271e8ffe5fb70eeca07fb077ba805b0129b2445

SHA512
c63fb3c6b2fdd970b5bbd34438343427f138f4805666b5beeb6586b48430326db058f6168d747f48c04b9b267ccebe677208da241821d9349635a2ea825b87e5

Download Submit
C:\Users\Admin\Downloads\Shockify\web\signup.php

Filesize
34B

MD5
219eb70a65d11749ebce7ef89397c206

SHA1
7fa641b55944c98e98f255cc33b024a7c9a38d88

SHA256
4bd9a8b1d7b3393be245c2d82fdb69fcd0ead7cf81cf7914cd3a76a198d85994

SHA512
d1adc24f9de464478823cffda580d4396c86388ca4abdf9fe681313c6e96fa2dbe7c898811e70b7e6a30ea5400bb3eb18528fcf2475e8db4073bfb70e975ac28

Download Submit
C:\Users\Admin\Downloads\Shockify\web\universal-app-configuration\v1\behaviors\cookie-policy\content.php

Filesize
124B

MD5
8e0bdcfc72a69d696f0c42ceb337c4bf

SHA1
ef18915f0c77ea48596f2ea9022a918fcf79b58b

SHA256
2b65b5ee94e0f9e9716a5c5fda7591ddee73ed7a61736df1990cf4fd75ca10a3

SHA512
77d76d04aff4e6475c014c8bc75923d26f53f7f37689ec49d70ecba647a64c8dffe19e0517a0568f63ec8b600fdfaa08b63b35c662f4a0388d5598a984a02664

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 949037.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\controller\new\fonts\font-awesome-4.7.0\fonts\fontawesome-webfont.ttf

Filesize
161KB

MD5
b06871f281fee6b241d60582ae9369b9

SHA1
13b1eab65a983c7a73bc7997c479d66943f7c6cb

SHA256
aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8

SHA512
9ffb91e68c975172848b4bba25284678cc2c6eb4fb2d42000aa871c36656c4cebc28bf83c94df9afdfbf2407c01fe6b554c660b9b5c11af27c35acadfe6136ac

Download Submit
C:\Users\Admin\Downloads\web\cors\shitlist.txt

Filesize
292B

MD5
d5336647f1fab2b19a312514cc8575fa

SHA1
1f9ba6055f2b99618fae08c2f36e7c07e398b55d

SHA256
73d0e0263aa76c16941872cce815c9114dcaa92b524b9d3b9f79f12c317cac0d

SHA512
8c8c4ea75e1d81b432e706913bda980948ff20c0306a8d1c658ee04c7083a12a90d9cf659a59ae31c37478e4153924c5386a830b3a4eb0841d63341c4294cf83

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/4388-1724-0x0000000000570000-0x00000000005A0000-memory.dmp

Filesize
192KB

Download
memory/4388-1733-0x0000000004E40000-0x0000000004E8C000-memory.dmp

Filesize
304KB

Download
memory/4388-1732-0x0000000004CC0000-0x0000000004CFC000-memory.dmp

Filesize
240KB

Download
memory/4388-1731-0x0000000004C60000-0x0000000004C72000-memory.dmp

Filesize
72KB

Download
memory/4388-1730-0x0000000004D30000-0x0000000004E3A000-memory.dmp

Filesize
1.0MB

Download
memory/4388-1729-0x00000000051B0000-0x00000000057C8000-memory.dmp

Filesize
6.1MB

Download
memory/4896-1745-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download