68e508fbb3cb0f01a04d30dd00d3fc5cd40f584b9df79d89eb200bd5f6f5814f

Analysis

max time kernel
601s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TalkType.exe
Size

169.0MB
MD5

d21b065f4238ab9b2bb225b766927252
SHA1

0d917f3b6965ba9d3827bb61eb83c0e8d665f3c9
SHA256

fd5ab7f21d1c723a4ab6e358784043a392e27800ef7eaa2be316a9f812745148
SHA512

456a74648d92fdf5cb9d7400710add79f091af3cf3eef141140c4a2e311c0dd2b05ffac1d88671a1ffafbd529bfe4ef6a2980c8915b5425ff492532b7438633e
SSDEEP

1572864:z/GY26JpMEtwq2siQtkHZMTwpNUdYHAMRe845LgwECbnEVrsa0pHMDAyAabmm:BbxK4byAa/

Score

7^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	TalkType.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	TalkType.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3704	powershell.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	TalkType.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	TalkType.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	TalkType.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	TalkType.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	TalkType.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TalkType.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TalkType.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype\shell\open	TalkType.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\TalkType.exe\" \"%1\""	TalkType.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype	TalkType.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype\URL Protocol	TalkType.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype\ = "URL:talktype"	TalkType.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype\shell\open\command	TalkType.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\talktype\shell	TalkType.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
4876	reg.exe
3992	reg.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3704	powershell.exe
3704	powershell.exe
4140	msedge.exe
4140	msedge.exe
2992	msedge.exe
2992	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe
1996	TalkType.exe
1996	TalkType.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3704	powershell.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe
Token: SeCreatePagefilePrivilege	3540	TalkType.exe
Token: SeShutdownPrivilege	3540	TalkType.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 2268	3540	TalkType.exe	81
PID 3540 wrote to memory of 2268	3540	TalkType.exe	81
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 2184	3540	TalkType.exe	82
PID 3540 wrote to memory of 4744	3540	TalkType.exe	83
PID 3540 wrote to memory of 4744	3540	TalkType.exe	83
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84
PID 3540 wrote to memory of 1708	3540	TalkType.exe	84

C:\Users\Admin\AppData\Local\Temp\TalkType.exe
"C:\Users\Admin\AppData\Local\Temp\TalkType.exe"
1⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Users\Admin\AppData\Local\Temp\TalkType.exe
  C:\Users\Admin\AppData\Local\Temp\TalkType.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\TalkType /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\TalkType\Crashpad --url=https://f.a.k/e --annotation=_productName=TalkType --annotation=_version=3.1.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.0.1 --initial-client-data=0x4d4,0x4e8,0x4ec,0x4dc,0x4f0,0x7ff69259aed8,0x7ff69259aee4,0x7ff69259aef0
  2⤵
  PID:2268
- C:\Users\Admin\AppData\Local\Temp\TalkType.exe
  "C:\Users\Admin\AppData\Local\Temp\TalkType.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\TalkType/v3" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,18133950014050533546,11730704778411596777,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2184
- C:\Users\Admin\AppData\Local\Temp\TalkType.exe
  "C:\Users\Admin\AppData\Local\Temp\TalkType.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\TalkType/v3" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2228,i,18133950014050533546,11730704778411596777,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:4744
- C:\Users\Admin\AppData\Local\Temp\TalkType.exe
  "C:\Users\Admin\AppData\Local\Temp\TalkType.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TalkType/v3" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2604,i,18133950014050533546,11730704778411596777,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:1708
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -Command "<## # Replace Text # # A powershell script that first deletes a number of characters, then inserts # a string. #> Add-Type -AssemblyName System.Windows.Forms; while ($true) { try { # Read the JSON data from stdin. This while loop pauses here waiting # for further input. $jsonData = Read-Host; # Parse the JSON data into a PowerShell object $data = $jsonData | ConvertFrom-Json; # Access the properties of the data $text = $data.text; # Replace each newline character with a command to press Shift+Enter $text = $text -replace \"`n\", \"+{ENTER}\"; $deletionCount = $data.deletionCount; $deletionCommand = (\"{BACKSPACE}\" * $deletionCount); $command = ($deletionCommand + $text); [System.Windows.Forms.SendKeys]::SendWait($command); Write-Host 'Script Completed'; } catch { Write-Host 'Error occurred: ' $_.Exception.Message; } } "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\sysnative\cmd.exe /c %windir%\System32\REG QUERY HKLM\Software\Wow6432Node\Carescribe\TalkType /s"
  2⤵
  PID:3492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\sysnative\cmd.exe /c %windir%\System32\REG QUERY HKLM\Software\Carescribe\TalkType /s"
  2⤵
  PID:3740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG QUERY HKLM\Software\Wow6432Node\Carescribe\TalkType /s"
  2⤵
  PID:3484
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG QUERY HKLM\Software\Wow6432Node\Carescribe\TalkType /s
    3⤵
    - Modifies registry key
    PID:4876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG QUERY HKLM\Software\Carescribe\TalkType /s"
  2⤵
  PID:2652
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG QUERY HKLM\Software\Carescribe\TalkType /s
    3⤵
    - Modifies registry key
    PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dashboard.talk-type.com/talktype/oauth/register?client_id=tBLmSlEzopSKJA9pXNqiau5GAUg0gL48khwg03Fphog&scope=dictate&response_type=code&response_mode=form_post&code_challenge_method=S256&code_challenge=_rkFVzx6eUzf06aWJ2FMBBehpEASzszRnMktmmpZ4zc&redirect_uri=talktype%3A%2F%2Fautologin
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd7a1546f8,0x7ffd7a154708,0x7ffd7a154718
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:1420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:3796
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5698291049391437469,2128738741953269717,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5260
- C:\Users\Admin\AppData\Local\Temp\TalkType.exe
  "C:\Users\Admin\AppData\Local\Temp\TalkType.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\TalkType/v3" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2484,i,18133950014050533546,11730704778411596777,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8d2053d27e95508139a2faa2aedd365d

SHA1
1554f19c44800ff458275e286076f566413abd22

SHA256
d62c7b46849138e1fcbcf83ca8cb1d79419a040b512a8b46359cde89ae79811f

SHA512
23468aba4206061da680df35f3ce02c0d3b4c257966627afe9223db610a6ee2b425d65a067df247f68c5dc9c552a1255ca83b516c5d783ceb7d85703511d718f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
751B

MD5
e3cc9faf005792b9546826c6b795f5f4

SHA1
81bc542f31577073adfa2e2611656f4eec64f6c2

SHA256
8cb7b4b6f42261870320e73d4a539b7ca2ecdbd1ec66241a624046f9eb4e9b33

SHA512
529b127eec5d43a81497791d1369513c36d45332dbfe8871722214d55670d91b87ee94b879e2512fb8be6af823077c7ca5af33c0c3ba8dd426a39336e29ceaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1f42ef46242292dcc5706efc8a1607e

SHA1
0a94d49aee030e163b9610592b6c9e5f37089d31

SHA256
647289599ff76e017a0584312a79a762a9fae8b55221b22fef1f85541f7b73fa

SHA512
2c4960b19af79eb528475c5211fb35f6e2b1968432ba5ff7328e73d77cf205aac1778f8504006d5c5b7b04ca22645bad93bde9224fc3d164c956f2a8a51d9cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b78d8d3e923b64aefc30b2f04e263c4f

SHA1
cfcfe5e3f762573d491f478a5478197791ff0a47

SHA256
fcd25d709936ffc0425d2add45f00b3e91e932064f82d02e2b937e559a9b7b7d

SHA512
03407898ce007a48fc119931d895d8885514fe8fcf5db1a47d5ae704e871dd892f9fb135f2476a244f10f404b944bffb879818be54b5a747d4e72e1e03ea970a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8346ba0c66c38b04c624aefcdf5c6b2e

SHA1
ac9ecd3027f337a698252ce0a8ed98796e7d2c16

SHA256
d75a01fb97529b913c024d136acc36337d1c1ced847dd5853d321517bdb771e6

SHA512
0a27c3ad4147b59b8d4d80539c56e3ccb91f917acf399eb245d7554d02ad76e35ba3aa49a53dc14173d1c008a04368f537696911a66b13dd4f6a2ebd5702d7d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qdxfkgwr.izw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\sentry\session.json

Filesize
249B

MD5
5336b4e3ce8b77c6ec14840e22d59531

SHA1
59a32b49800b226e4ac12ebf6934acf134292c56

SHA256
4649e09ffa75f483cf218c974fb1d9befaaa2137173eb378f6bcc0a76523210e

SHA512
e5d9dd212696bc10e7b00b1e0caca9bcd807cf0ac45c6fb072ffa0231e720485e3a427130fba00e699ac758a1189fb586225dedbb5ccacbba307f0e990e89f57

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\3fd2282b-e7ad-4ffe-aa31-bf0022a37b4e.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d3920c8b5954f3b28e0d4ba496d9e80c

SHA1
d757c7118d5c578d77e92b921ac552646eff6341

SHA256
9a6e1b77a630ab4fddbc938d27a9928c08606609e880337a8caeeb1cc6b95e38

SHA512
700ede1dfd8dd360864e753513797559c3172e115ef36c31552fa4d6a4f41da2becd6327a3f50b80695616b7a1eaf7a6a9e87d17692257a16cec7ec30d22c372

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a94cc64a5c97d2cc012fdf71969dc96d

SHA1
47712f29ce8e23f6d7b9d2607e67b512e4787ca3

SHA256
c8c92db4f578169094d3eb758f9962539f7a857f72712400fe43178f3b90e1f0

SHA512
4b9236ed4c962b63b915bfc351e5caa9b591533d6631babdfad48fd9af0bce555cc73447b39728bf4bccca1129eb47bf4ce697c35669e7a41ef3b848d81fb7a2

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Network\Network Persistent State

Filesize
1KB

MD5
bcc35624f1176ed9826dfb78055ff347

SHA1
137e18233b1be01fb5ecf1e1fbeddbd61e4aaade

SHA256
f31c6a7f313c46a3fbba9c62ccb234655af9badf3115c6f0bf85bf1a19d0a02c

SHA512
227d3769b4ea3cc39aa903f4a8067a7a82ddabe0de093a747a0dea8f93145ab7bf455e1fb3e82cca51add8ce32ec7c9c6eeec6ea7448a59de7ccf84c27510274

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Network\Network Persistent State~RFe589565.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Network\TransportSecurity

Filesize
1KB

MD5
a326f49192cd43814f0414156dd38c51

SHA1
ce91ca3da3a5076d4424cde80e384ccf6647d3b4

SHA256
186822ec39efe38ea0a55600158b526f678dae53606f8b862a7b4ed0276d1a64

SHA512
c21b9d53764f26b9d025de0a989511442920a511cfb59af2995f7a24a655ed70c6f15194b651d52342cb9a50a224f9b8c0311b7329ed3d8fc78916a28350c370

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Network\TransportSecurity

Filesize
1KB

MD5
97bb57ce65884146c65b674ea71dcbde

SHA1
e17bc7fc9786114a053b99edbd8ca49a10077df1

SHA256
3c44fef35414f4ac72f3964596132f93aea79919cf940d4ae6db7d40279026ff

SHA512
3b8dde5d4fab886d280aecb93443e977ffb3aa9ba1eb98cc8e1c066e87654405beac5d322e810cda07b86e9869d3f09ef9fa62699e4df10eff387ed238ccf180

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Network\TransportSecurity~RFe57f906.TMP

Filesize
1KB

MD5
79c15d39abd0df0197fd3f9f04cc3848

SHA1
721a96aac025f44287a9b41757f2c28a19010fdc

SHA256
6c232737e04870ae8943327edfdde494ff101cb5a9d08c16daedfbdf4b9ede42

SHA512
4e55e21dfed8e08b159f8625e5fae98e6d76dee4c66d347f1a2817857520b3fb5bd0a3d2bf38213aadcffbbc406504da4449d000db0e4a5366cbed6b48417867

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Preferences~RFe57acca.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\CacheStorage\a04be41ad17bc0d2ab5439999434ea27b2d8b4fa\be27891c-866a-4164-a6ed-ba10bc408c87\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\CacheStorage\a04be41ad17bc0d2ab5439999434ea27b2d8b4fa\be27891c-866a-4164-a6ed-ba10bc408c87\index-dir\the-real-index

Filesize
360B

MD5
f14b344ed65b2c8569bb7f9666395601

SHA1
3b32eb9fa9defbac3746ca276757898d9b107306

SHA256
d8582129749117dab0321577e49c567ab733dfdfaf4043cf50bb72e046e62154

SHA512
ea05837dd014632e90cfaba2212b633971f320b5a4a5439ee3725035da5d09b026dc6f321bdc39d52286fb03d7bab10909405bfd01b1e6b71bebcb25c2ccc234

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\CacheStorage\a04be41ad17bc0d2ab5439999434ea27b2d8b4fa\be27891c-866a-4164-a6ed-ba10bc408c87\index-dir\the-real-index~RFe57dac0.TMP

Filesize
48B

MD5
a950cc13c823ddb40f145baae54c1d30

SHA1
9cd03d02653b3f086636b1629556d30f45d66d26

SHA256
c10168e83815e41204525adeb7d20573921536d84bb812cb1bbb5f71499ae1b2

SHA512
d63177913671f0ef96a3682edb3f2a3220e6a0695d1adaf9ceff7719476f06e152c6b276b857c106bce6a1d06c823895ab85161aa558b9362b26f537cb194148

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\CacheStorage\a04be41ad17bc0d2ab5439999434ea27b2d8b4fa\index.txt

Filesize
157B

MD5
96ce985a6430c7fdcfff8e5b39d29af5

SHA1
a6adae895561ff3c38bdf933158a14b1c9dbd591

SHA256
04dcb8b3c1ac30268759ea04e1e5024efa586ca9c91c40ca575d9fddada5bf27

SHA512
683df18278d8c73942db15f64b5d85b84324eeb61abc42ff729e57bd557b4ad047b8a9cc8cd8398eafb2f4b1d2f30b18754220cd353eacda453fce2e56530069

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\CacheStorage\a04be41ad17bc0d2ab5439999434ea27b2d8b4fa\index.txt~RFe57daef.TMP

Filesize
161B

MD5
361fadc47c238306a036b0b6ac8143ac

SHA1
e4d584ff3f4c6507ba47726e325952aa016ca8b7

SHA256
2b7a1cc9b9d23e5cedc23407772b6c791b865a15ede7a342ad3d13bd46ce6434

SHA512
e0a9a2880567a5ef01024c7f2307728d13346d8a91351c2d06b8b0d8729fd51bf2f645040be2d2838c97a1b90724782d32e97a0b44d86af74a3e87bb9efb57bd

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
364ea010fb2daf8985645420be611046

SHA1
6058d17e19f0cc4ebd7a14866deda832a25340ea

SHA256
367ab9cc64a9ac38a24f292fd4acf50177c23c1c9fd9ad8e6f2e079df67bbaa4

SHA512
f2087be6100a76f5c0724d9bbaa49025f9cc9cc02a77dd47f05b41cd21937b02e66d952f1768137d592baf2da7634da147ac2bdeb2677c8ec662e94e2913a188

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5bf.TMP

Filesize
48B

MD5
a41e334b71c88fb504d2ae6dfac77de0

SHA1
909626665dde1955861e651a6031f2a5203ef177

SHA256
bf47a64cacea83e5470fc996674df5db1ea29864c25e3085bdafc7306ccbd11d

SHA512
06a50ea03619bdcdbcb28b47e03b5f68f27f9d473d54d8c6a266ac6e6322a5d9f7e6c2aa958eaae591ec2958ac46f74a9483b95223768be525246ad841bc0541

Download Submit
C:\Users\Admin\AppData\Roaming\TalkType\v3\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/1708-66-0x00007FFDA2900000-0x00007FFDA2901000-memory.dmp

Filesize
4KB

Download
memory/1708-65-0x00007FFDA1F10000-0x00007FFDA1F11000-memory.dmp

Filesize
4KB

Download
memory/1996-411-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-412-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-413-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-417-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-419-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-423-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-422-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-421-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-420-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/1996-418-0x000001B675C00000-0x000001B675C01000-memory.dmp

Filesize
4KB

Download
memory/3704-88-0x000001BBEAC40000-0x000001BBEAC62000-memory.dmp

Filesize
136KB

Download