Analysis
-
max time kernel
304s -
max time network
302s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
28-04-2024 17:11
General
-
Target
https://www.dropbox.com/scl/fi/tphv3iyn6y8j5h1a29r7j/TvkHack_v7.rar?rlkey=mpn3om9hxrhkwr6c9r3pk62yb&dl=0
Malware Config
Signatures
-
Detect ZGRat V1 2 IoCs
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 9 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Executes dropped EXE 14 IoCs
-
Loads dropped DLL 2 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 11 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 22 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 7 IoCs
-
Modifies registry class 43 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 34 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
c:\windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/tphv3iyn6y8j5h1a29r7j/TvkHack_v7.rar?rlkey=mpn3om9hxrhkwr6c9r3pk62yb&dl=01⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa09f9758,0x7ffaa09f9768,0x7ffaa09f97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4424 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5284 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3368 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5364 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5452 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5580 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5740 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5892 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5904 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5556 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2872 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4404 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\winrar-x64-700.exe"C:\Users\Admin\Downloads\winrar-x64-700.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\winrar-x64-700.exe"C:\Users\Admin\Downloads\winrar-x64-700.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2032 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2884 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6136 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3620 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5468 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2404-x64.msi"2⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5556 --field-trial-handle=1764,i,3580203358863756963,377042429604349319,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\1d86d54a14b440fbb624f14996b135ca /t 4844 /p 47041⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\TvkHack_v7.rar"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Source.cpp2⤵
- Opens file in notepad (likely ransom note)
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 5963⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 5723⤵
- Program crash
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\f420a343151544b6a35801b906354498 /t 4388 /p 10401⤵
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 6163⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 5723⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 6163⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 5963⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 6163⤵
- Program crash
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 6363⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 6043⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 6203⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 5883⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 5843⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 6043⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 6163⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 728 -s 5843⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 728 -s 5923⤵
- Program crash
-
C:\Users\Admin\Desktop\TvkSetup.exe"C:\Users\Admin\Desktop\TvkSetup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 6283⤵
- Program crash
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Source.cpp2⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e592ec8.rbsFilesize
30KB
MD5d56e4a0cde214a42926652ecb1faaeb1
SHA197d457e793da40f1c5afe20ed9f9f12753a0c7f4
SHA256ab7d6337d47bc77c7645fa61346c92a2a47cbe83fdc110264758289793cb5e49
SHA512041117249e4c961f5f04a886d8369ade99bad55030a636f7d39166bb4a68e166660741f567c95bfbf462df1182dccbc28c5487b7f5efed009e968249c67964b3
-
C:\Program Files\7-Zip\7zFM.exeFilesize
960KB
MD5246da2a8b76013599e3d11b9f6f03515
SHA16a10aa64297e68fb5bb5abb940338d5a51c0e81c
SHA256996e8436a50a1818b574a7ecb078d4f3566d6666fc4defb2493ec7f0c08538a8
SHA512df9d86b41bca8e90ae212267b3cdac24e5c506dec0d88832b3a7f407f7f9057f23bb5c341137727f593088eb33a811eaddc445ecf1bd61b89cb1777837b0f1f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD57bb31fd712e5125e450a2a2fb9725f51
SHA102855c199e17469f48febe697a4c9a6bed1d3117
SHA256517e0e179ec35a3ae9886b8d6698f78157ce44b197d35c9b8309449989ea6ff7
SHA5126e7cf3beac7d8f7978b120946c62fe0585b2d068e75e08b5696e067cfd832bf1076c2117947be0d91317fd93b4dd6bdf7459c75810ed83bc515ff7c3d5678a63
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5f089ff88ab60e3cb6203add621e7a8a2
SHA1d988d274cb916df8eb665ae0caaf16505cec56fc
SHA256af072d7338c4ffe9f27eba262bc5f5b1d375cdfe54534e208480aad7ab042123
SHA512b7200ee2087d4ebf3aea59544004419ade1059ba3a0bdfbfc9d615c14f0eca9d3b15d9694fe4f6b5d42cd877b0f8d5ebff81c2cdbafa1d6b2c48755549660072
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5fc62da916dd47e933790c1619f21deb5
SHA1f3111f13b0546aa8d2e02e5f4415261ccdc29e66
SHA25690ad481fd800929dd92008793e1e7bc87804993014a3410563eb4ef81b1aef3e
SHA512d45a01ae1ed74aa80ed0e8350310512f01b14f4fa52dd231095906454a8be5d17f8ebb98f51cebaeb498f2c803a05507cf3d849c234b47f8f9dbb9b254ab08fa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD542a5de6bd84bea769ed7ceaafbc5b170
SHA161a9b97263b71c2208453ef378e9da7efbfce2d2
SHA256aaa53efa0bfecd6c0004699d1f356ddca823a42b2d262c210473ae18202f84f4
SHA5124e382e1bc8fe3f04de47cad05ce3dad54d74b639a59354f876eeafefad45b7e69f4afa90f637c6f58374acde4c70b04aa45cd0f566449eba26213df9f426b8d0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD55accdb89eaac1e3f9c0bd902ead05e66
SHA10e9a1cf593b869cf98a27402d9d5a27130d927c5
SHA256e522e8b06e1521535dfa35ef37f27f90cca9df654c6a98150d039e12b824017e
SHA51238532e75358665054599525db2552fa11419db48edb8ab62c385b5e4dd9b150c7149c03989af5ccb9bcc7ea9baac9e2f908e73a08aae76db6353018a21d502d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD59fcbf8775e6f06fcb531267ee750b758
SHA1557e0df5ee2b74fa58b1b2860929c3ad812bf38d
SHA2565b5e6d45b63b0abad768abfc36d763be50e3e68bc955dfda51b42e1eef320cc2
SHA512d43332d0ba96ab6d2c526ad1e09a0c6f9adeddc14487ef82047fa82c05c70fcb75d10dd156edf9784c38432033bb3432f81b0ab12154220814f7664b24f07df9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD55d2392cd8374ec16ecdb62b9fb548457
SHA11d85b4a5f11414da783585a727be61258558b4aa
SHA2568a7660350b72ba58a6f16ac71d032c3f14985d754ffb9643382bb1ccf4ae357a
SHA51260ad173934924a5d7a3097060ca5209a284aec1c20a3b180cfef4e5cbed1c1297238823369a7bdb9f617f23076892e297a2e0288eef88a954d3b4ac7245d9711
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5dd63513ba79d4894a674d8e78165f622
SHA183ec24a88f27358c349f5457a7a17ea8a2a5f524
SHA2569edb153f978ec38cd7e48e28ce448f49f2b7694bc49283661073845884aab974
SHA51234b89c14e622e2934de341cfd7200c9e9c0f572355996277d95712203edbc26609f7f40fbffd551ffac777065634affdcbcd8a6583908bf31bc0e46f85e684e9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5740707ea8c059eaf63b8806a9230a09d
SHA1ba7b4b22a9065a2031722fbd9f83d183560c5779
SHA256fc63c83d3dbd20050fddedd445c925902cb2a4c986b9831455532fd1c8c586a5
SHA5128c1c1709758c94c332f16bd84471953d7fa7939d6107aa8b0f19e0f2549d5c9771c8f7ca0d462be40e029a30c51e4c20a1eeec1d3133bb5785f2eab4194acffc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5b440e1341c1b84cc93301f367dcf8e61
SHA150ada95d0146846c2a79e3000afc2b78b6c1f797
SHA256709c3af8105e41294aa3728f50a8379a7167fb8a919670f9998b60a686eb6b20
SHA512a7742855fada598f33ebb30232682d999cb7aba484e66be4a2f62f2d28858c65cde301887e062492d6c1325cee7d4e42464d437a004c24d24ca52ef5bc97f21f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD55ce761011654e9f4934ab0ee39f6dc36
SHA13b800f7246bdeebc715112242cf6e3ba53075ba5
SHA25602c08a0861fe93d70187d304e9317dac050112b58b5c511d53c90867f5584d82
SHA512ff26ad75817f0f6d337bc5818283665f44e90bc778bd5adf825ddb815418b5ab8092e45e80cd5ebefdd85f8c6af47c50a57394832295b65e9bdfe65ff58e72d3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5ea8bf3731b85be249a66c95d6cc68dc5
SHA1b0e7c97ebfa82235d4a94f496a504f5e42cab0ef
SHA256aa654a284ae687d4107eb626d681fa3b77d7fc79c59a2d180245a550c26e2f08
SHA51214c0c10f04fd6ca2120ae601b069af1996b505667a2c015e668c88fd7a783d00eaa4147721f11c1f633a9efa446e5155cb1918c67770ddba491bc7ee174814e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD53f4e48ae66f76912bdbd403a723ac92a
SHA1b75be024354e33b3ad85aa7623ab3b21990ea0be
SHA25602093b63cecab1239c640b6dd031ac5e769e5c074f0443212e7f631f14d315e8
SHA512e102d80eeb448447a6577f22edfe9b50abe86c1a6066640fb15024f6f3727a180bec359fb868d92fd214fa30fcb93048efff0091e1b9ff1f7d1abb60d23dea8c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
873B
MD5b273ee92fcae59c253c80b59c3970330
SHA185eae286ff6e94595bb83c9c360de5aec722a388
SHA2564c70103f6328974a615a6ee2a342efe299ac8ae12968e28f363528700f7ec850
SHA5126de4248d09a8afe1c2d5a53531e59e210e72e387780efe1a0c656a7cf83822434440f8250f9f1cb889d50c2bed780a896b23152b9ea1ef2ec49b1f3324a1b7d3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD50e670bb5b218f388fd1d8164f1da95cb
SHA1bade5e278c6a5473d03a35a238dd0d3a4ed82eaf
SHA2563c3b79bf0ce3d4773ac55b699e317178bdba29bc740960c229523e968985e1bf
SHA512dc8e4e80a6fe6a17d96fad6b02b1dec53733cc08e6993908707e82d0c2c20c3ae3441065e945b957732265c261d7ad0323265bab87bc53a0b480765f340b0d5e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5501be69b57159ba2e15c3b202bf6f467
SHA115f9d948082946dbe5888d3902043a860ddc91e9
SHA256a9f08c50f0f2e05db17d6aa90b807c2c148939240de88e27ce6cf45adca35456
SHA5126a2bb51da478d2490c0c7ab74b6d5ba7cf4acfee9f8512366442e70b608c491d897e03b819e7f01debd234838360320a57be924df5907afcb8481bd391b7e78e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD536cc801aecbd682d60b70e43551f18a5
SHA13c1b9520e41815a4041eb0ab836b2b0770557cc5
SHA2565465adf1bcc19a57b93df6b67ef3a0cafc015c5681e8574bdfee4e1f2d07d0c3
SHA5129c5a4588f2ed14eec3e0d3646fa3be665aa889c68368043096e6bd9a95cb5da6fcd7e78f803ece6b9414e246f61c44dd46e7f937a695bbd25b93ec83ccb05957
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD522a3f6d7c1a357347c1f776a85ae9444
SHA12a99c1a9b2dac4b7030cc7bf18dce47517809529
SHA25679d0f70d20816517c60123c8e8f55ac168295bf09d92d13947e02674c28c0415
SHA51267c592193a956b8a47b7be9b0aa970d7658c3183dd561deec5bde25aa528e5fc4097b74f24b097e9374deab9c9335b18d1914f2edbaf79c40605a5c60b0aaa63
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5ed3dd9e9362073b0758a77bf5a9f3f73
SHA17ade57421312bd76ff1bd74393d6b2bc1d91699a
SHA25678f6baa71df1ed00f6fc4353c59e99eb17831ffab12369b3d2a7b3fd99f6ab21
SHA512d661b59406de5e2956e672046607b61e66324ea18495b4e6f48dbffe787c7d51f4db14a0bd4378637717f30cc440f4f475f990f2aa34f18358bf0c3cd8f0fe2e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d936be99e1acf51010314121c9c22a8d
SHA1ee256c75a0f48c5eafb3607058454de12ecc550c
SHA256789547a33ccd279b1df2810f5c53abbc3b49b495fbec9577bcb864e4dbaeeecc
SHA5128d0e8cabeadc2ccb3635fa2c5ec1b613d60beb4c5adb5b090ccc25e6e5f82d0015acb7be5536a97c8b0c7290f20f58263bdaa90d7985c19e07d45f8ac2a9ce0c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD53fa7abb82df0243ef28ae03e43a7e999
SHA16896925936e55c377c9490ae2f37bfff024a4a3d
SHA2568f466f4e649b7982031a7fdd51a8469792c1c71adc79b2d3e27bda2764550a73
SHA512978a24689c76d4808af3c7e758d6aabf4cb01890e12b9f3924074ec80a18193b38a7c22f9f9b6a79329e3cf8f91ca8aa3d80bb1783894bbb9b20515b83603dd4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5950d5cfc9e3d62b4b547ecb2bb2b7502
SHA1ab6212b9949f30606949ff2615e5e0e7fda647c5
SHA25634bb15e7c212a647f7ce9086c55f3e6b3fca467cb1bf9a18a7567c4d128c1203
SHA5122ba5179ffdc61a4242bf2f2289484047577ee8f97860c37f0e8a0ee2b1f731fcf55f6b301fbb0844a3bb125c40b907d5523fb200e9f440fc68985279847f17d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD52dec0cde69996cc63dfd8caa8c76cd97
SHA1b8a6994a99b437a666d1c7cfbb681b8f92d7a720
SHA2569c389924da390c0ecd4a6656ae5925799985691ba73d7f952f4f4ee2169e91a4
SHA5129b5a73b0d27820a01e326b77a7d9742dd5b71b255f5bd94c2af52ab88745973eb3f3fc44310cefa7c08e057d94c3b334fb3138e5d314ae2fd16fda03ca840bc3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD56d42505edfcd80f5f93531ba7a370d7c
SHA10d2ef1cd2868502d32b0651cbd162dd034928d52
SHA256c1fa61c9ca07eab2351337c203ceaf9d3d01d7aa9650c0e90ee25b1a981920c4
SHA51271162d9d34c002209cb60cfd82bf3900c19bb808b15d633be0d6fc3727a7d64e64fa8184c746c344bc647834c696baa5a54e7395239124995bb8f08bbd73d0f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5ceebd52201458dc1dfe9821483813a6c
SHA1d0cd55a1bdb45099b974a44d62a82f9eb11e533a
SHA25631a81bbbafbd2b22121832124cb32abc4b79a6b850b9bbed4b4e57d455e9f497
SHA51246fe50b8f2ecbfa00594fa66ffe36da9998590649b5a358a945235df7fc91d312cba401f9601b3213dd03161c80ed4209def9a9fb0f4dc2956d87c34617e9e8d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5dee346e37aab37da2eb44aa6d8d14c73
SHA13ed384f50692f194dc1b006cc3eed5f2a911bd97
SHA256afa9720cfb68bda8749f235010102a7d0400ec062f2f86927baf289673691b65
SHA5126d6f69b6a4467a4740db8caba94c3e7541df620b1e12eb512c06595a02c6d03e25d444baef83ab6f9129cd697eef7f679853816569281d93a39001ef9c355313
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
109KB
MD5753ac0dc27c1d135a85477fcac5bbd18
SHA1ca830fd70c978722fa5d4e64469d0dacc3a29f1c
SHA25692cbcdc0ce37668418cf1b5f42f610f64126947eea4ad807a30590223a119e5b
SHA512ccc75097de93d3a1c5c610b5efbd4bd4dbafbf29fd6080797155e9f83afd0f7e5af67c44b151aaf304d95fb1a56558b61dced582666a93f21b65e459ac32bc33
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
108KB
MD5b1fe1f07d1d6f932e429d005610e5e46
SHA10adab4b9f13632005c475ce52d94a5c4c88cb96c
SHA2560d6840fbf3fb10f20cce7748a9057eae7245332c6895587a0d550bd69c4c8294
SHA51220eafc208fdb37de80832d4d3e06a08e399fcc6a5635aedd7c666e5439e736cba15a60edd1138d14236d5076162525e15bdd0c204502217cdd5c873a83c6f7c0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580fab.TMPFilesize
102KB
MD52bbe01be40d9ce93783ab0d8e390f2ad
SHA1e18c8eb15e696df571b2f9b0b58469749c91a755
SHA2562445b75a45a599cf3e4f23ddbc27bb88badf6c9d39c0b24d102012a47aeb4efb
SHA512493648db4ea3a923548d0fdfbeb12b927da24dbd757d556946c874c53ae896994d8471166d782f4e827276904e364b48a3ab714ee843ae0b0cdc6dc0022e0732
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TvkSetup.exe.logFilesize
42B
MD584cfdb4b995b1dbf543b26b86c863adc
SHA1d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce
-
C:\Users\Admin\Desktop\Source.cppFilesize
208B
MD521a3269d6ca92574bf8c1df314c7e4b4
SHA18c86779e62c17fcfe0787719742a775c35c4a8e7
SHA256186c2c28f2eb634a8f44b151e35ef226ce539adaa12c7be2fd944cd763026f88
SHA51230a03eee187ba5fdad4c6976d4984fa5ff7576fdc885781fd8dc560d94b1677eca34607bc08881ebb2b3a1d56fd4eff3ac78ee4a290f075927a2715074a40837
-
C:\Users\Admin\Desktop\TvkSetup.exeFilesize
548KB
MD5b4358668cc9495e268115d4350e8b8c1
SHA182706d157ed37956650e8f23d9f359bffb96be92
SHA2563c5086d5aceb0841424049c8a2033c83eda35e0b3cd4fa07a36b6f63e20f80bb
SHA512acc3ef8daa6096458615ee6281a1503010a89236cd801356ff7cf6a973ce04f574f30307ea2ab754db3aa5fb4aefa51d52a47c9d8692af2759c0fce94b2a4bd3
-
C:\Users\Admin\Downloads\TvkHack_v7.rar.crdownloadFilesize
439KB
MD5471b88f3ca9212e0e0fd98879238ebdf
SHA1d53ebb2de9ea1ccbd98a36853ebdf1a5574de0da
SHA2564ec5b1f7a5d39fd88858a3f3ddc9c1ee31168046e6d3fb07ce51b4c939bddef7
SHA5126aa381bdc969fd5c1be4c89657066b5bb2d9d15f2986e49fdc46e3c8f1ae26f7a41132c7fc4002b01913207abc2d72ff49da7957f48d1fc2195ce89e0700b521
-
C:\Users\Admin\Downloads\Unconfirmed 59295.crdownloadFilesize
1.9MB
MD5ba4633cb8d60913b9391969c20178ba5
SHA14b4e7cf0594c070b7a21a113495c4b8f3a2caedd
SHA2566a9088743ae698b6c329576769d131a29ee7abb85ac36972fffaf21d8bf8dbaa
SHA5128154f22da5354c8c4358610c3d658d3293a2e0a3bfb9762ea0ba333b5d375b33cab14726772cbcdeebc9a55257679f0efb2e9226bbfc9bd6de41ad5f81352229
-
C:\Users\Admin\Downloads\winrar-x64-700.exeFilesize
3.8MB
MD548deabfacb5c8e88b81c7165ed4e3b0b
SHA1de3dab0e9258f9ff3c93ab6738818c6ec399e6a4
SHA256ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24
SHA512d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af
-
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2Filesize
26.0MB
MD569131412bf5fcb28a9df9503b88e4837
SHA15d5c4f882b559dec0037a8b87fbf651097942c2b
SHA2564ec714ea06cd1df4f87cc15e4673e67b61e5bce0d47d3e42737db5521e3d592a
SHA512ea58d406030c07be5597242afea37830c025c4f0d65d7e893b6e4f39e2e9a7d36d9e00e821f3aa44ac046c07dca19251af15df6e02af49cba9869ba21d256b97
-
\??\Volume{38fc5f00-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{cc64df27-bc29-4593-9914-03e874b14708}_OnDiskSnapshotPropFilesize
5KB
MD51827062b8aca0ab328f02a34a6c2e4a3
SHA154a0ae2abca3bde83488476da7b9fb9292127e2e
SHA25606d60bca8ea71fc2f177ce339b9d1a5575838e11673c017305f9d148351714c5
SHA51203b1ca7e1bd6e363fc106a630cfe2ad8d2579cc099991d5538675ae04a08c75c6c00e0c4cccb3f739b48b3194eaa9953e9ef3a44059886c25d51ea2455f41fc9
-
\??\pipe\crashpad_224_TELGYWXKLPAFWWJHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Program Files\7-Zip\7-zip.dllFilesize
99KB
MD5fe487725998a00de2ecd41b1357ca0bc
SHA1cffe7d83767b3334533f9525bea67e34dcb2b632
SHA256e0625e017c02038cf25b60d03f3c46da44b4232bf9c664cf30bcf67af81229b1
SHA512173191f2678a4e73457ce4a4008c432080e050004fe034f93cf05281be6be670c54e0c37f23b90d4f9f6cce4de82fbff71cec817bf301d4d84405ea238f1c730
-
\Program Files\7-Zip\7z.dllFilesize
1.8MB
MD529f6d49053de1408586f48681864ca5f
SHA11071e887849cb92776f4a6d4cb6d0dd1ec264b65
SHA25684d2bcf774aba77e938d3f36bfe020e0d49cfb3074ad9de69b5af78054602b7e
SHA512dcdb5252e660b0d186c8db508db3fdaab22d33bc20dcaca2b41d5d5e64d5780b25f2242389227ddefff96978f373f89942389673c737b3102778982b91ca6f32
-
memory/744-866-0x0000000003D30000-0x0000000004130000-memory.dmpFilesize
4.0MB
-
memory/744-867-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/744-869-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/1300-873-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/1300-875-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/1300-872-0x0000000004C50000-0x0000000005050000-memory.dmpFilesize
4.0MB
-
memory/1304-800-0x0000000000BF0000-0x0000000000C80000-memory.dmpFilesize
576KB
-
memory/1560-931-0x0000000003700000-0x0000000003B00000-memory.dmpFilesize
4.0MB
-
memory/1560-932-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/2196-817-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/2196-815-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/2196-812-0x0000000002700000-0x0000000002709000-memory.dmpFilesize
36KB
-
memory/2196-814-0x0000000004340000-0x0000000004740000-memory.dmpFilesize
4.0MB
-
memory/2332-807-0x00000000035E0000-0x00000000039E0000-memory.dmpFilesize
4.0MB
-
memory/2332-808-0x00000000035E0000-0x00000000039E0000-memory.dmpFilesize
4.0MB
-
memory/2332-809-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/2332-806-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/2332-803-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/2332-811-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/2972-835-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/2972-833-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/2972-832-0x0000000004D80000-0x0000000005180000-memory.dmpFilesize
4.0MB
-
memory/2988-843-0x0000000003700000-0x0000000003B00000-memory.dmpFilesize
4.0MB
-
memory/2988-847-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/2988-844-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/3352-883-0x00000000040F0000-0x00000000044F0000-memory.dmpFilesize
4.0MB
-
memory/3352-886-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/3352-884-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/4160-853-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/4160-850-0x0000000004760000-0x0000000004B60000-memory.dmpFilesize
4.0MB
-
memory/4160-851-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/4696-829-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/4696-827-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB
-
memory/4696-826-0x00000000036D0000-0x0000000003AD0000-memory.dmpFilesize
4.0MB
-
memory/4732-877-0x0000000003BC0000-0x0000000003FC0000-memory.dmpFilesize
4.0MB
-
memory/4732-880-0x0000000074B50000-0x0000000074D12000-memory.dmpFilesize
1.8MB
-
memory/4732-878-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmpFilesize
1.9MB