84aa684e31ba3821e4264c64b9022f96b3086dad7da4ed0df103c2a12a93afa3

Analysis

max time kernel
1049s
max time network
939s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
29/04/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MADARA.exe
Size

58KB
MD5

f43444c22fba86993cce7acbb5393ca7
SHA1

7a729166e481fab3c0e8b7007311e604ca4b8bb4
SHA256

514767e0c35d9b64fe14e49e87a218ad848775612b9970b763b636041613e949
SHA512

fad517025d4e2624c8c2a3065c43849fe3a9619535055ebdbfa1e40aa4500d2e59907f7c0fe7b621433f2f4e7fd4fed3dec1b2ebddcd959ef58c9260f2f07ceb
SSDEEP

768:bb6bxxeLCLRXgsr3sTdMxePArJg+9zYcHeWDZ:bKpDePAcc

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
1012	TikTokBot.tmp
3712	TikTokBot.exe
1116	TikTokBot.tmp
1840	TikTokBot.exe
2528	selenium-manager.exe
132	chromedriver.exe
2368	chromedriver.exe
1408	selenium-manager.exe
2288	chromedriver.exe
952	chromedriver.exe

Loads dropped DLL 6 IoCs

pid	Process
3712	TikTokBot.exe
3712	TikTokBot.exe
1840	TikTokBot.exe
1840	TikTokBot.exe
1840	TikTokBot.exe
1840	TikTokBot.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 50 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\TikTokBot\is-U72N1.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-AQP7U.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-D0AR5.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-2TVO6.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\symbols\DLL\wkernel32.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\wkernel32.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\wkernel32.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\exe\chromedriver.exe.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\Newtonsoft.Json.dll	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\TikTokBot.exe	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\chromedriver.exe.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\dll\wntdll.pdb	chromedriver.exe
File created	C:\Program Files (x86)\TikTokBot\is-HCGOT.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-8DI3D.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\DLL\wkernel32.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\wntdll.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\dll\wntdll.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\symbols\dll\wntdll.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\WebDriver.dll	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-K1F2O.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\Microsoft.IdentityModel.Logging.dll	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\System.Drawing.Common.dll	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-K77PR.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-3UPPO.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-F85IB.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\exe\chromedriver.exe.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\symbols\exe\chromedriver.exe.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\Microsoft.IdentityModel.Tokens.dll	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\selenium-manager\macos\is-BBRJ0.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\symbols\DLL\wkernel32.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\chromedriver.exe	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\selenium-manager\windows\selenium-manager.exe	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\chromedriver.exe.pdb	chromedriver.exe
File created	C:\Program Files (x86)\TikTokBot\is-IQ0SR.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-49FJ6.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-HSP1J.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\selenium-manager\linux\is-HR5VV.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\wntdll.pdb	chromedriver.exe
File created	C:\Program Files (x86)\TikTokBot\is-LJ1ED.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\selenium-manager\windows\is-PAA7F.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\symbols\exe\chromedriver.exe.pdb	chromedriver.exe
File opened for modification	C:\Program Files (x86)\TikTokBot\symbols\dll\wntdll.pdb	chromedriver.exe
File created	C:\Program Files (x86)\TikTokBot\is-J9IVL.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\Microsoft.IdentityModel.Abstractions.dll	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-CBRKG.tmp	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\unins000.dat	TikTokBot.tmp
File opened for modification	C:\Program Files (x86)\TikTokBot\DLL\wkernel32.pdb	chromedriver.exe
File created	C:\Program Files (x86)\TikTokBot\unins000.dat	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-L3235.tmp	TikTokBot.tmp
File created	C:\Program Files (x86)\TikTokBot\is-8BE4V.tmp	TikTokBot.tmp

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chromedriver.exe
File opened for modification	C:\Windows\SystemTemp	chromedriver.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588239349225673"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\TikTokBotPro3.1.0.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
1012	TikTokBot.tmp
1012	TikTokBot.tmp
1500	chrome.exe
1500	chrome.exe
1976	chrome.exe
1976	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: 33	4584	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4584	AUDIODG.EXE
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
1012	TikTokBot.tmp
1976	chrome.exe
1976	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1580	2896	chrome.exe	83
PID 2896 wrote to memory of 1580	2896	chrome.exe	83
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 4184	2896	chrome.exe	84
PID 2896 wrote to memory of 1548	2896	chrome.exe	85
PID 2896 wrote to memory of 1548	2896	chrome.exe	85
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86
PID 2896 wrote to memory of 2404	2896	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\MADARA.exe
"C:\Users\Admin\AppData\Local\Temp\MADARA.exe"
1⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff979caab58,0x7ff979caab68,0x7ff979caab78
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4696 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4248 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1480 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3012 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1824,i,10069359336462060269,7964764058352680491,131072 /prefetch:8
  2⤵
  PID:5052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x000000000000049C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2328

C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\TikTokBot.exe
"C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\TikTokBot.exe"
1⤵
PID:4200
- C:\Users\Admin\AppData\Local\Temp\is-K3NFN.tmp\TikTokBot.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K3NFN.tmp\TikTokBot.tmp" /SL5="$502F0,13501847,780800,C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\TikTokBot.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1012
- - C:\Program Files (x86)\TikTokBot\TikTokBot.exe
    "C:\Program Files (x86)\TikTokBot\TikTokBot.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3712

C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\Keygen\MADARA\MADARA.exe
"C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\Keygen\MADARA\MADARA.exe"
1⤵
PID:1436

C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\TikTokBot.exe
"C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\TikTokBot.exe"
1⤵
PID:3100
- C:\Users\Admin\AppData\Local\Temp\is-18S7O.tmp\TikTokBot.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-18S7O.tmp\TikTokBot.tmp" /SL5="$6032A,13501847,780800,C:\Users\Admin\Documents\TikTokBotPro3.1.0.x.taiwebs.com\TikTok Bot Pro 3.1.0\TikTokBot.exe"
  2⤵
  - Executes dropped EXE
  PID:1116

C:\Program Files (x86)\TikTokBot\TikTokBot.exe
"C:\Program Files (x86)\TikTokBot\TikTokBot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1840
- C:\Program Files (x86)\TikTokBot\selenium-manager\windows\selenium-manager.exe
  "C:\Program Files (x86)\TikTokBot\selenium-manager\windows\selenium-manager.exe" --browser "chrome" --language-binding csharp --output json
  2⤵
  - Executes dropped EXE
  PID:2528
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "wmic os get osarchitecture"
    3⤵
    PID:3980
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic os get osarchitecture
      4⤵
      PID:4724
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "chromedriver --version"
    3⤵
    PID:3568
  - - C:\Program Files (x86)\TikTokBot\chromedriver.exe
      chromedriver --version
      4⤵
      Executes dropped EXE
      PID:132
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "where chromedriver"
    3⤵
    PID:1380
  - - C:\Windows\SysWOW64\where.exe
      where chromedriver
      4⤵
      PID:4244
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
    3⤵
    PID:3592
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
      4⤵
      PID:2576
- C:\Program Files (x86)\TikTokBot\chromedriver.exe
  "C:\Program Files (x86)\TikTokBot\chromedriver.exe" --port=50229
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:2368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-blink-features=AutomationControlled --disable-client-side-phishing-detection --disable-default-apps --disable-dev-shm-usage --disable-hang-monitor --disable-notifications --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-sandbox --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:1976
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff979caab58,0x7ff979caab68,0x7ff979caab78
      4⤵
      PID:4388
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --enable-logging --log-level=0 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --enable-logging --log-level=0 --mojo-platform-channel-handle=1564 --field-trial-handle=1864,i,17451568041527885671,4168834154199579979,131072 /prefetch:2
      4⤵
      PID:1544
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --log-level=0 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --enable-logging --log-level=0 --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,17451568041527885671,4168834154199579979,131072 /prefetch:8
      4⤵
      PID:3680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --enable-logging --log-level=0 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --enable-logging --log-level=0 --mojo-platform-channel-handle=2152 --field-trial-handle=1864,i,17451568041527885671,4168834154199579979,131072 /prefetch:8
      4⤵
      PID:4948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --first-renderer-process --no-sandbox --disable-notifications --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-blink-features=AutomationControlled --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1864,i,17451568041527885671,4168834154199579979,131072 /prefetch:1
      4⤵
      PID:3176
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --no-sandbox --disable-notifications --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-blink-features=AutomationControlled --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1864,i,17451568041527885671,4168834154199579979,131072 /prefetch:1
      4⤵
      PID:4564
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --no-sandbox --disable-notifications --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-blink-features=AutomationControlled --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3840 --field-trial-handle=1864,i,17451568041527885671,4168834154199579979,131072 /prefetch:1
      4⤵
      PID:3008
- C:\Program Files (x86)\TikTokBot\selenium-manager\windows\selenium-manager.exe
  "C:\Program Files (x86)\TikTokBot\selenium-manager\windows\selenium-manager.exe" --browser "chrome" --language-binding csharp --output json
  2⤵
  - Executes dropped EXE
  PID:1408
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "wmic os get osarchitecture"
    3⤵
    PID:4148
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic os get osarchitecture
      4⤵
      PID:1304
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "chromedriver --version"
    3⤵
    PID:4004
  - - C:\Program Files (x86)\TikTokBot\chromedriver.exe
      chromedriver --version
      4⤵
      Executes dropped EXE
      PID:2288
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "where chromedriver"
    3⤵
    PID:2576
  - - C:\Windows\SysWOW64\where.exe
      where chromedriver
      4⤵
      PID:1992
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
    3⤵
    PID:3812
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
      4⤵
      PID:1500
- C:\Program Files (x86)\TikTokBot\chromedriver.exe
  "C:\Program Files (x86)\TikTokBot\chromedriver.exe" --port=50366
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-blink-features=AutomationControlled --disable-client-side-phishing-detection --disable-default-apps --disable-dev-shm-usage --disable-hang-monitor --disable-notifications --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-sandbox --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:1656
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ff979caab58,0x7ff979caab68,0x7ff979caab78
      4⤵
      PID:3176
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --enable-logging --log-level=0 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --enable-logging --log-level=0 --mojo-platform-channel-handle=1656 --field-trial-handle=2024,i,409817069991588838,4025218960318619842,131072 /prefetch:2
      4⤵
      PID:2452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --log-level=0 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --enable-logging --log-level=0 --mojo-platform-channel-handle=1816 --field-trial-handle=2024,i,409817069991588838,4025218960318619842,131072 /prefetch:8
      4⤵
      PID:1572
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --enable-logging --log-level=0 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --enable-logging --log-level=0 --mojo-platform-channel-handle=2160 --field-trial-handle=2024,i,409817069991588838,4025218960318619842,131072 /prefetch:8
      4⤵
      PID:5020
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --first-renderer-process --no-sandbox --disable-notifications --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-blink-features=AutomationControlled --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2756 --field-trial-handle=2024,i,409817069991588838,4025218960318619842,131072 /prefetch:1
      4⤵
      PID:2600
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --no-sandbox --disable-notifications --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-blink-features=AutomationControlled --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=2024,i,409817069991588838,4025218960318619842,131072 /prefetch:1
      4⤵
      PID:3740
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default" --no-sandbox --disable-notifications --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-blink-features=AutomationControlled --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3872 --field-trial-handle=2024,i,409817069991588838,4025218960318619842,131072 /prefetch:1
      4⤵
      PID:4888

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TikTokBot\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Program Files (x86)\TikTokBot\TikTokBot.exe

Filesize
671KB

MD5
bc2c0485cf7706255fb1eb7006e44ee9

SHA1
55ece39827541a5076df562c294e2c6a21e85491

SHA256
be8fda70e4357815ebbc0d5e57955a6e440069440927276de7a2975f48a7e564

SHA512
6e053f71d88fdb00883dd628743c773b5c933fe8c88b1a75f28973b7c9f8eb5fbbf4716ff3e63ed29d9e6f2433488176755871d06e3e679171d80f8601efc095

Download Submit
C:\Program Files (x86)\TikTokBot\TikTokBot.exe.config

Filesize
1KB

MD5
8a06f7f0f761724e0b07dd598533bf5e

SHA1
c3211bb381d2bb87e85bf7bf3224182c742fb44e

SHA256
b176bdcde91464259c08ad5419b891cdfe1120af4aed2124984a5cc603386fe5

SHA512
6ab0fba27d2b69429ce315f02332a3f67773e4aa3f16f225b9133243ed25836e4875280a88f86a208ad1bec8ba2170901bb39e499fb4ef09b78fdf5af49b441b

Download Submit
C:\Program Files (x86)\TikTokBot\TikTokBot.pdb

Filesize
261KB

MD5
9ef0fd42965c49b71d6468e64fdc08f2

SHA1
10c6e2834d62de46286a66ab6d3eb662a0a2aa8c

SHA256
b6a57783776c704f3a5018ea9d15d19938d0d2bd5e984476b4d9f128caa6b044

SHA512
572185423ae6c218d7d5cd82ed4ae9fa4d150070c7ae3f3637e703396108db796fbd0ef4499841219935cbf800418a7aec1e626a39ad35b3f2cfab719dc89115

Download Submit
C:\Program Files (x86)\TikTokBot\WebDriver.dll

Filesize
4.1MB

MD5
34dfb1b826ccd41e68b23e362e33255f

SHA1
0f283910d526977f07fef7e5fcc56e13367cf0e2

SHA256
79511ad3ac21235d7361e41b278bf2a9290b44cc22663b9c06c07be7ffe40ffb

SHA512
16a9808031b4020667d35f4898d073eac721e41054413bd80baa5062361c099f24d48bf5d1859cd5416367293b6cf5fb958719bf4b93a7bb7e1bcac0e375551e

Download Submit
C:\Program Files (x86)\TikTokBot\chromedriver.exe

Filesize
14.2MB

MD5
0e26d64da2787a21e5fb690b18cc85b6

SHA1
6b9c1f5bee2bfb7df3f42e8e887fbf365f23f36e

SHA256
8224892c5b1672ea04b4b72e64a032db9430f3ec26f4edef785774a9b3ed687a

SHA512
702c2e38933a3fbe4c156ae4bebd82759fd111cd025411b3f4b820b51326fa01cafaa6704ff5d8d1af280e7dce8aaf13b715beeba03aa097c0222daff86f8add

Download Submit
C:\Program Files (x86)\TikTokBot\emoji.txt

Filesize
347B

MD5
976136772aed1a8390ec7843cf14dec4

SHA1
ed817729f07283bc3dbfee06d781ca9078585b95

SHA256
4a67a1daea1b57e7ad33331f245a979473c24da1f51495f4c7a46a59dc981d34

SHA512
063f6186fcab32d8d9627096f01fac8bb2292a9f528f2f5f2b6556d77ad004b943ff6a195d2d21979432b19b437c301865dced5f8f005c91235e59d89f303fde

Download Submit
C:\Program Files (x86)\TikTokBot\selenium-manager\windows\selenium-manager.exe

Filesize
3.7MB

MD5
88de0f0da5cce2c9906966f9072aa9b0

SHA1
92454e96c117bd527b09d72a91ca4ec078f50464

SHA256
cb6e0b5ca072038e7626f77263c4b443b1f3e6c550cf3ebf09bf7d2c237a7389

SHA512
8f00b2b55a236ea376f93e6f203bcfbb2bd5434cd4d9af14ac6d3173e8c649a4bc2b0c935cb1f309c33782c0021b0278a7c1e081078ce8b0c17ba5c01f4db873

Download Submit
C:\Users\Admin\.cache\selenium\se-metadata.json

Filesize
199B

MD5
4b168bc7c209f9840cf9e69d9e781aed

SHA1
2b1dff8d42e07b2e6ec519e99f2468513c5489fa

SHA256
dae9d448f2491b8a26de41ccabb8cce112fede574abc80b08d15bf628f08a649

SHA512
de1b24396ebbcca829aa7e4c7ed177e15a6b1c300b6f0706d2e7b503ea6585a30565fda55afdf31849f8358c7c017b4d15b55f2b04711a68410171e377313edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0e230b94-cfe7-4f56-a740-83da83af17da.tmp

Filesize
7KB

MD5
6f97d8ed7cb9067ec12a0e0485420c0c

SHA1
b171a5ba953cf22822af0899500b504d379769b7

SHA256
3c46d049b0842289484902f7cec3b7a475b1e7aca36a1a5bbc6f743a0ba4c263

SHA512
5c9a8bb0fef950efde2343ecae6961339ef46b04c44194684391227e8fced9f669f8d2677b9e78afddb28f96189757078ad1c65b5fe120bb81efa86a488d1b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9d6a5772-0cc8-4c71-9c51-701baac2c7eb.tmp

Filesize
16KB

MD5
968145b30cff4d03bb8671f5e8ad5f8b

SHA1
67d7ab32b4285d94ad5264aa423578be5ed38b53

SHA256
c43001908e6a751cf84a305b9a284605cbf3bd86e93fc47560310fdfc3cdc7d9

SHA512
ed3f0dfae794b6abaa53fcbc394664b491ba8d671ea1a00cfdd0c050657c75ba42294042ee3de3af6972f91f00d050c414aa0080e6ef400d525b781571b6ceab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
335f1519e9cc96711e2aaa51717f6b49

SHA1
bb24cce3b7000cc427ac408b8f7bf6e656e8de67

SHA256
a6bd96676e4bd992a129dd30d95d24a833e2626e40e5b994da27989c78d9f4f7

SHA512
38a5f39779fd793faaa7f1c089efd263b0f2750b8863b7f3443ce9c264ecc60cf09d32e2b5eff25d2f0fa2e9176d8b9834a8dfc698dec3ae06e4302f4cb7d6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Crashpad\settings.dat

Filesize
40B

MD5
9574c1697d1ce0913ac861a675769034

SHA1
ffebd697512336afb765c4f50852f3b8759902e2

SHA256
9db345b0b849f7beb24b7b1df3d99254b0fcf4b1de59ffe5652411cc7d9dc790

SHA512
7f7c2be4c5cd89c33f8573268377c6dded15c0512c1153c383a22b80d645577e5396a330cf06e4fa316614aa954a0b14ae24ce9b90e9ebc70de01937ec731553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\8d62438b-90b0-4bc8-bcef-8302052bb4a3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\Preferences

Filesize
713B

MD5
e048a8596409adadfe3ff10db8e5efbb

SHA1
332d79dfb5c30c125c8b030caaf0b007b1b1af31

SHA256
e19cd56e347efca1cadfc1fd6875ef82b35631e5cb7f9b54aa4bb9ea71ff66b0

SHA512
1758879d426dcd224c06dfc32ba2930f453e52bf8b9a85c3149cab82ba4c19a6637d6a27ce605e8925c17352ba7eb93223fb7d1441cbfec8252569a08cb11f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DevToolsActivePort

Filesize
60B

MD5
301ef78003696e0c34656ae63ea3edd6

SHA1
90dd337fc3bda38c44e5c89c359e5449eaf6aceb

SHA256
58a29dd2daddc191a579252500acb939394223f1d04be31267eead59b1434f53

SHA512
9f0dc9207a9dc9168cc76884ddad11dc4e318b56b1540f5673c7ea7a358011630d0a341335f343454281fb3593cab107f5ae245440b3adc274b65cdef330d7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local State

Filesize
78B

MD5
8b61e917846ffa930e0cb308c1f1a026

SHA1
3d9e507a7a41e36a1c25659ad72a448368134fad

SHA256
bfe95ecd1ff945712f2697925858b4a50834f6b96d90ab230b448317fc602aeb

SHA512
244ceef0649f72c7371c96667cc829bfbf6c853d173d89a3f206b3384ca95f48f5d5a4defec7897d84a876336942308a9d3357db3ff56cb80c6d9aa1ce5b5fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local State

Filesize
902B

MD5
36cd311609b96fb329c1cabadfd30b62

SHA1
6112ea17f051d66c920397a1f177895e89fa252b

SHA256
7bdf974d2f53d241779d0df9e3512fbc8c80c7434d561b5e86f7b54dd16eb774

SHA512
18d30cc32fc0b6270b982988ddc35f753eb9f85a3484696916f99dad0bc04ba2c143ba61d164824a8f91bf6f000651b0fccb3ee515e393bc42c07d2e7df925a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
323a4599c7efbda3f2b589c4c8411139

SHA1
5687c905962ed7515b0dcfede7071e569d0b05e1

SHA256
05c0dab50187a81db0a204720088be5a7a087eab26816c7f038a15426e4ffda9

SHA512
0e50cbf4a1019ff11baeef0d0611567d23e1f7f7fed0b3334d4a7b1c9ba418f7ce53ebf6368eb277c819c57d27fd114f8b5e2ff5a20568e852d964b7e7e94ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e38f594a37845d7a9df95bc8a5ef9eb3

SHA1
fa314418b67a33c818f6d2dc614dcfb27f2fc1c6

SHA256
5e9b2dd8211831c2ccde4899c0ef000aee8fb8a0a41963594004c99b8294189c

SHA512
1fd3d89d9a5bb01b999a4fce92f5ad1851d62caeca3819188340f4af1caf5f9d7a113bc50f18345fc514ce1d82f340d8ab93838db04d8c854f9886d93204fc72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b0a74e2c696177c5b86c01553bd5cd2b

SHA1
78dba134e0807765eeeed9c256f0ef6ae3846ba5

SHA256
cc08cdb29a93c76833b41db5405f6337544dd1e9c79c1e76e1490f0e8eace8b0

SHA512
a5e20cd8638ef3b1e6dddf969a46b69c33736b09d7dc7d89537b3132b80c6113126764a83c85c69ba899d812a1cabec69796cbbca04c3f78cf9f667613d5bfb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
210ccb33aaa5fd6f552523db5a1d99b0

SHA1
cddacfa2c6f8258cea02afe643a1f651de54a893

SHA256
5e56f0358b04aa5b6e2d5990913c4d71a4a676e60f56200f4c0481e2c0834561

SHA512
4dcfa9b360fefa997463342d414221c226fdfc0808ce5ba75a753c3bef92ff1525ccc7a509122702bfbdd4e627cbd5f67e8fb2a6c4608b33f0d17a8337e5a454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2a1f1fbeee3908879f4ea5845cf37016

SHA1
22fb7d104bd377b475925bdfd5ca1ed3e886280e

SHA256
406095ecee0278434da0c8c84f0f7c2d5f8c32f235acb99e9faeb42166c74c3a

SHA512
a34ecb3a7da29e87b212233076867d7e335c150fb6420bbf4e772e4ca7c5fc1d6bf9e691983dfaf0d71961ec7df1265fcbcc6c150ecafa52be9df03e385f18ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
75661ea7a85532c63557496043030527

SHA1
4661d2f6d53afd3e20527db0f5bdc007183c94f5

SHA256
e008a91a2dc4c62e35447873af355e8223d6f60eb32db01874483098379f8b36

SHA512
f4a5719b0714447cfd380bde8d744501b6c12fe876fcc50d203da3666a9a090d9b614ae78ce8b15f78f29d7079698315c529bf6282b714b5192aa2bf3b722b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
533cbebd446a948caf204c143e4671c7

SHA1
f7c40acfc22dd7f895719edfb6e4d368634bf883

SHA256
aeba3fb9f58c595ac75af31490a3db06dea6eb4cb0de389754cdbe9fb5b639f0

SHA512
b0615150af3f5f113514b59145f3373349758a09a1a9c3a0a5a0963c611972f6ae6ba4ded5e85e982e307155e437ca06c3262a1be2ed068091f13692e3cce52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d588f1b8237c91b979f8d73257aef333

SHA1
22918fa73855e92a2029c2722b694c4dea0a36d1

SHA256
6c70e5e9512dc701cd607dca0d8a22f2daea766030cb0c54d8a280793d057c0d

SHA512
6230be809c82b014b02b21f4687192013532bcbb032cb3c17eec1d09abcf188dfebd23d06304e51839a3b2f171862911b943332302f8717fad13380d0df00327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
418308b35f15f08ac5e5736ce0d48f73

SHA1
efb383819bce98cdaa2898c98e3ec94fcb55c952

SHA256
b89220f1034b9439bcbad1e34f5231047444b2628f89bce03ce31ee2a2802678

SHA512
f6f01c006e9e1e437176ea232a550076207a649e367cb29b3bade5cfd232c2822ae580e6c26e8278b093fe64de9865043e296e5d78a32e6b6787a5ef0029475f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d6cfd6d1d80f781b451be22db8a67e9f

SHA1
7e2d4ca78d40120461813978b0dfa15572892df3

SHA256
0f43856462e49c6cb67f0c3bf98d013fbbedd204bd8e27b0b33fd78b2b123a2a

SHA512
bb65ce4fe5b50d934a7e485e0aa860c327c35d009bae8207d32f22ef5d210c154d05bede7d5c36404da81a3e860bab66ed30f5964bbfd6eb27f03191bd19bcc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
15295d39a91a363ee1cf352519b9cbb6

SHA1
b86f27f3e9526c38820060ea5a7c5989a4cc1533

SHA256
40a6722ce0e162fd0d765a52bf065746794eadb100b58cdfb17335b61cfda122

SHA512
8907ee255c5bdfa52df33dc9f4f246d33e3ef506400ea87eb2801586dc7daf641d25e5872dd9b671f65fb4a2eb52c54b1a584815635330dc5189d3ab38a0fb39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
3d37a34312756c954be95befc73b6634

SHA1
63eded8008ff9ea5f661b40e0d901a984bfe1750

SHA256
2b8cbe120338113bdbbd7a3ac57df39ccc65f67c61eea7dbe795189f0273ae44

SHA512
4084f6863900345d7e8e04042abfa2c92aba9c86140a45b2a98a831d503b67661967ce406871e219820cb4f359d92c964772563449c3e4c29510b1e23815375f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
aee8b287d79793a90a4f1463ada5e77f

SHA1
dbdf5ae818463be6c2772d344e0f98b38f5fdf2b

SHA256
a34c8d71f3967ddb613e22c030c511fe1d8ed455562a5ffd0dfe23d2b77a4406

SHA512
08e6a741658ef753d69787db6c104e018364a440cb4fc51dcfb46b38f5ce21911ac5893713577c0110ba60d5f96984736ee6e939ac5977b53d8e1dd72842674c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594ada.TMP

Filesize
83KB

MD5
d39045f28c12d18be15ab467fd210de4

SHA1
f7f3e849832668e95deaa9b96f09adb049aa41f4

SHA256
64c48ccf225cf32f11116924b0f46a2b88c36d4ff87b94d15eb37b2f0ace6b09

SHA512
997866d553e0807706a0ea39e7ae57a25168a6fecbe56147c1a1e2f5246947698c63431b59e83a05b42b09a7c70190549ba2e2f28387fded64bb36e9024124bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MADARA.exe.log

Filesize
1KB

MD5
ac45cc773216001c355992d869450b47

SHA1
1f19c3839b521e1bf1ec7928f32f45234f38ea40

SHA256
c9c03abe98c496376975747c9b617f5f6e1b50aec09aa8be31aa24e81254901f

SHA512
3d73620a59089bc05d60ae07f0811ddacd1661599eca096cd9927813f86dc9cebac1de221691373601c743250694de43e408a9e607e813fb28260b1509f84574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TikTokBot.exe.log

Filesize
1KB

MD5
20581def232b8793068f7021429068d0

SHA1
543c5c8af44b618efcb2a907042d178f564dab34

SHA256
02264f7043f400e74b6e2df03b2e4aa9ff962bf1b2e7e51ab981f1b4652089e4

SHA512
48d4a1756b3e75b3556d67d61bac84c7d0df0a4c4e318e590a3d2e6a9fe6ab85b16dd4f57c95f6cbfdcb19782c9eead4cc900b7a8c4818d4c11ba5a4a71fda1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K3NFN.tmp\TikTokBot.tmp

Filesize
2.9MB

MD5
24cdc44c1c0e9a311198314b62f9e7b1

SHA1
f4c14b6cc3be1d49d9ec4ad1579e361621007b87

SHA256
dce127d0a6542fa1f916b64a16a69462810686d1f9a28fe37831eba715430cde

SHA512
4913b43d9a5855d98ebd06d8c73c1c731f59fed4e25b8989aeee3f5b660119f95335f2089e9ccd81d83b1ad65324ea2826fe0fa520f1eef96a56132050c9f0e2

Download Submit
C:\Users\Admin\AppData\Roaming\Instabot\reg.dat

Filesize
286B

MD5
f2b447a7dcd22eea609e07ee7f4ec4cd

SHA1
844dc6098090f7bb1d10002ee89581c0c2a501aa

SHA256
950a2de402605713475615acf8f02396df0eb547bbf4ae245f3627c0d3479cd1

SHA512
f7044b82a0ab248cd939ecf3eebdf0bd2dfb85ff0554443c326f6cfc86ec811f2b2f5601277ca81018af46333a719c1259c94dce500a9bbaf3fff173f120721a

Download Submit
C:\Users\Admin\AppData\Roaming\Instabot\reg.dat

Filesize
286B

MD5
ff76498b982788b743e74e66082f7af5

SHA1
d9c805e34143843e35b71eb7a2fb444d4cc5face

SHA256
b1aabfab442e2a01419c4b5f8419c849a45e05b1a2a0bce2cdc7881f2af53ac4

SHA512
a24e365d18016af7bdaa45df8dd9cd8885976026d923c1d9ef9bb77f1a6514f1301866ab9020b3f6c35c8c3e0dcb68cd19e60d9a66e61c9a3df4ba608c822972

Download Submit
C:\Users\Admin\Downloads\TikTokBotPro3.1.0.zip

Filesize
13.2MB

MD5
8e11d318526b247e18b556b822d51ce3

SHA1
e9674ab14ec145670d5816e89d0d67a69917d596

SHA256
84aa684e31ba3821e4264c64b9022f96b3086dad7da4ed0df103c2a12a93afa3

SHA512
2985c9bc0329699c14625c3357a00310f5e23ad91febfcf079772e84aa35633e3b2226f9f0cf44b216359798c2cd5a4c34d0022defd81c5fd65fd6105f868025

Download Submit
C:\Users\Admin\Downloads\TikTokBotPro3.1.0.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1012-348-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1116-420-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1840-438-0x0000000009F30000-0x0000000009F38000-memory.dmp

Filesize
32KB

Download
memory/1840-454-0x000000000A1D0000-0x000000000A1F2000-memory.dmp

Filesize
136KB

Download
memory/1840-455-0x000000000A720000-0x000000000AA77000-memory.dmp

Filesize
3.3MB

Download
memory/1840-442-0x0000000009FF0000-0x000000000A0A0000-memory.dmp

Filesize
704KB

Download
memory/3100-415-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3100-422-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3712-342-0x00000000004D0000-0x000000000057E000-memory.dmp

Filesize
696KB

Download
memory/3712-375-0x0000000009E60000-0x0000000009E7A000-memory.dmp

Filesize
104KB

Download
memory/3712-374-0x000000000BDE0000-0x000000000C200000-memory.dmp

Filesize
4.1MB

Download
memory/3876-5-0x00000000054A0000-0x00000000054AA000-memory.dmp

Filesize
40KB

Download
memory/3876-3-0x00000000054D0000-0x0000000005562000-memory.dmp

Filesize
584KB

Download
memory/3876-2-0x00000000059E0000-0x0000000005F86000-memory.dmp

Filesize
5.6MB

Download
memory/3876-9-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/3876-1-0x0000000074600000-0x0000000074DB1000-memory.dmp

Filesize
7.7MB

Download
memory/3876-8-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/3876-7-0x0000000074600000-0x0000000074DB1000-memory.dmp

Filesize
7.7MB

Download
memory/3876-6-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/3876-12-0x0000000074600000-0x0000000074DB1000-memory.dmp

Filesize
7.7MB

Download
memory/3876-4-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/3876-0-0x00000000009C0000-0x00000000009D4000-memory.dmp

Filesize
80KB

Download
memory/4200-349-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4200-345-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4200-275-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download