hxxps://shorturl[.]at/Syvjf

Analysis

max time kernel
152s
max time network
158s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
16/06/2024, 18:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.at/Syvjf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4448	TALKIT.EXE

Loads dropped DLL 3 IoCs

pid	Process
4448	TALKIT.EXE
4448	TALKIT.EXE
4448	TALKIT.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1556	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
528	chrome.exe
528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
2704	7zG.exe
4448	TALKIT.EXE

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4448	TALKIT.EXE
4448	TALKIT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 1236	5032	chrome.exe	70
PID 5032 wrote to memory of 1236	5032	chrome.exe	70
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 4388	5032	chrome.exe	72
PID 5032 wrote to memory of 3800	5032	chrome.exe	73
PID 5032 wrote to memory of 3800	5032	chrome.exe	73
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74
PID 5032 wrote to memory of 2700	5032	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shorturl.at/Syvjf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb4629758,0x7ffcb4629768,0x7ffcb4629778
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5072 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5220 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5228 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=6056 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5632 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6268 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6064 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7624 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 --field-trial-handle=1764,i,7139094309330733853,1357146961908312005,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3848

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Talk It!\" -ad -an -ai#7zMap4040:78:7zEvent27147
1⤵
- Suspicious use of FindShellTrayWindow
PID:2704

C:\Users\Admin\Downloads\Talk It!\Talk It!\TALKIT.EXE
"C:\Users\Admin\Downloads\Talk It!\Talk It!\TALKIT.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240
1⤵
PID:468

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\TraceRevoke.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:1556

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Talk It!\Talk It!\COMMENTS.TXT
1⤵
PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bde7940abd784d91f9236ffeea928533

SHA1
1d994b328619ac40307ec13707ed98f692e43e01

SHA256
e54c95fa9510bd1c09c70fbdd534fa96b9add223be9158e32c12173572b3ecf5

SHA512
61cdbdfe8a9df3aec8a4281912075cef72072c9d6f96ab74e201fe532af138883b50223fee268a8e0121afebcfce1c8036307cfb66afcf2582dc76eca27b4f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4f691681540c929be7fb214d83c305c6

SHA1
9792c6508fc0626133dba1a4afd53109872f0074

SHA256
00db0c08fd0455fd5b6068eccc9d2c22f26ddc7dcf92598d38999b95476a1321

SHA512
918617d5bbf0c81faf4d31f0e1ce52744181d0cd03f5e67e2444058299d7af558a726753ba8db9071fc0749831111332b712f0a78806824f9386d6c3b6cba21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
b298801b8b47dd62e865bbb195283e99

SHA1
33b6e1ac5000d06be1489cf395a4b56d79705e6c

SHA256
c7d5d7c81799982a9a234ddde7a6b6a44db9a2c6e69abe19d11e216aae2a484f

SHA512
b1cd1674b8495a2b1e7c3b83e422977a5791fcbfddee8f17c13756ef42bb6b4cb389febd59d3f810fd0349d614d8d73a1676913dd1ec359b7f39e47b6b0a87af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
aba92896bf1406ce5c40e0e939624944

SHA1
64ba322677feb494411a8797cea5d1282ae7dad3

SHA256
221de266d664a2041f949f592a18b6a8893d347d89781fb67c28412a5c8737b6

SHA512
4329995821235e88d927c3c65d120dbe8acfd1f05ce8f31c3df79e5e400422c76afc678ccbab974d909e29a871bde30fdfbf5be8c6587f24656660763a6851b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
53c0fa55de40fd61debbf64a7345869f

SHA1
a39117e8622afa9d7237ba4c4aa45025011e961b

SHA256
9d172799070121cf700f00d55b7ec1d2d656c65cbdf57be781327519d00097fd

SHA512
7de2a6c040d5f391ba86b2d58013ff735e4c31fb7f6ad65b536bd10618942e38a4f663cb70882ae810420b6725380c1cc38c08559b6d9e30740db833daa5a0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9abcf6509144ef981e2f909e4c52a325

SHA1
b46ecccd09ba8687cfc2bb5290facf8c35d9f6fd

SHA256
df67cfbc3ec299b8b61d318c42f165faad81579863001581d037f140c3f1ba12

SHA512
8fbc21d12a7575768872e6095bb39f08039caf8ecc20e1e26938f16e39c9a42e0b12a1cd3dff0c7041c5b5e30a73fab1362f87101e77040aed511a505ab2786f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
9e6c2a18133ed71a203a702e4a8103fb

SHA1
7e3721908b981cb329d30c7c4eebfc894ef153d1

SHA256
a6736f8e7e07f1c09f6db798adf2ab4e968bb52f958c8905d47d2874d8abab2f

SHA512
107d00b0b3131b599f0903c249f370c5c3c7e0a5d1cc59286f1460c90a6e8f393ad966b12cd9f226c0dd32b3ee7c6e7aa7b1f9c61c373133b97d68124b27c146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
10b00f010d36dbdfb618971e70f38f12

SHA1
bb6ea9150ee3a7fe35420329dfb065747f837b39

SHA256
9278bbd57125e97a5ebb0f4f60802e9ce48a72c0b8d2f369c46ea2113f8ac861

SHA512
3559f19b63a09de58bc616418cb7eed243912d1c3bcb2c3bff150c8b42cde6b1152e84c010eb4c94c521ec89358ce9868e1bd6f4afc0d4be84488c7fc6ecbfb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
decfd2c8c026e893f61214d42604f7d2

SHA1
ddcd5750f29ab6e23bf46eb085abfb75f07acfe4

SHA256
8eb799ccfeac2b00196d2ebc6ddea1ea9a85c05e2aaa00c6185ec29294b5fe65

SHA512
ef9e79d7339ecc95c7556f154035730f0aeef5e3d349351458c071fd57b62cc56b10daeecba810b96b1b707cbc7295258ff5247f2a068178c8bd19dded15412f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e286ca4fc92a35ab2d161d2536427c3d

SHA1
82be6e56313d078f385eece5f432a40a2f590bbf

SHA256
f1680c0a2140212ae9d83ac66c814675ec8d8a125e7e092412c253e9f0fc1255

SHA512
d536cb1f826a4bcaa7c9d46d80ba34e2a220f3ea75bc765e4e78ef594a25fc9b7af8bda68a2a688e68983ef273dbce56d00f41a0098d69e55878b959dacc99f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
a77f64d566f14c9a7e0eaa859ef571fa

SHA1
f6adebbcc3d3cfdae15d95324f2b58149eb2b511

SHA256
77e4a78562650e20b18da460b9ed826e6e6715181559054ad4c4b8a15bcce11f

SHA512
54679631d3e12431e1db40343d0098feb898b09587d9dc68d72eb2f15dbe1510125df5d5857f5c8bbacbd6c0bc19465dd1b07b66e9d23b3a8e1294a405decd3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
91b1e1a57b83d77b358c090125b08f91

SHA1
e38125bd9d47300b40f8445501934af98ebf6226

SHA256
b1bba283593a85e94074f086599c247418968747d6eb9ee03508d6d4e02cc6d4

SHA512
e4461bb7a1eff04d8e8e9036cc4af6de8ff4b5c76a1f10b659d8f48564cec9f4e469f3bf4a4a8e74545d18871e87b12759b2f393929e439d298202c88cbfdae3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
9886f08874592dbe8f425ee7f0c7bc38

SHA1
48682c6208321414d2a488b174008e042a37d894

SHA256
ca69d83210ce9ca052dd24840c29b5db1bddf7a360d1eb088a8dec27c92e1aae

SHA512
e715a730d974f3024ee470ba9be7fe00ff9acf5270be5e3b7bf4595039026fe1d351577e618d6946f522c37c0e416b0db16b25d4056c788d669a7bc91d611845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
ffe4a0b070a5fa476c72d6897ece614d

SHA1
4878c679aab4a5f2a5aab089481e7b9e0ff8faa4

SHA256
d02ba76eba422959cd2fdae8d0d6912536cbe130b23e3f5333f165189fa3cdb7

SHA512
bc92de2216eca81842d785798015c94688554d86d12dc7f54b3227e68ba1cb63bc080f28445afcccd4cbd2cf51c80990d6e53102b3bc1c6807dfd0bb565880d1

Download Submit
C:\Users\Admin\Desktop\Talk It!\Talk It!\COMMENTS.TXT

Filesize
259B

MD5
2ee6d9bbcb5b2d769a85cc213c4c43c0

SHA1
3652903b1df0ba88392ba4e6a317b6d953cc6d25

SHA256
74cd5068e9a9c11b0a1b865b9e7ee02590b0194e726bade74186512f4996e248

SHA512
2e61b209df228fdcf7de40745ba7cff4420b34d6114c4c13d01dec1c95fcbe56a539fb89179036082e7a86cf1207ff1e8d5276fc1f7260bd3bb8121cf52d36c8

Download Submit
C:\Users\Admin\Downloads\Talk It!.rar

Filesize
308KB

MD5
bc303af88f60cf940adeb203459c400a

SHA1
36cd3f366173a8dad5f7a9bdf46e8137cba5098c

SHA256
10aa12585fdab4769d3ee30fd4215e1b4a059733585462323374dd883808ab82

SHA512
85052fbde2618f673fbd240fd86185e32fa5f903aff83ba4275474095716dc4706aa549a616c7674bfdc000441d8ea0b56184b37ecc60f8cce35ef25f9980b50

Download Submit
C:\Users\Admin\Downloads\Talk It!\Talk It!\TALKIT.EXE

Filesize
534KB

MD5
bbc3687e84989e3f70f2179ba9a458b3

SHA1
7059147afcd22233c1180fa386414b8e9f8bc10c

SHA256
49534e847f24fdd727ada248666c5ebbbf7cefff54443df1dd56240cccb50a97

SHA512
e66f6881fb5e3f4a7911fd8edfae82f88d4c4089eab2efb180fbc5c0860edd298c85d838426e0ba4cec0d392ae76c470fcb442b9699c841d5919e008e5a5fac5

Download Submit
\Users\Admin\Downloads\Talk It!\Talk It!\TIBASE32.DLL

Filesize
78KB

MD5
2cb4f99812841f5271ea9fce41dddb46

SHA1
f4cb27de41b7c4138c1438eb79a4f3468b56f57e

SHA256
9297f69236b296238096baa1e9d00567fc74409b5a7ebe2565da71b27fcdc5cb

SHA512
e256da1350e600707a961ec155d6c34bad21a08fc5b7d8b14defe70b018a1473e5dc1cebe05139b902289bc995953db86139a64e6e0ff06bd62d85cf7654346c

Download Submit
\Users\Admin\Downloads\Talk It!\Talk It!\TIENG32.DLL

Filesize
317KB

MD5
63ebdcc2ea86671601af678535aaaf9d

SHA1
680d14d8ad355f542677c1f0ae02d2f6c7b08ba9

SHA256
4e261dcdf4eca118cf75c39b2f52d5b00888de820df9e4e868183a039f25e98b

SHA512
d105a4cb3e40bd1cbf18bf60335df54bc7b1f78a6af236bd1acbacbe2e1268b98b3331edae923a40b7db3de2393cc20e5209258b126116234dadcce1a4c203e4

Download Submit
\Users\Admin\Downloads\Talk It!\Talk It!\TISPAN32.DLL

Filesize
65KB

MD5
1e522006e572619dabe8713ebc83c27f

SHA1
b7a574f6763c405cac18d5930d4538ccf70d3824

SHA256
ccc3c0b35b42ef40e116a8ba5e6f40c1f303e00f6d6c31c9a9eac5994b1d5294

SHA512
7451e0de0c38709e965f473e5b721ef40760955cec58659abc5d60d2b6e8bb28b0fa15bcacdc194fa412563c97b6150c5708fdf2ec198054a48a212386b47ab7

Download Submit