hxxps://www[.]mediafire[.]com/?pemjbemr4ok651t

Analysis

max time kernel
636s
max time network
628s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/?pemjbemr4ok651t

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
6100	winrar-x64-701.exe
2396	TALKIT.EXE
5904	TALKIT.EXE

Loads dropped DLL 6 IoCs

pid	Process
2396	TALKIT.EXE
2396	TALKIT.EXE
2396	TALKIT.EXE
5904	TALKIT.EXE
5904	TALKIT.EXE
5904	TALKIT.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
188	discord.com
250	discord.com
251	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TALKIT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TALKIT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msinfo32.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680757685257348"	chrome.exe

Modifies registry class 58 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Key created	\Registry\User\S-1-5-21-970747758-134341002-3585657277-1000_Classes\NotificationData	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{E51A6D21-215A-4F5C-8E1D-B4FF8693AF6B}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{77CD8022-29B7-4386-9B57-154AB8BDB90B}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000c0b0332aefe4da0195c93e33f2e4da0195c93e33f2e4da0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	msedge.exe

NTFS ADS 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 143659.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Desktop\talkit\Talk It!\COMMENTS.TXT:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Desktop\talkit\Talk It!\TIBASE32.DLL:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Desktop\talkit\Talk It!\TIENG32.DLL:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Desktop\talkit\Talk It!\TISPAN32.DLL:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Talk It!.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
5056	msedge.exe
5056	msedge.exe
3436	identity_helper.exe
3436	identity_helper.exe
5056	msedge.exe
5056	msedge.exe
3832	msedge.exe
3832	msedge.exe
5964	msedge.exe
5964	msedge.exe
5932	msedge.exe
5932	msedge.exe
2344	msedge.exe
2344	msedge.exe
5204	msedge.exe
5204	msedge.exe
5820	msedge.exe
5820	msedge.exe
3296	msedge.exe
3296	msedge.exe
3756	msedge.exe
3756	msedge.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5932	msedge.exe
1228	msinfo32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
640	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	5552	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5552	AUDIODG.EXE
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: 33	5476	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5476	AUDIODG.EXE
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
6100	winrar-x64-701.exe
6100	winrar-x64-701.exe
6100	winrar-x64-701.exe
5932	msedge.exe
5932	msedge.exe
2396	TALKIT.EXE
2396	TALKIT.EXE
5904	TALKIT.EXE
5904	TALKIT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 4916	2372	msedge.exe	81
PID 2372 wrote to memory of 4916	2372	msedge.exe	81
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 8	2372	msedge.exe	82
PID 2372 wrote to memory of 2872	2372	msedge.exe	83
PID 2372 wrote to memory of 2872	2372	msedge.exe	83
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84
PID 2372 wrote to memory of 1660	2372	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/?pemjbemr4ok651t
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff919813cb8,0x7ff919813cc8,0x7ff919813cd8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5964
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7420 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7880 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,14129347605469822559,11335328110763051516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5816

C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE
"C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2396
- C:\Windows\SysWOW64\msinfo32.exe
  "C:\Windows\SysWOW64\msinfo32.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks SCSI registry key(s)
  - Enumerates system info in registry
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1228

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5472

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b2b075050e6348a2886a629e1976852a /t 6104 /p 6100
1⤵
PID:3900

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\talkit\Talk It!\COMMENTS.TXT
1⤵
PID:5448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9163dcc40,0x7ff9163dcc4c,0x7ff9163dcc58
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1432,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1676,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3592,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4892,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3752,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4288,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=220,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5204,i,3243480785525425847,6902041101066684792,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:5540

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5476

C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE
"C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0350f68f63e592a19ae382cd64285b8e

SHA1
aad9c74a900adf56e7242efab9b2607dacd5ef0f

SHA256
8a6f13995d46deff90e6aed4a53c1396ece89a5b0036d8f4691ea3a162d20d58

SHA512
47fdf2abc5fa0c4336182e289ba86366f30439122d96b93794acb82238d5f5cb6d1b851a25b7a14ebdd7371732c8e990a53451edbdfe6d67b67d357d465801e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
f9a9343bea65aa2268227cb0751e1514

SHA1
679f0cd1c1957cad43db342565ad5a5a208669b1

SHA256
a2a0c57899d0ed3be6226cef5917c1f931a7a69f5d1a15341cd09f7d7211ea3f

SHA512
8c33bf69cae34a4ba88f2a1b8632fb267520fb3e83c488c4aa401ba69c6968884fcfe9f8ab3718077b471d6b0240dfac633b09b5fc4090c56bae7f1d0a93e34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
bf4fd3e0c28cc91c5d7e393f504b1865

SHA1
8bb90a6126c1de0c682c04449e8c50c213a1ee8b

SHA256
78317e16a49f095983e8b67d43f8306c5481bd45859fa84208c6e37d182c8713

SHA512
f761e2fa0a5eb51406db9bc91e1a76afb28f8cd2cb7cb41f5661020aa9a11ebc9073bac43b9b8480e0f9cb1ef5b33d1f7c9afb6195694f1193624e03f79cfe1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
104909da7a9ff8ccf48219121658cc64

SHA1
da305097e68ae757c1c670049bb935502a8254f5

SHA256
24989888dfaa09616486973b27801cfbdacc1cfc7274a8a9a0713831a9a47dfc

SHA512
b2099e076d6eee82ca5122a99a9d23a9fe5318675604761205105ee9afd5377206716d82ba8d56f195c3811bddae2a62f73edaa045b222157881fbed10249965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1c9cb6712923218bb227b1471b57688b

SHA1
9576627e602eec1df1bb18a1a1fa14f81eeea3ad

SHA256
38d28fad4a9c16a831f57682beaa6eaccd682c9b731ff95b5c8239e7c0f51297

SHA512
602648a40d95df07411c594f62d2d8c52d516eb5c28faa4ab2b57f3155b4332193342628cc2bb9a32b9be850247bed3c5946c89345384fe9cbc013158b47164b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f7818be4a4b5ec486d8baa83f9f51d6

SHA1
66d8b6eb7fefd7b63e1eb84fdeaedf95d69e6a88

SHA256
8bbe4cef479a162271904020ba76d75a01dcbe3c7fc4f3bde1adf9c99cd7ec63

SHA512
7dfe87936d87d3d5e41067f97b0d6bef935f9202b4aa920e9ba0c8b3b4286de095a5615dd92e863382e67a9b425a9669872c77855cc0e992685328697ac91386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1457737b986b28ca94eb7d8bf39e62eb

SHA1
b816d3a5acb3b3bd95e60a4c76ab2bab5767a8d0

SHA256
734fb55d388e6f5f07b4e168b2b037679120350ded28473998588305e7dae060

SHA512
f7c343d313e497f4d2ac4319fb07624992e12d366c28f2e6fe5580ea19a247f8eb84dd22fe8c687d6c7d88217bef5d08bad94415d6e86cd4b82b205a90d38b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
138c6d6962e86a65b58d8081f557fdfb

SHA1
cd72f2fa654bf9b3849750543db121329bda97ee

SHA256
567df8fedf3af82826d9196b1f46b2902345485f69809f81dc6e0bd0f1876e92

SHA512
cdc9c73d8b60f50216279ceffa63ea7b50c375eff7fad670257ba471a7e78f3668fa08ed6e3d10f830aacd92c2a01307f7e815b12487abc49a81353723cb31ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9283c2d772b7eb156f7e529049e365db

SHA1
772a3d8c633b22be76f3be5e6e6d958dfa4e4d11

SHA256
c9a8078abecd9d706c2bbf3ff68c9f75a462dc45a53da9241b41a5e46efb594e

SHA512
a7d06c02993dd0ecb924f4abfdfbca9e025170993ec30e28495b3a9642a8372da2893955227a4393f434bd9d22d873fca4506b536948fda05a7bf52488c75ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
72fbae880d756d409e5fb24359ebe5a6

SHA1
eef59a34cdebe37003003d4f1da97e97304f56a4

SHA256
ea188f9856026b1644ae0cd1e274f189879a904b1c873e9ad0975e2dc7270877

SHA512
2f0d1655acc844621a6671c8821972bdf3cd842c90be3ac86bdb17455e4d99c276ad0b7ade714b516099833143069f0f03affc50c22c022fb1c445fd08c3b8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18b7469413ee3aa9c4ba79b9792dd45f

SHA1
f98484f6fe0c6fe51cda5bcf055844a08c0de199

SHA256
3a5fce5def08c5c42431059bef4ce7e56cf2a1a5edefa8b73b635569fda842a9

SHA512
09e1a9ed91c2bab8dc601aee36efc19a61fe8bbea8f4b2077938c42977875d3113f502c719011762cd2cb2ee20a090bd2d292e6d6c6cc4d99393c0591c8d378c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e46f4a1a1ab5836f6ed0f00d4057c25

SHA1
9b519601cd3137cae8c909cba02d815a986d7c3c

SHA256
16efba71d4c58189a80c6bef52fb5a334c316915f070349dc2cd95b524cf044f

SHA512
0eee92d1465e772e25a350cb3b5b082a6bfd3c6b3ed82732ce373e9500fb5337aea4025e158f7781140f58ef289997d3eca77f27a9b8eaaaa601da3a4bbee0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e45f2d7fe7f425e88c6dbab8d5d52931

SHA1
eb7b7ad0551d31375046780814eeda3f0cbf029f

SHA256
296622fc000e00b0e07d6ea78db53815003fe2ab2b99ddf4d96c970450a6d9a8

SHA512
2dc615a948194c2f6c10cb487c5cba7adfcb100323bda0b9c3394817bf56f27347f60e82cae664a0598214c9d1a1108dc11773b673b2692a598cddc6e68f2043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83c704c9a83f314fa72e431f1e353c5a

SHA1
a7ad86515b9d9ef783e1e603de6acfed24b1c358

SHA256
a3768b9d02473283f58232a6a7e37a875cd42ce86f44ba21c08577e2feaa8669

SHA512
5573dfc7af3272f7d6f3f762b31446f6ede2581208085d8d35e1b477f53af6e7cf539e05b008b08aa377c1d57c2447825292ddc76344ea6b61d4bf3d62735267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
763a6003cca8bd943160ad65c18616aa

SHA1
84d2300291922796562440f38e9fef58297d37d4

SHA256
b194cce22ca3a209727d54d152b8c85e7f60c1e57d1efd53ca5e636ea05a279d

SHA512
e2aa16ec30512f71756213809189f3fc1369232e9ef9b32eba50270f38fb88fd49dbe3c686dbabfb088c6ceb20be4a4fed2b2ca8c06ff0b11e6e235532d19672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2577b9edc3e7c11e6afe394b76154b51

SHA1
810b884720cee063311906e76c201c740a39bc62

SHA256
ee9227bce4c513d76a4708f76e68e6a1953b1816cbf8f05733c408abca37aef0

SHA512
75da2ac6b56d3437bb1c5d5a70e67aeb38236a270d137d93ced60351d2c53ad920631d58b78524e35b32f88891856c71897c816f072399096077b7659f212834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed26bdaa33e3c10ba003841360a955a8

SHA1
43b0a8c5a49ead6fff73569405b9a548960cb886

SHA256
e4863467614dda75cbbc253c539c6505a9fb39a2dad828bd27784af0df7b6c79

SHA512
842c3aa5612b7c3701caa2f356145341baed9403640c1fb5eca610ee0de67173d79c7986edcc7709e46405b85c7975095e34db8d0b7f66d0be7dd7e314b9cc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e33333376cdf8a9ab81c5ab5b1f7330

SHA1
83afea499900ca53cdd43d90c3d56c56f5bf2c4d

SHA256
c3696f41302ac099a491188a30c72422d4f5b1d30f6a230d8ba03a2254bd50bb

SHA512
89bc72621c9652c3aec29280ef9d04cc15a9398aafee7d62f37327b352a73d2d6c97c659a4860742d48e400c7df6974638e2e6a0beb251e63fb8249c8eacbb7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed00a3303b2fde98dd7694217605cd5a

SHA1
1bea029b8df051bad4593adafced36eb77053394

SHA256
1ac00401f42bff7571105d2ae0916b54ec701835de6c65e82406b3ae00293487

SHA512
405d083393a657b1d60b7789f5084b4078d15b44ccdfdf26860eb07fd79e2adfb9036a20fb393574d8453d798fd608d7192addc621b5b4593ce86880e0870f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c717f9804e25168cbc0cac4a7e3a9ba

SHA1
2c3b1d8e626428877319d9efa14fbd54d86b11b3

SHA256
36ebe6f6b92217ddb89506eecd106e881b18e0105bae7fd227b77befb1710bfc

SHA512
fbc0a3c89d2fa4feff75073dc50602a95c04eed1498fe6650591c46b4854414462b2e0dc9fb500434d761923df517085faae644ee3efa720680ca9a1b800bf46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f5810b9fee0d0b4c57cd8d5af525663

SHA1
0bff61cd7653cc1e2d6b1b3cb2b67c78d6942aff

SHA256
d0725b89e05ccd2531619423ccdecc5382b1d2e02b3d2d84bdeb33d7fa486401

SHA512
b123278c299590c7ec174a37c128edacf8984cdea23e21f608cc8fabf496148233532ea8d52dee8c703d65755103001c82f2be5a2cc4742efdc795449f5d702c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7677f8138adfb910570e7159609f32f6

SHA1
8b53d9902f9e3230c8f05a5516435ff9c7b59685

SHA256
8d10e68757d29e8795d2640fe08bac3a1720e4dae323d5149883ba18ecd04928

SHA512
65591fb8980af1cb697e7dd5abd7de09a9d6749391193ad377d07ee2730c0949cc4a6e06189c3b0de503d008af992e55b82bef669e88e716ef3590a641c47b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
503e0665762be38e8adce86d9209ff7e

SHA1
f9af3fadbe1e0d13a02010f2a6c33759ab1785c2

SHA256
63f91028d89e81c6c7cf6903775431ecf613ef8ef79367bfb12209b238794ae6

SHA512
533caebfbcf054a869ea37023f0dd9053c627fec689ba20880e395c2d8c314815e97fd41119a1074f50b998504b562b53cd9b4f8a2c6a204129b0d44befbad0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2b5307119a972f95aa5601a57324d552

SHA1
1aeb2da85c742a675af334979c2187a1b762e4fe

SHA256
d8c0157f09f95f33ab10f1b33a2e25bcf2f9e997bcb4980b94351e29c1878200

SHA512
4abc6903ee84b584cf56550205c0a8bd5e28045a68058f51426c9dcb28f70c8f373f75a9140f930e59dd07c44f4dd052d2f223f9ff5835a0482df91c1624ef17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
3744ffba745fa0f21071d992eeb5c025

SHA1
e00d3fd30f723a8c0796cb33d1d817d402529b3c

SHA256
bcc47d008c857fd6903aa87e99ff5bd8c0f0e2de8d493ffed2ba758bfa750cdd

SHA512
7eb8ad6da3308cf79c5d213fe61cfcd9b081aa8e536bfbbc6b32d7bae9574e9418ea2ec030364014197c3df2c74cbdaea26c24af66a9ce1656d01d4b42afbed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
5b487a48efa6a6dd62ccf261d21780ac

SHA1
ae778acdbe36c6ace6f0679458d767b28b65cdeb

SHA256
227437fc454a4cbb291944be1e89734f9b280c1d535fc4dd3b47c240a8b455e4

SHA512
f5e8471cfb8b2fd4d3c2fa881931dc5ace4b91aaaa9cb06e2d9d0412422248c37820da33fa5f9137a6db8b61f751a46f6d9f96b3137a878883211c40f215c834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
4329975a07af48723ece5ba0bf9ee151

SHA1
fd56b5cafe26dd815754a74e1aebe883e6c27a04

SHA256
8f0e2150e368f326185d84254e1f16a153ddab9ad33294d53d89cbddaf54fc31

SHA512
07cbfb10a1775d8ea9b77ca27c90e01b0e8ca5c019923cc48cdf651db53f0b776f188451f738797eaf84aa6b5f641ba81e249b2dd9a4406a8c0e54bdb287f39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
23fac0768d45120393b4f5e139d4d6f1

SHA1
bba93a3ea4864550cea4b4ecd492664a09c0a60a

SHA256
d9695dfe091ef49604bf79b2004da66049a9c9494de85017a688b34d6f1c7515

SHA512
276cc8e50b89e38a3e1be30a49824fd52ad2dcdf432bca90c7a4e2d6694c89ac4ee3d313bd68940dfb8e3839be6fee05a834b8a79ce8aa72a3515ced82abdb2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5dce171a6f6aa2ffbba17eb1bcbe9e30

SHA1
e1234562777ad73b09912c47e32845e66e5e4b6e

SHA256
15ad715169c4c6f01d6511a399e5581d4da946e58fe8cc706163c9ac7d7f0d79

SHA512
c1d3375f4591e575a9c9c670f426e13cad88b43a6b7015bbb0f4c701dc03824a81f12adfe6c3193f7839c8791f17cecc8c60e39fe6891c6aa2e00f81f83be0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
f75db148bf77d786931191498999e43e

SHA1
8ab3db43d6b6d2e9d20d482fb61e539b9e642cf8

SHA256
4ceef86727dd207978a397b1ce07d5e2bf84d3d4be0102df8201c000020881c1

SHA512
3d3e7aa9ea31239ff50c75ed5a92d248a0eb09ec47e09acb106015e423639284695e48174ff654d73a2bd316c3d15be4389cf38503d47760f93fce9dfa36d542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
226KB

MD5
e5ef5c47d33ee524fe8cedff2485cf32

SHA1
86301544ceeb03b3ad4079dc6b9ffbb8d267ccf7

SHA256
9497895399524bee97554e2e032991ab309ee8873ec684503edb88e051d1923d

SHA512
bfc25f29e44dee94171fe5fc8d5e986f568f499a47ce85b09a33711894e48b4a91bd9b4309ef5aee6b18db11bf10a4fc84ce6b71ce0fe9e22dab912e36ba0a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
217KB

MD5
0624408562bd0f8965a1612f50dd2e5d

SHA1
f1f7c382cd60d883177b39247b02eefeeddff6cc

SHA256
fbda5fee4ed0f7f73f1cbf72d230f1a52da94fd5a48c2546059648ce0f8d09e8

SHA512
d303d35fca7eb4a8adce86e6ca12904bf7348b683fa503817956aa5d0122a412cac0a71d7919206011148ffcc6439054de947fb97c5f213a619ba602aa3ac61e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
41KB

MD5
c79d8ef4fd2431bf9ce5fdee0b7a44bf

SHA1
ac642399b6b3bf30fe09c17e55ecbbb5774029ff

SHA256
535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

SHA512
6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
63KB

MD5
bc02f243f64330412d857c6a0c9d2833

SHA1
02ae82c1d2843d386935fe6d58bf5a8e4f49fb96

SHA256
fde6ea4c577565a23caff104e2af87f3e52707bb986f6e540335fed152ff418a

SHA512
fe799326a6463494bf9d3e657026691976d9930c1459a280d129e6276a62557761f43894539b06ca63ee651870ee0c11b0b1cea6ad101fe0955317efec3bfe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
20KB

MD5
9985fae88748763dcbaeb52cd5bb1c97

SHA1
db05d8e97e2cc2979c5a33ff1358749f996c9d40

SHA256
a7c300f3096bcbb9cf24d472c9513ea876572eb14bda58f9bf7bad439ff805c2

SHA512
b701e77edb480296609129e518f4e1b9f153c9c113b648f9b0c83dc7d3d54dc8d46a369551fa9bd9141c0b30609a6837247bf5a3222d960fa5c03f576440256d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
20KB

MD5
cee2db765afc3a867f0069642252e7ea

SHA1
7ebd982a17cec444b9ac2135a1b4aa298676ced4

SHA256
7e3c016936036402bbf15cff2e9ddbc44f24e58a504a13969ca3ef04da3a2569

SHA512
9ee956f638aad954d8f001a0daaf275a5c92869b7077f74a6560c2f4c77b8247ba6adbfde5b32dffc25221bc44cbb3435b0440dd58b766e7f5362a44585816e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bb

Filesize
31KB

MD5
76d928a381346abfec199c2bba32109f

SHA1
ee06c4564b5e03a0aeb33dd0b0f5a96114f91d8f

SHA256
5708e96d2b4cd063ea2e7c4d2a90031555844eeaddc7441bf8f7f1e4b955b0a4

SHA512
cf4bb22f666db5196e8ef9c7bad3738c6b2cbf1aa79228205629aaade4925a3bf52d113d7df00f75d653f76f5a0df018863a941d0eccb464511c1e5dddb77e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4dbc62c1aeb01320_0

Filesize
54KB

MD5
7ce75ac23ae28702ad2ef4dfd22d4718

SHA1
bdf96cbcd8899becf4067fe2c57a321b205b1e35

SHA256
9cce5eede61e89d4fab0511577d9ccfb1a2921f3296f81497b454f0a91255cfc

SHA512
2190ab59bf429d71881167985e9e88578237451aca078786f9d1b261bdba7f02c6aa9bac341b16399e0bb8762f6e9f46069b38c3f09291ece893efe4158f372a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5ac81629c149306276fa815cc7ae1f2b

SHA1
1fe0e80f4022b704bfbd378ea886f81bf86596b2

SHA256
3680e319a799a030c257371c98f91fc295b2e0775b4fa867181821cf7ea9e24b

SHA512
bac62adf0013f7c59545010ae640bbc7d4c0037e9a2b566b12075e3727e7c7f2aa6b0b49c3d28d69df7e0f52317977d4e9de901126a43fec2b94695cf2305f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
595123e5a444c52336c1251187abd801

SHA1
2b2655af3a5662df5919c852d97dccac05377b68

SHA256
e1e007a87670443c28be3a8a6cd2d04ce0256027ef7feeccc0b4945927baef34

SHA512
3f629b93986d75fe3dae6b15fca0217098d05e00f42c6bf038d0d8f829df325b3024ebb3d9c094fed9db16b50620cdfc21238febd615c0f127d3e339d92e9608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
c0b39a79b36f45266a79a37f209fff81

SHA1
4105ca01a1860d5956636b5000ecc80c558a0ee0

SHA256
c30ce7efecc575d077d5fdada62042df4de48ee6b789751317192244fc3d0794

SHA512
9a14a7114e438aa0c09ca314a9f9ad4baf986695daf8f7b31256168729ca75887f6f133ed9b75b3ac965386c1690a41532567092a73d3ae02a4976444f7dab0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ee162a5908a8d9a936b223974b46d23f

SHA1
c721b37e653d0d9374082048957c0e5d99bf965f

SHA256
85fe4b181fba54392b31f49e41478b832d7ce0e9541b42f41c3c28d4cfbfc346

SHA512
a66b9366cbd0d213aba0311e9722ff6ffe1db12cf2cb97adb66cb4a132a5d452285bfe4a50a409b1ca60170344156c4e0dcfd1b5ea88f58139a46339ee7e90cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c9e077ecb2040e643dd5e5e78fda41d8

SHA1
a8e4613e0e1cbf66dec431bcc052f740e39727c3

SHA256
c9fad0652c716fb8ae19dc26aad93c0e661df88882111ffa83b464740ad4d1ab

SHA512
606ca02c52cd705c61de0d66cad82fa89477693243f3664d756bb78e049765904b51beb09d7ba4d47db4a9d8fabddc45af02c97b8ac1caf5221a2cf84aaa5b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
8b3fe78b94424590a4fcedff1abfbcef

SHA1
74efb8680fb39155ee9ed15b2a842daef9535f26

SHA256
9522bfe58d78e19559f2e0f2309513516c9fa909647ebf0761d78f3847bd1201

SHA512
5c267dad7a63b04aa842fb6fc511a2fc7c80fd1bd3eff5d695980281665bd8605ae17db40472d25a60e474206f4a3d2bb19b77510e4a841639e6227371309acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
4ef6a70794e9f86a7ad45eed28ccc990

SHA1
553f09b266dbf96f089a0a15c4052cb5a9e5a00e

SHA256
8846f860999f11b5f96befbc3e207b5621dc7ea200d63fa5c3743e90a2702292

SHA512
24e98dd260b2a4310571457382dce83d3b7817fe5ffd90fe4bc17d4dad0be7b56d9134a7a19c2b497c6bd4f81baa325220e35aa27be488d89a91b23444b9e9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
0835b1bb9b95ea7194ed97107de9c475

SHA1
c5d161727014497de28f55f22f6f7b31280b0b71

SHA256
833272c8ed09f7e8194170eb42de04c212ad17e33248ade5b497555d99dfba6e

SHA512
728419a49b3472614e3f911effba7f07ab3c0515499eacc32ca3c13b71977d62eb9d086c69c9f6d24a9be4e24389ecc3c173cdc6f14ea228310f4f9b3b9dd098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53925772700d5bf7250847fa0d76aa3a

SHA1
cdb6a1c5db87d180eb86c4d2c052405c5e871f08

SHA256
4b9b4ce94b8124a88cdcfaeed138adcfc7fc398a3bf255804b57359e3f72db40

SHA512
6d07f716c16307fea8be2016fbb43dae77843bea30ff3b7b461710f874dd95897ba5426959e929ca48853c817aa020b1c9dec4fc4afeb0068fc9257e35285079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0d770181a1a26ad065d941d8848f57de

SHA1
18884306edc5f332909833f5ca2fec552a90fcac

SHA256
67f0f86a85f0f403ada8ba113599be2cc2e2edc11921d22f725e031c2d45ab75

SHA512
58c5f73a48a77c25f3c03fe22e7c92c4bca4ac8723cf13003408d8779addd54f027f4f529e62e6f5753444a4042e77a68ddd4fffc7eacdd4e7224377aba10e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0ed49526e667cd77fedbb08c151bd990

SHA1
f573ad47478323df0470e8cd3bfbdab94578c7c1

SHA256
e6e90c3d8ca92cde8af6b020f93e0333bcf41f13720ba51e752c87e138f69473

SHA512
62dd040490faac095785b2ab4842524abb0ea4e6f94cfcf30e67f07164dde510a8dfc6bf0841727a2fcdc151ce40d2762a5851e4ef01b9bcf98085e28312a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
dbded2a5e590320dc7a81d4f58215d4b

SHA1
5665fb48edb82623ef09435732d07bd2dd9ec2ec

SHA256
f16b8bdf8547fbf9a0aa5e461665f02368d2463fb00d729f532df96d71cf2180

SHA512
61c2adc44d72245ffd4bbec0866da475d11202571f2a3714f665a86677811a055f834ef445de8b67de47b21d6e527687f2dd2056ef5ebb6ef9a6b269cd9bf676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a054c0a6f32125fa81ba2ba7585a4938

SHA1
90b44836213e383a44d00b91edfbcdf9d977b258

SHA256
60ba385153f8f9cb33cea76873b36bdd5400c74013fa331fb5cdc5a13dfd767f

SHA512
723d08aa511109f7083735a881f4040253021cf2ed22bba151af3a45c2506e5f08e82dabe3d98c8bdf5a6e0274d7b104c46d1553505b94a3658a38ec61c8b5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
233f493daef5cebc2c660009721637b8

SHA1
7943baa7d6619ad6ac99d0db754eb3b3db5cfa23

SHA256
bdbd5404514b3f147ca0e927d2f0daca3c342093e2b6e97e5767d6ffc5a61834

SHA512
fc49f50b7a7d9becc01f6acae080ea0840bd4ff9cda6e00b5ea98dd8ca428608dc83babe06d55d362519acb4fa428339a0897102c266d3e8e9faf7d561c9d961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
252def8443d5c337f9cea10a3b30c332

SHA1
162460a61edfc3b363db44a27867b7660de9af66

SHA256
80dd7b0371d37341cc2c09d946588dafb2bb4bbf80e4d1392a74ea0325dccdaf

SHA512
0beac53b600ce5507219c7e89ea8ceb1694df90debaf38c953b5366f25333fa23ba5d7a1768d77760986ba3d60ea853381bf1eae465088dd1c363ae89d1f9698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
cfcf618b6496cfaf1851caee13445a5e

SHA1
28d70deaead3a4733e88b18f29026a39cfaa79b9

SHA256
5c7af4e4c7876d4d12b908ab4fb1b4f2be4c5722cab6e3f6fd0f1e7c07ec8129

SHA512
a38e841c609a5c4620cfe70070e122949316428fc691720b7a0c78ec2b5f13bd39cf5e8efd3a39593161d079aac28698b86e58d91196b63de4b477945439364c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
894c10aba82ac218e7e567438e84e42d

SHA1
b25304164074cc61b1488497be4bc8531dce1a6d

SHA256
8806dba101ea257d95a9e4f0a7a0a7c3f17ea597b6f5995644afbd1d4a17c917

SHA512
f13c9dcb7153ca7c4206458244b715737046dbc22e6f6e632bde10a4e37879cca7002bba547bf879815c5e135f61940f582636db22cb30552efd425bb55bc07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1a4570267a748bc0503860ef1a7aed1b

SHA1
e730072db8895586a736914414d56e6f25dd1347

SHA256
8240c4de4839c3af444f420e8cdb04b210ef4ceb3e29b7fdcc70071bdc337f7a

SHA512
c7766f0f8055da1a933cd07d236d7c1d6dd9e1dfd4ab8dc97072bc5fc15ca7c502202259f3c17e11a5e6323c19908894ad319a9577e34b75c74c391a572536b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a75e6e5d2513a27b4abe2628074c319d

SHA1
1517e6f27d340e0610371f1ef01616fcb12444a8

SHA256
56e1ffe21b7c01b6e1dfc69deb52c3ee6542acf6f793e00144f61c58c0e32f69

SHA512
756f6d54ea7cf55ce282da368bc54e57adef3071ff997490add6b49f4729cc0358debc53987339e8e25144fa7e9f9873204857af89f0ac5320a47d14a0c7b286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1d7459f1785a60cff4bce4a74c984f0c

SHA1
7e0525d1d7e3afdbc2388a2e45cf57bcab935cbc

SHA256
5569c4269bec3b4536ab78be242fff301a25da046f761a33d3928c687a89b820

SHA512
f059b3806bdef7ed2c2c3576a14500f3be136ab144382a61acdde50dc2d2a8bba8ef018053cd49ad86bdc26e47ed4253e560f3ddf8b3a0014f840085b65131d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
985213e92c1988f530a453cc098cf693

SHA1
6773556cd4fa76b914a97373d6cc3e61faa03e92

SHA256
5230ab3c8bffa790a283ff007a3374d6ec53c2c2884c7520adfdb93eb01980cc

SHA512
7ac177372f7cd734b2cce02156b8768e3a7217bf76811328b2a0cabf75b6d89e411030c61d57ec605a580e1634f4e9813360d678fcda5611342139d6991d2e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
60093664e8f1292099787784a9c07882

SHA1
33909a9e9e0d5e02bdce75c1b4938b60927dcb43

SHA256
799de75bfdfd848d2da8201f0abc237970e5aefa3c8b4889b999ffb037ceff6e

SHA512
f51271b84be906b3572a84e8bef668366be285363bf3156e45d9afd58b74f977c6a4d392b5e376146727ae25e3bbd260aa1a9bb0f0fb9a5a89a4295b08992db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f99093f1fca31e1288eb6e4adf9c8ad2

SHA1
2956fbe725592ac8a01c008d507ec6d77741a394

SHA256
2acb71af9c07e5f6605bb395bdebf791836269be150ab2815f69b18de4864a5b

SHA512
f132c7aec90d9a15e0c789796259c3b8e50936e4be2dc25584670476a84d1cb7be26a6c96c5ac1f231aa1c81a4cadf0aa8e03c4c6b8e6ee368be550d3cfbf087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11df719ffd3620f29ddd994a6df5a030

SHA1
0b1ed07f7cb220b7b1ca89bebfb4556d91a6b409

SHA256
158726a0ba5b72816c41544b63bbc8d13e016c38d50b7a925b0a89478c81245e

SHA512
7a5462f13443c90f36a19a874eaf3635701005b7a6f48e93aa90da5821fec879370af24504570ec6387b08683820a7bf592ef17255d9b64d4c99de2fa5d678fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c64168e3e3f5d2cd7737b587bf635afd

SHA1
6bde5f308616ea67334c3cfac34db35d4fba978c

SHA256
f15f37c1c36cf63ff071f92439de89369790c48b920214b4fde7059664f60633

SHA512
e5bcc2e349fe4e28997313c07f5c4daec34e7f1ec57abda53f6065ed357b7a70e8b433c5a008a37fe5edafacc21e7f63c6298e748ba5e6931d579eb1459f7b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5f0d58c29449309db6981ab8e373fa40

SHA1
78941beb941fae3b200c9edcf8a0f12e652250e3

SHA256
de7fe0bafc352b57d21d6a4bf84b87c21d652fe19370e7e88cbb78ae1a2aa233

SHA512
54df73bdbbc5560f0ce26c94404b006ca7540ecae242ddc0c67b00fdba03cff144b8e620abd2f0b40682ef4c257ed6c28ca0c2805e3bc31bf5f37b4380a7fbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d14a9f376766ede9782a2a80b1d9f9e7

SHA1
f3f93ea2cfeb42bf2764b7cecfa96ed86bfaf09f

SHA256
e440fc841a92831890c38ef560e467577486cf5472190e86039bf1072c308b5e

SHA512
c3ca4347e9fa4836fad94a9165a712aaee4bfd925a2a9dbdd44fa4063daa7b085a00816445b56f83d6404104c5ae9eeff50ce5c6a59787231a899e496f9a6f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0a8fab1741637f54213fd36abd15420d

SHA1
823114c124ab50ca4b9a6ea7a48a07457aef77c1

SHA256
a78a81ddf8238a51467e6e0b83115deadd47324232d6da5154cd40adce5ad3d5

SHA512
a5ec99458f0f8e332252d55149468d987be77dbfe0377d08f0d0270108ecaf763aec227385db8b8ccf3647b146bdc0754ffbf37bbeeaa5e2e017520be705d9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3160576033315431925e1e937275ac72

SHA1
67d91a53a6f1759d0f57f9ae5696beeacfe86e53

SHA256
5b006f7e7108df38d489e797c41c1374a8c25c7c6fe2851212ea4c6cc8eb59c1

SHA512
b04bd953d93ea929eafd4bea31708a1ff746883b63c11f6c8753d1b31843d0844d2c124d9d485c2c0bd136533391232a1ff02ad66f0c5e966396751cf01f01bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4f1.TMP

Filesize
1KB

MD5
a4a942bb21d9d46d9d7f640aa7e753cf

SHA1
58546f9c91944c23a465b31b6f90e4be3812da6a

SHA256
9240e5b93ebf09191dc24f4427baa0c10207692618903bda3762de98a0475d56

SHA512
d421a169706c6ede11a41d55441f15171c573f51def41dea3f58593c487488bad9386568c2869442a0d1b669a3e38997ad0922df259fc8df42eaf7eba4cd5648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17a387f0eef46e7a6a39e005cfca100a

SHA1
f2c35cbd67ed562dd219bc3ddb15921d65a59fc7

SHA256
70f3dc36055ae3222b38ea5514e217a03a4b4768058a7b91113342eb748e94a5

SHA512
62922cfe9164a4c929965127879584c33e3a0058d34f453ceaeb881731504fedec6a82f03334ed392ff54003ed32eb01566f67d009ede73231a47b023edaa314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19fa34da74bd2c78da9a0aedaaef9b73

SHA1
02f83224891ba9f95f66ebbb4e7f57dc93432750

SHA256
18a1938462d585985abb8d6497f58c2f70251b18c9493865994f0fe752829691

SHA512
b38872231977d67c3270f05efca548dc481a7ca85dba6af4f8d9549eadc65567b3a946d10b995c7b5a2bf1bf636e971f8c33125f334785c6f8ed470fae4a810b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5867358241df57bb96c2907b86c328f

SHA1
4820d2aa923b897188ee59b0926d29a5409f18b0

SHA256
1d75486b38c2039648b6cdb87a9e2acab8eae154fda08c045da3b115cfa8e064

SHA512
9f6cc7ecc63c94eb6e98a687249ba5ca738bd755bd3a4a0a00fb6f318ba97ec6017f73075cc156a7f085693bceda9feb2e3182968118bd3c203fef4ec1fd990f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df8156722bc971fbe0b97d6d37c7de99

SHA1
e3f33b15ba0c7d73ecb4e14731ea56ba66b7f3d2

SHA256
d8a63984342eaba66b435444846fa4ddf11ee57272c8f1afd152d25d8ff0178c

SHA512
afb647ee2990dbc430ddb508a7c1a5cce41adafc9316b265d0330c4f05df12e4180dcbf5b52feb8389095d4178ba43641bdc10ef2d1f06cfa6a42e7e7e6d0be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
730f2e1d0475ba2ea30836e78a47e169

SHA1
8a5a72950e649c7b47ac4518771d419661d2bfe6

SHA256
300c181b8ccb660a85bff78ed2f5f2ff22caf700d72f167cc9f2524fa9ddf31c

SHA512
a8de32a6b68ef14da63779dea9996e328c973f495dcdb5b56b974c304fd4c495b6af089ddec70f9855df29cdeddaf6bc7915077a47992dd8e8e166930b17f6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48ad0bad747cf73cc47bcf2a7e8b441c

SHA1
4de2c056d4b7cd1c092e6b8fa9ad1b0bef69532b

SHA256
39efb17020f7a518e2984a0039cb86cfe0a3bbb3cebe0823bebed69fac463d45

SHA512
51c3b5981847dc8763944e6ef9642e8f7c47d15ba0492da8f9b8298f391fc810e248283d1fc878318ab2961a7e9fcc37353983a98e45a2c37fa3f3d448d7db20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29011c3368686b965b6fc1ef0153f1a2

SHA1
a8cae11cfdfdca8606d9ae74f83dae18faa03b99

SHA256
5c0c5a4cb84440675c87aa278b21a3d6df0fabfc22b3c439f522faaaa496961a

SHA512
9d51d14a68b2a18d6ac5cee8ab44c83029f6bab2f36ee7f3143845bb7c45474e940538b3b2ebea8075af88c8cff05a5a610a941726ea65dcc9108fc1cf9007e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
5a7249aa4dd8deb9c1ce3322f8e478d7

SHA1
837a42a949983baf4f624fc5e90d55bf18b8dbf8

SHA256
5785752a14e482227f4350eb31fd3c6ad0afd302120d254104dd536c8596120c

SHA512
df8f83d856e2a586df4bc861a653f02ec12af52aa9a98b401a6e2d405537b83643928de477108e206b279a0f290383afee173279e1f1f8d08541dbc819bf9e20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
ffcbc6363b7ba1c4aec18b057869b0c0

SHA1
db395e155379fc31612be92bd6053f803f95cf4d

SHA256
481cfbcfc5f5e7d7aba9d27f082aecbd84170cf9ef33f48c8a0e52908d22afb4

SHA512
4430d771267c6891fcdfe4c7189da600d4f48e02b358f1ae763b828f519ddd4a329925e3b68d827ace71b34c17e1bf3f68bc48c3eabfee5394d45a457ba1e7b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bfabf5ba3c9090e08a0f11d869c72cc7

SHA1
2428ffb93386b877cbb888aefd91713d1c33bef4

SHA256
cbae13fcf3ae9b275ca073a147a452ea731e6d6a1a16883ee9ef1655529786c5

SHA512
4bc4906e7de16fca3c74899380a97c1e6b18905f11f13749be08fb6f898b6517ba7cab4d4a94d8284ac47a66f300efa7b1e0bb69c16c7d9b12083492e84f7988

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
0766ef22bb896b3b40b605eb8eed0574

SHA1
6362f9131b1882e5f37dbf7e50b190d770b47005

SHA256
bffdc5baf6391807778fc75ec5dcf8124a91168315ca47324971ecc68d6ecc29

SHA512
49a3e7c0d9ce99e4e5b4e8415f6f276b15eae10f06f1fa90cde449e465fa662a94eafe47971850e60adb703e40ef0c84be87be7a4cb9920e63f753818fb88b9f

Download Submit
C:\Users\Admin\Desktop\talkit\Talk It!\COMMENTS.TXT:Zone.Identifier

Filesize
142B

MD5
a37ddc4f226ce7e36042fa48e460ad2f

SHA1
84fcc5a8cad1a67b3379607da32544d20c1a6c59

SHA256
e5f4edb5a2d1d0487b276e8c866c4ca1c6b367de310af38eb02219313a7f0e26

SHA512
3696fba532f42d20ecc02c95a18b107a511cf8ebac55a11235ad5e2545e7dacd66ef306a324892083ad636e1f4b3f2c39737a7880bbb84c022a37d4fdcac0011

Download Submit
C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE

Filesize
534KB

MD5
bbc3687e84989e3f70f2179ba9a458b3

SHA1
7059147afcd22233c1180fa386414b8e9f8bc10c

SHA256
49534e847f24fdd727ada248666c5ebbbf7cefff54443df1dd56240cccb50a97

SHA512
e66f6881fb5e3f4a7911fd8edfae82f88d4c4089eab2efb180fbc5c0860edd298c85d838426e0ba4cec0d392ae76c470fcb442b9699c841d5919e008e5a5fac5

Download Submit
C:\Users\Admin\Desktop\talkit\Talk It!\TALKIT.EXE:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Desktop\talkit\Talk It!\TIBASE32.DLL

Filesize
78KB

MD5
2cb4f99812841f5271ea9fce41dddb46

SHA1
f4cb27de41b7c4138c1438eb79a4f3468b56f57e

SHA256
9297f69236b296238096baa1e9d00567fc74409b5a7ebe2565da71b27fcdc5cb

SHA512
e256da1350e600707a961ec155d6c34bad21a08fc5b7d8b14defe70b018a1473e5dc1cebe05139b902289bc995953db86139a64e6e0ff06bd62d85cf7654346c

Download Submit
C:\Users\Admin\Desktop\talkit\Talk It!\TIENG32.DLL

Filesize
317KB

MD5
63ebdcc2ea86671601af678535aaaf9d

SHA1
680d14d8ad355f542677c1f0ae02d2f6c7b08ba9

SHA256
4e261dcdf4eca118cf75c39b2f52d5b00888de820df9e4e868183a039f25e98b

SHA512
d105a4cb3e40bd1cbf18bf60335df54bc7b1f78a6af236bd1acbacbe2e1268b98b3331edae923a40b7db3de2393cc20e5209258b126116234dadcce1a4c203e4

Download Submit
C:\Users\Admin\Desktop\talkit\Talk It!\TISPAN32.DLL

Filesize
65KB

MD5
1e522006e572619dabe8713ebc83c27f

SHA1
b7a574f6763c405cac18d5930d4538ccf70d3824

SHA256
ccc3c0b35b42ef40e116a8ba5e6f40c1f303e00f6d6c31c9a9eac5994b1d5294

SHA512
7451e0de0c38709e965f473e5b721ef40760955cec58659abc5d60d2b6e8bb28b0fa15bcacdc194fa412563c97b6150c5708fdf2ec198054a48a212386b47ab7

Download Submit
C:\Users\Admin\Downloads\Talk It!.rar

Filesize
308KB

MD5
bc303af88f60cf940adeb203459c400a

SHA1
36cd3f366173a8dad5f7a9bdf46e8137cba5098c

SHA256
10aa12585fdab4769d3ee30fd4215e1b4a059733585462323374dd883808ab82

SHA512
85052fbde2618f673fbd240fd86185e32fa5f903aff83ba4275474095716dc4706aa549a616c7674bfdc000441d8ea0b56184b37ecc60f8cce35ef25f9980b50

Download Submit
C:\Users\Admin\Downloads\Talk It!.rar:Zone.Identifier

Filesize
313B

MD5
6d78c48a4d5ccc5e0d0e0c97541385ef

SHA1
3499c7596466f3348f826be7900cba1f7bb6a609

SHA256
6d19f3d2efb034848822bd70cede6465b0de0205bbf83f67ad7e110464e35541

SHA512
6d51b38e4e4055a56c41ebe31d74c8d73d2c5754966660314093ca0f7e424824b37a29cb82f382457065ed7c1ea34307a7ee230464bab57b69b4da17ee98f7af

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier

Filesize
75B

MD5
cc0696988fb91d676adc27bf3949786d

SHA1
0561557bebafa161aff436b63f28e213b99d9c5a

SHA256
c95c0ffea82a8baa88cd2ef8b099ab37c1e78f64dcfaee17e22fa4ebda309e08

SHA512
a8316da6329998903726eb1bc4321f2e30458cc63cf1e2246623a44ce58a26ee7f84ce04c40651d36977ed38b55e12d426f86934b5a5340b7e4bfe1e5449e631

Download Submit