49c700e7c9dfa01c6f46cbb4e65df276180f7d34a1b6272de1d796d97f58e8e7

Analysis

max time kernel
231s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tiktok_live_studio-v0.62.2-win32-x64.exe
Size

388.0MB
MD5

c73d6251b48cc17452b39c0756b95c7b
SHA1

5438b09a2e95322a512e96cac9fb8a78432f54e3
SHA256

49c700e7c9dfa01c6f46cbb4e65df276180f7d34a1b6272de1d796d97f58e8e7
SHA512

d9864fcf96b5865655a116de9b28983ab429dd69d57e193d06651b46a9ccfeb907fc0dea48f91731da07463a2dc86e9a1111a9c0bfd38f272ffd6c9635a7b593
SSDEEP

6291456:uYE1yN6mQGd78K9j+XlpjaFdEPgy/NTgJd9i6gf1VYYYM8kRe7t1297cNr:+s6m7dIqjEEFQgd3MfHYYYMc7t129ANr

Score

5^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	TikTok LIVE Studio.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	tiktok_live_studio-v0.62.2-win32-x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	tiktok_live_studio-v0.62.2-win32-x64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\img_112.784cd645.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\img_119.0805b283.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\img_live-goal-pin-intro.745645da.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\monetization-tips-area-example.42245ebd.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\magic_mist_img_103.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\bin\x64\dbghelp.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\5511.1784b770.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\9666.50ed337f.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\crit_card_in_img_54.f1b098f2.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\crit_card_in_img_60.9daff72d.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\f02e738a83c675cf0375135d0404a03b\AmazingFeature\xshader\fdx.frag	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\bin\x64\api-ms-win-core-libraryloader-l1-1-0.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\concrt140.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\open source notice.txt	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\libeffect\pthreadVC2.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\css\browser.713ee161.css	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\gift\6427\AmazingFeature\LuaRTTI.MarkGen.lua	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\api-ms-win-core-file-l1-2-0.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\cross.cur	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\buff-baoji_00036.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\matting_segment\AmazingFeature\xshader\bloom.xshader	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\wired\libimobiledevice.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\618.af02c655.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_46.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\img_131.46ea8028.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\7825d842bc0c698b3f46ec4fa49b3f17\AmazingFeature\material\surblur2.material	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\cover-media.5f38cb9c.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\gift\6427\AmazingFeature\xshader\hooqaixw_1649667505.xshader	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\model\ttfaceattrmodel\tt_face_attribute_exp_v1.0.model	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\crit_card_in_img_52.17edc8a0.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\7825d842bc0c698b3f46ec4fa49b3f17\AmazingFeature\material\makeup.material	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\liveinfo.c9a845cf.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\magic_mist_in_img_66.a5f87119.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\__META-INF__\Common.Build-20240726T1020976.node	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\gift\6104\AmazingFeature\lua\CGFaceDetection.lua	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\vcredist\vc_redist_x64.exe	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\2267.588d3275.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\audioEditor.584d4275.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\NRG_ST_23-1_Comp_1_00115.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\7825d842bc0c698b3f46ec4fa49b3f17\AmazingFeature\xshader\surblurX.vert	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\NRG_ST_23-1_Comp_1_00117.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\match_draw_draw-mouth.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\match_win_win-L-eye-shadow.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\crit_card_in_img_61.9fa9bec5.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File opened for modification	C:\Program Files\TikTok LIVE Studio\0.62.2\debug.log	TikTok LIVE Studio.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\7825d842bc0c698b3f46ec4fa49b3f17\AmazingFeature\xshader\mask.vert	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\buff-baoji_00012.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\LiveStudioVulkanLayer64.json	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\effect\f02e738a83c675cf0375135d0404a03b\AmazingFeature\scene.config	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\magic_mist_in_img_106.44cbfec6.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\magic_mist_in_img_75.4e1157e8.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_4.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\match_lose_lose-R-eye.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\icon_treasure_box.fea15c00.svg	tiktok_live_studio-v0.62.2-win32-x64.exe
File opened for modification	C:\Program Files\TikTok LIVE Studio\0.62.2\debug.log	TikTok LIVE Studio.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\501.44895a5c.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\runtime-inAppWebview.492633fe.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\crit_card_in_img_13.19d456da.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\gift\6427\AmazingFeature\image\jjqabocg1649750775goacdttd_1649742784.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\glove.7015bf53.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\bin\x64\api-ms-win-core-processthreads-l1-1-0.dll	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\2252.79ace446.js	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\coin_08_24-3015.png	tiktok_live_studio-v0.62.2-win32-x64.exe
File created	C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\magic_mist_img_108.png	tiktok_live_studio-v0.62.2-win32-x64.exe

Executes dropped EXE 30 IoCs

pid	Process
2968	elevation_service.exe
1300	TikTok LIVE Studio Launcher.exe
2780	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4552	TikTok LIVE Studio.exe
4920	TikTok LIVE Studio.exe
1304	TikTok LIVE Studio.exe
4004	TikTok LIVE Studio.exe
2284	TikTok LIVE Studio.exe
768	TikTok LIVE Studio.exe
4792	TikTok LIVE Studio.exe
3068	TikTok LIVE Studio.exe
992	TikTok LIVE Studio.exe
2932	TikTok LIVE Studio.exe
1492	MediaSDK_Server.exe
5204	parfait_crash_handler.exe
5320	amftest.exe
5328	qsvtest.exe
5352	nvtest.exe
5768	GPUDetect.exe
6620	MediaSDK_Server.exe
5644	parfait_crash_handler.exe
4912	qsvtest.exe
3372	amftest.exe
2172	nvtest.exe
4124	GPUDetect.exe
5520	TikTok LIVE Studio.exe
4364	TikTok LIVE Studio.exe
5944	TikTok LIVE Studio.exe

Loads dropped DLL 64 IoCs

pid	Process
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4552	TikTok LIVE Studio.exe
4552	TikTok LIVE Studio.exe
4552	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4844	TikTok LIVE Studio.exe
4920	TikTok LIVE Studio.exe
1304	TikTok LIVE Studio.exe
4920	TikTok LIVE Studio.exe
4920	TikTok LIVE Studio.exe
1304	TikTok LIVE Studio.exe
1304	TikTok LIVE Studio.exe
4004	TikTok LIVE Studio.exe
4004	TikTok LIVE Studio.exe
4004	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2284	TikTok LIVE Studio.exe
2284	TikTok LIVE Studio.exe
2284	TikTok LIVE Studio.exe
768	TikTok LIVE Studio.exe
768	TikTok LIVE Studio.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TikTok LIVE Studio Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tiktok_live_studio-v0.62.2-win32-x64.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MediaSDK_Server.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MediaSDK_Server.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MediaSDK_Server.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MediaSDK_Server.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MediaSDK_Server.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MediaSDK_Server.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\1.0\0	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{63C34537-A073-440B-A889-8BFDCCE724F3}	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{63C34537-A073-440B-A889-8BFDCCE724F3}	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{63C34537-A073-440B-A889-8BFDCCE724F3}\LocalService = "AppShellElevationService"	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\TypeLib	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\TypeLib\ = "{9610CC02-0135-4554-BBA1-BA39A5673F4D}"	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\TypeLib\Version = "1.0"	elevation_service.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\LSVCam	MediaSDK_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63C34537-A073-440B-A889-8BFDCCE724F3}\AppID = "{63C34537-A073-440B-A889-8BFDCCE724F3}"	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\1.0	elevation_service.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\InprocServer32	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam\CLSID = "{BA80C4AD-8AED-4A61-B434-481D46216E45}"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\1.0\0\win32	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\1.0\0\win32\ = "C:\\Program Files\\TikTok LIVE Studio\\0.62.2\\elevation_service.exe"	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\1.0\0\win64	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam\FriendlyName = "LSVCam"	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\InprocServer32\ = "C:\\Program Files\\TikTok LIVE Studio\\0.62.2\\resources\\app\\electron\\sdk\\lib\\LSVCam.dll"	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\InprocServer32\ = "C:\\Program Files\\TikTok LIVE Studio\\0.62.2\\resources\\app\\electron\\sdk\\lib\\LSVCam.dll"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\LSVCam	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	MediaSDK_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\ = "LSVCam"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\InprocServer32	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam\CLSID = "{BA80C4AD-8AED-4A61-B434-481D46216E45}"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{9610CC02-0135-4554-BBA1-BA39A5673F4D}	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\1.0\0\win64\ = "C:\\Program Files\\TikTok LIVE Studio\\0.62.2\\elevation_service.exe"	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\InprocServer32\ThreadingModel = "Both"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID	elevation_service.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\ = "LSVCam"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance	MediaSDK_Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\LSVCam\FriendlyName = "LSVCam"	MediaSDK_Server.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{9610CC02-0135-4554-BBA1-BA39A5673F4D}\ProxyStubClsid32	elevation_service.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib	elevation_service.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA80C4AD-8AED-4A61-B434-481D46216E45}\InprocServer32\ThreadingModel = "Both"	MediaSDK_Server.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	TikTok LIVE Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	TikTok LIVE Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	TikTok LIVE Studio.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
3140	tiktok_live_studio-v0.62.2-win32-x64.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
4344	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
4552	TikTok LIVE Studio.exe
4552	TikTok LIVE Studio.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
6504	msedge.exe
6504	msedge.exe
6604	msedge.exe
6604	msedge.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
5656	taskmgr.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1492	wmic.exe
Token: SeSecurityPrivilege	1492	wmic.exe
Token: SeTakeOwnershipPrivilege	1492	wmic.exe
Token: SeLoadDriverPrivilege	1492	wmic.exe
Token: SeSystemProfilePrivilege	1492	wmic.exe
Token: SeSystemtimePrivilege	1492	wmic.exe
Token: SeProfSingleProcessPrivilege	1492	wmic.exe
Token: SeIncBasePriorityPrivilege	1492	wmic.exe
Token: SeCreatePagefilePrivilege	1492	wmic.exe
Token: SeBackupPrivilege	1492	wmic.exe
Token: SeRestorePrivilege	1492	wmic.exe
Token: SeShutdownPrivilege	1492	wmic.exe
Token: SeDebugPrivilege	1492	wmic.exe
Token: SeSystemEnvironmentPrivilege	1492	wmic.exe
Token: SeRemoteShutdownPrivilege	1492	wmic.exe
Token: SeUndockPrivilege	1492	wmic.exe
Token: SeManageVolumePrivilege	1492	wmic.exe
Token: 33	1492	wmic.exe
Token: 34	1492	wmic.exe
Token: 35	1492	wmic.exe
Token: 36	1492	wmic.exe
Token: SeIncreaseQuotaPrivilege	1508	wmic.exe
Token: SeSecurityPrivilege	1508	wmic.exe
Token: SeTakeOwnershipPrivilege	1508	wmic.exe
Token: SeLoadDriverPrivilege	1508	wmic.exe
Token: SeSystemProfilePrivilege	1508	wmic.exe
Token: SeSystemtimePrivilege	1508	wmic.exe
Token: SeProfSingleProcessPrivilege	1508	wmic.exe
Token: SeIncBasePriorityPrivilege	1508	wmic.exe
Token: SeCreatePagefilePrivilege	1508	wmic.exe
Token: SeBackupPrivilege	1508	wmic.exe
Token: SeRestorePrivilege	1508	wmic.exe
Token: SeShutdownPrivilege	1508	wmic.exe
Token: SeDebugPrivilege	1508	wmic.exe
Token: SeSystemEnvironmentPrivilege	1508	wmic.exe
Token: SeRemoteShutdownPrivilege	1508	wmic.exe
Token: SeUndockPrivilege	1508	wmic.exe
Token: SeManageVolumePrivilege	1508	wmic.exe
Token: 33	1508	wmic.exe
Token: 34	1508	wmic.exe
Token: 35	1508	wmic.exe
Token: 36	1508	wmic.exe
Token: SeIncreaseQuotaPrivilege	1492	wmic.exe
Token: SeSecurityPrivilege	1492	wmic.exe
Token: SeTakeOwnershipPrivilege	1492	wmic.exe
Token: SeLoadDriverPrivilege	1492	wmic.exe
Token: SeSystemProfilePrivilege	1492	wmic.exe
Token: SeSystemtimePrivilege	1492	wmic.exe
Token: SeProfSingleProcessPrivilege	1492	wmic.exe
Token: SeIncBasePriorityPrivilege	1492	wmic.exe
Token: SeCreatePagefilePrivilege	1492	wmic.exe
Token: SeBackupPrivilege	1492	wmic.exe
Token: SeRestorePrivilege	1492	wmic.exe
Token: SeShutdownPrivilege	1492	wmic.exe
Token: SeDebugPrivilege	1492	wmic.exe
Token: SeSystemEnvironmentPrivilege	1492	wmic.exe
Token: SeRemoteShutdownPrivilege	1492	wmic.exe
Token: SeUndockPrivilege	1492	wmic.exe
Token: SeManageVolumePrivilege	1492	wmic.exe
Token: 33	1492	wmic.exe
Token: 34	1492	wmic.exe
Token: 35	1492	wmic.exe
Token: 36	1492	wmic.exe
Token: SeIncreaseQuotaPrivilege	1508	wmic.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe
5656	taskmgr.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4344	TikTok LIVE Studio.exe
2780	TikTok LIVE Studio.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
1492	MediaSDK_Server.exe
5768	GPUDetect.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
6620	MediaSDK_Server.exe
4124	GPUDetect.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 2968	3140	tiktok_live_studio-v0.62.2-win32-x64.exe	89
PID 3140 wrote to memory of 2968	3140	tiktok_live_studio-v0.62.2-win32-x64.exe	89
PID 1300 wrote to memory of 2780	1300	TikTok LIVE Studio Launcher.exe	93
PID 1300 wrote to memory of 2780	1300	TikTok LIVE Studio Launcher.exe	93
PID 2780 wrote to memory of 4344	2780	TikTok LIVE Studio.exe	94
PID 2780 wrote to memory of 4344	2780	TikTok LIVE Studio.exe	94
PID 2780 wrote to memory of 4844	2780	TikTok LIVE Studio.exe	95
PID 2780 wrote to memory of 4844	2780	TikTok LIVE Studio.exe	95
PID 2780 wrote to memory of 4552	2780	TikTok LIVE Studio.exe	96
PID 2780 wrote to memory of 4552	2780	TikTok LIVE Studio.exe	96
PID 2780 wrote to memory of 4920	2780	TikTok LIVE Studio.exe	97
PID 2780 wrote to memory of 4920	2780	TikTok LIVE Studio.exe	97
PID 2780 wrote to memory of 1304	2780	TikTok LIVE Studio.exe	98
PID 2780 wrote to memory of 1304	2780	TikTok LIVE Studio.exe	98
PID 2780 wrote to memory of 1492	2780	TikTok LIVE Studio.exe	123
PID 2780 wrote to memory of 1492	2780	TikTok LIVE Studio.exe	123
PID 2780 wrote to memory of 1508	2780	TikTok LIVE Studio.exe	100
PID 2780 wrote to memory of 1508	2780	TikTok LIVE Studio.exe	100
PID 2780 wrote to memory of 2044	2780	TikTok LIVE Studio.exe	103
PID 2780 wrote to memory of 2044	2780	TikTok LIVE Studio.exe	103
PID 2780 wrote to memory of 2224	2780	TikTok LIVE Studio.exe	104
PID 2780 wrote to memory of 2224	2780	TikTok LIVE Studio.exe	104
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4004	2780	TikTok LIVE Studio.exe	107
PID 2780 wrote to memory of 4884	2780	TikTok LIVE Studio.exe	108
PID 2780 wrote to memory of 4884	2780	TikTok LIVE Studio.exe	108
PID 2780 wrote to memory of 3760	2780	TikTok LIVE Studio.exe	109

C:\Users\Admin\AppData\Local\Temp\tiktok_live_studio-v0.62.2-win32-x64.exe
"C:\Users\Admin\AppData\Local\Temp\tiktok_live_studio-v0.62.2-win32-x64.exe"
1⤵
- Checks system information in the registry
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files\TikTok LIVE Studio\0.62.2\elevation_service.exe
  "C:\Program Files\TikTok LIVE Studio\0.62.2\elevation_service.exe" --install
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:2968

C:\Program Files\TikTok LIVE Studio\TikTok LIVE Studio Launcher.exe
"C:\Program Files\TikTok LIVE Studio\TikTok LIVE Studio Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
  "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --splash
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4344
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=gpu-process --disable-color-correct-rendering --disable-gpu-sandbox --force_high_performance_gpu --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1848 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4844
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --mojo-platform-channel-handle=2056 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4552
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --first-renderer-process --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2488 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=sdk /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4920
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2644 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=WIN_MAIN /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1304
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get /value
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1492
- - C:\Windows\System32\Wbem\wmic.exe
    wmic diskdrive get SerialNumber /value
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1508
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get /value
    3⤵
    PID:2044
- - C:\Windows\System32\Wbem\wmic.exe
    wmic diskdrive get SerialNumber /value
    3⤵
    PID:2224
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --mojo-platform-channel-handle=3696 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --tt-crash-reporter=0000000000000E98 /prefetch:8
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4004
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get /value
    3⤵
    PID:4884
- - C:\Windows\System32\Wbem\wmic.exe
    wmic diskdrive get SerialNumber /value
    3⤵
    PID:3760
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get /value
    3⤵
    PID:1196
- - C:\Windows\System32\Wbem\wmic.exe
    wmic diskdrive get SerialNumber /value
    3⤵
    PID:532
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5028 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=serviceWindow --logs="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs" --appData="C:\Users\Admin\AppData\Roaming" --userData="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --videos="C:\Users\Admin\Videos" --home="C:\Users\Admin" --exe="C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --pictures="C:\Users\Admin\Pictures" --temp="C:\Users\Admin\AppData\Local\Temp" --version=0.62.2 --create_time=1722548634990 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2284
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5048 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=WIN_POPUP /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:768
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=WIN_MODAL /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4792
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5156 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:3068
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5192 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=WIN_LIVE_CHAT_FLOAT /prefetch:1
    3⤵
    - Checks computer location settings
    - Drops file in Program Files directory
    - Executes dropped EXE
    PID:992
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3692 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --processId=WIN_POPUP_MULTI /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2932
- - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\MediaSDK_Server.exe
    \\?\C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\MediaSDK_Server.exe dQBzAGUAXwBwAGEAcgBmAGEAaQB0AGwAbwBnAA==:dAByAHUAZQA= YQBpAGQA:MgAwADIAMQA= ZABpAGQA:MAA= dQBpAGQA:MAA= aABvAHMAdAA=:aAB0AHQAcABzADoALwAvAHAAYwAtAG0AbwBuAC0AdgBhAC4AYgB5AHQAZQBvAHYAZQByAHMAZQBhAC4AYwBvAG0ALwA= dQByAGwA: cgBlAHAAbwByAHQAXwBpAG4AdABlAHIAdgBhAGwA:MwAwADAAMAAwAA== cABhAHIAZgBhAGkAdABfAGQAbABsAF8AcgBvAG8AdABfAHAAYQB0AGgA:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIA bABvAGcAXwByAGUAcABvAHIAdABlAHIAXwB0AHkAcABlAA==:bQBlAGQAaQBhAHMAZABrAF8AbABvAGcA bwBzAHYAZQByAHMAaQBvAG4A:MQAwAC4AMAAuADEAOQAwADQAMQA= aQBzAF8AbwB2AGUAcgBzAGUAYQA=:dAByAHUAZQA= cABhAHIAZgBhAGkAdABfAGMAcgBhAHMAaAA=:dAByAHUAZQA= cwBlAHIAdgBlAHIATABvAGcARgBpAGwAZQA=:QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABUAGkAawBUAG8AawAgAEwASQBWAEUAIABTAHQAdQBkAGkAbwBcAGwAbwBnAHMAXAAwAC4ANgAyAC4AMgAtADIAMAAyADQALQAwADgALQAwADEAXwAyADEAXwA0ADMAXwA1ADUALQBzAGUAcgB2AGUAcgAuAHQAeAB0AA== cwBlAHIAdgBlAHIARAB1AG0AcABGAGkAbABlAA==:QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABUAGkAawBUAG8AawAgAEwASQBWAEUAIABTAHQAdQBkAGkAbwBcAGwAbwBnAHMAXAAwAC4ANgAyAC4AMgAtADIAMAAyADQALQAwADgALQAwADEAXwAyADEAXwA0ADMAXwA1ADUALQBzAGUAcgB2AGUAcgAuAGQAbQBwAA== cgBlAHMAbwB1AHIAYwBlAF8AZABpAHIAZQBjAHQAbwByAHkA:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIAXAByAGUAcwBvAHUAcgBjAGUAcwBcAGEAcABwAFwAZQBsAGUAYwB0AHIAbwBuAFwAcwBkAGsAXABsAGkAYgA= aQBuAHMAdABhAGwAbABfAGQAaQByAGUAYwB0AG8AcgB5AA==:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIA cAByAG8AYwBlAHMAcwBfAGkAZAA=:MgA3ADgAMAA= ZQBuAGEAYgBsAGUAXwBJAE0ARQA=:ZgBhAGwAcwBlAA== dQBzAGUAXwBjAHIAYQBzAGgAcABhAGQA:dAByAHUAZQA= YwByAGEAcwBoAHAAYQBkAF8AdQByAGwA: dwBvAHIAawBfAGQAaQByAGUAYwB0AG8AcgB5AA==:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIAXAByAGUAcwBvAHUAcgBjAGUAcwBcAGEAcABwAFwAZQBsAGUAYwB0AHIAbwBuAFwAcwBkAGsAXABsAGkAYgA=
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\parfait_crash_handler.exe
      "C:\Program Files\TikTok LIVE Studio\0.62.2\parfait_crash_handler.exe" "--database=C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\parfaitlog\meidasdk_server\\" "--metrics-dir=C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\parfaitlog\meidasdk_server\\" --annotation=enable_crash_event=false --annotation=execute-if-childprocess-crash=false --annotation=is_debug=false --annotation=main_pid=1492 "--annotation=os_version=Windows NT 10.0.19041" --annotation=parfait_version=1.4.4.0 --annotation=posthandler-copy-dir= --annotation=posthandler-process-path= --annotation=posthandler-wait-result=false --annotation=posthandler-wait-timeout=120 --initial-client-data=0x58c,0x590,0x594,0x550,0x59c,0x7ff95fcd62c0,0x7ff95fcd62d8,0x7ff95fcd62f0
      4⤵
      Executes dropped EXE
      PID:5204
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\amftest.exe
      C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\amftest.exe
      4⤵
      Executes dropped EXE
      PID:5320
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\qsvtest.exe
      C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\qsvtest.exe
      4⤵
      Executes dropped EXE
      PID:5328
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\nvtest.exe
      C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\nvtest.exe
      4⤵
      Executes dropped EXE
      PID:5352
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\GPUDetect.exe
      "C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\GPUDetect.exe" "NVIDIA GeForce RTX 3060 Ti" {322A6312-691E-4BE1-AA15-6D5C5A9BE450}_CHECK {322A6312-691E-4BE1-AA15-6D5C5A9BE450}_DEV_LOST {322A6312-691E-4BE1-AA15-6D5C5A9BE450}_SERVER_ALIVE
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5768
- - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\MediaSDK_Server.exe
    \\?\C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\MediaSDK_Server.exe dQBzAGUAXwBwAGEAcgBmAGEAaQB0AGwAbwBnAA==:dAByAHUAZQA= YQBpAGQA:MgAwADIAMQA= ZABpAGQA:MAA= dQBpAGQA:MAA= aABvAHMAdAA=:aAB0AHQAcABzADoALwAvAHAAYwAtAG0AbwBuAC0AdgBhAC4AYgB5AHQAZQBvAHYAZQByAHMAZQBhAC4AYwBvAG0ALwA= dQByAGwA: cgBlAHAAbwByAHQAXwBpAG4AdABlAHIAdgBhAGwA:MwAwADAAMAAwAA== cABhAHIAZgBhAGkAdABfAGQAbABsAF8AcgBvAG8AdABfAHAAYQB0AGgA:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIA bABvAGcAXwByAGUAcABvAHIAdABlAHIAXwB0AHkAcABlAA==:bQBlAGQAaQBhAHMAZABrAF8AbABvAGcA bwBzAHYAZQByAHMAaQBvAG4A:MQAwAC4AMAAuADEAOQAwADQAMQA= aQBzAF8AbwB2AGUAcgBzAGUAYQA=:dAByAHUAZQA= cABhAHIAZgBhAGkAdABfAGMAcgBhAHMAaAA=:dAByAHUAZQA= cwBlAHIAdgBlAHIATABvAGcARgBpAGwAZQA=:QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABUAGkAawBUAG8AawAgAEwASQBWAEUAIABTAHQAdQBkAGkAbwBcAGwAbwBnAHMAXAAwAC4ANgAyAC4AMgAtADIAMAAyADQALQAwADgALQAwADEAXwAyADEAXwA0ADUAXwAxADUALQBzAGUAcgB2AGUAcgAuAHQAeAB0AA== cwBlAHIAdgBlAHIARAB1AG0AcABGAGkAbABlAA==:QwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABUAGkAawBUAG8AawAgAEwASQBWAEUAIABTAHQAdQBkAGkAbwBcAGwAbwBnAHMAXAAwAC4ANgAyAC4AMgAtADIAMAAyADQALQAwADgALQAwADEAXwAyADEAXwA0ADUAXwAxADUALQBzAGUAcgB2AGUAcgAuAGQAbQBwAA== cgBlAHMAbwB1AHIAYwBlAF8AZABpAHIAZQBjAHQAbwByAHkA:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIAXAByAGUAcwBvAHUAcgBjAGUAcwBcAGEAcABwAFwAZQBsAGUAYwB0AHIAbwBuAFwAcwBkAGsAXABsAGkAYgA= aQBuAHMAdABhAGwAbABfAGQAaQByAGUAYwB0AG8AcgB5AA==:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIA cAByAG8AYwBlAHMAcwBfAGkAZAA=:MgA3ADgAMAA= ZQBuAGEAYgBsAGUAXwBJAE0ARQA=:ZgBhAGwAcwBlAA== dQBzAGUAXwBjAHIAYQBzAGgAcABhAGQA:dAByAHUAZQA= YwByAGEAcwBoAHAAYQBkAF8AdQByAGwA: dwBvAHIAawBfAGQAaQByAGUAYwB0AG8AcgB5AA==:QwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFQAaQBrAFQAbwBrACAATABJAFYARQAgAFMAdAB1AGQAaQBvAFwAMAAuADYAMgAuADIAXAByAGUAcwBvAHUAcgBjAGUAcwBcAGEAcABwAFwAZQBsAGUAYwB0AHIAbwBuAFwAcwBkAGsAXABsAGkAYgA=
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:6620
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\parfait_crash_handler.exe
      "C:\Program Files\TikTok LIVE Studio\0.62.2\parfait_crash_handler.exe" "--database=C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\parfaitlog\meidasdk_server\\" "--metrics-dir=C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\parfaitlog\meidasdk_server\\" --annotation=enable_crash_event=false --annotation=execute-if-childprocess-crash=false --annotation=is_debug=false --annotation=main_pid=6620 "--annotation=os_version=Windows NT 10.0.19041" --annotation=parfait_version=1.4.4.0 --annotation=posthandler-copy-dir= --annotation=posthandler-process-path= --annotation=posthandler-wait-result=false --annotation=posthandler-wait-timeout=120 --initial-client-data=0x568,0x56c,0x570,0x540,0x58c,0x7ff95fcd62c0,0x7ff95fcd62d8,0x7ff95fcd62f0
      4⤵
      Executes dropped EXE
      PID:5644
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\amftest.exe
      C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\amftest.exe
      4⤵
      Executes dropped EXE
      PID:3372
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\qsvtest.exe
      C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\qsvtest.exe
      4⤵
      Executes dropped EXE
      PID:4912
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\nvtest.exe
      C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\nvtest.exe
      4⤵
      Executes dropped EXE
      PID:2172
  - - C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\GPUDetect.exe
      "C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\sdk\lib\GPUDetect.exe" "NVIDIA GeForce RTX 3060 Ti" {322A6312-691E-4BE1-AA15-6D5C5A9BE450}_CHECK {322A6312-691E-4BE1-AA15-6D5C5A9BE450}_DEV_LOST {322A6312-691E-4BE1-AA15-6D5C5A9BE450}_SERVER_ALIVE
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4124
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --no-sandbox --no-zygote --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5068 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:5520
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --enable-sandbox --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5228 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --tt-crash-reporter=0000000000001140 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4364
- - C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe
    "C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio" --app-user-model-id=com.bytedance.tiktoklivestudio.desktop --app-path="C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app" --enable-sandbox --disable-color-correct-rendering --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4908 --field-trial-handle=1952,i,1682618447433670191,14727541522122465573,131072 --enable-features=Mixrender --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --tt-crash-reporter=000000000000158C /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:5944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x300
1⤵
PID:320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService
1⤵
PID:5452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService
1⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault00fc5ef8hdd17h4221hbc7fha8b534959f3d
1⤵
PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9546a46f8,0x7ff9546a4708,0x7ff9546a4718
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,283399518726898400,13427084515854808539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:6492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,283399518726898400,13427084515854808539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,283399518726898400,13427084515854808539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:6572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:7012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault30cd7e9ch1d55h442eh9707hda00a4f0a317
1⤵
PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9546a46f8,0x7ff9546a4708,0x7ff9546a4718
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,2614304317775178741,11573801438003935730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,2614304317775178741,11573801438003935730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,2614304317775178741,11573801438003935730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:6640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService
1⤵
PID:6260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService
1⤵
PID:7028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultaec1a618h1126h4f87h80f1h8a50a6c7da82
1⤵
PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9546a46f8,0x7ff9546a4708,0x7ff9546a4718
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6843239197612612531,9976134880545866903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6843239197612612531,9976134880545866903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6843239197612612531,9976134880545866903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:5716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\TikTok LIVE Studio\0.62.2\TikTok LIVE Studio Launcher.backup

Filesize
1.0MB

MD5
f1616c73e1e91afe613f92afa7edb41b

SHA1
0c1fa6c679b1b8f75e4032e42076443e91148fd2

SHA256
53ea290b91cbaea75d92c85ccb610261ee2f64c413e293eecd674f030b0815b5

SHA512
d9b1d6c6ea0a28bd5bb1fb8b096525258eed8beee26d24ca1f2db14512e91681abc915e486ac073a03ab5e6c4e4f721bdf0c7a1afc765ca9aa1a7d5ca9ed2bad

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\d3dcompiler_47.dll

Filesize
4.7MB

MD5
48a43c02475c4dd071582ef0352d7b89

SHA1
ca9eaa950f0a22746a609cca130bb50e3c1a59e0

SHA256
9976af659cd7aefc14b26590840db2c66d86e7bd8bac8f43d8a02268092bc35b

SHA512
f0e7100e375e1ec363df3759385667fee8fa6909eaf6413f7c285bdbde3753b590fc4bc206c84affcb78f2b08a586b237bffd8c643ad8d46a78f6affa0dbbdf8

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\data\icudtl.dat

Filesize
220KB

MD5
638450ffec2b568e46d4a7d9de23d130

SHA1
a5f3fc33b14553199c0cb2c0d0113cf0c1926986

SHA256
33488789a3710402492794c81680522e46596e6fdc31de70b9f51de687be86cc

SHA512
9279e8fbc529f3971e04af88be0e4bc9861a8444f4c32ec7a7c154362b26849da850dcaf8adf813d334b99956d4519a1e716c7e569d23957ab3da51288758154

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\debug.log

Filesize
2KB

MD5
1a5c230458a0a579bcdf6ecacafe9792

SHA1
73aff129099328078932fda8f5fcaf4f79589f9d

SHA256
47d96e4749461274086721750fe4b5e806f47dc9f16691d5f0b834d699d7e09c

SHA512
a4791b3ad495a82915b75a5a422d031620090ca2cdec6d3d858e8103a4968fad56c047fb31e8c9f05dc75e413071e5a8580d2f5eeb9a3f836c9a01b1eebfcf54

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\elevation_service.exe

Filesize
4.1MB

MD5
d56a70ab1094a9c87980cc413dee014d

SHA1
71ce963a4fbfaf6803e60143d2a9aec4bae3f58e

SHA256
c5b14c4a278f263ae7861dbf58e028630145dbef997ec847aa19554569dcd07e

SHA512
628553c6db1516b46d4c884bc38169268f4308add6b3d49678279fd638737bcfc6f5cca65ae55a167ac90d076e972bbe47014b72a6c657e712e43e3491ad9b75

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\ffmpeg.dll

Filesize
2.7MB

MD5
e59253f263b8c68f8e09aba0fd1140f5

SHA1
709f5979c80c5ee2e14a9eca8770c5ec8d631939

SHA256
53766a362ee006f990e55fb44870c505e06f46fbd4481f48420024310a3eeb14

SHA512
4014a01f1a050359ecb6ba5e30c875290a5e9d640b710dac81af86fa34144950d72f4d2d57c2c3f29e8f84e4f23cf8a8e9b4a48a28bf2fb57d8f0a7360ad1452

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\launcher_config.json

Filesize
62B

MD5
bb0545e4ce91cc2f1e5b23c43356846a

SHA1
5513fb015608362f9f0237274ab2a05964065931

SHA256
2f5f0c408564c29cfd03277e66cabea5ba3cc919a574ca8369d7f852831a0384

SHA512
37c3196c92f0d38fcd60893a0b0a3526f6025e8229093a40966408280e98a78dc32138d6ddb8e9f0f5b941cd76f6abfad45bb87935add9126169ecb942b4a884

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\libEGL.dll

Filesize
484KB

MD5
84c919305d2db85ecfd36d9256b88b73

SHA1
f334cc38f0c043a5e9abaf101260e4d59ef8d8bd

SHA256
596a72545d875f7fbd7eb43faa8e97666b36b342498f3e4f5af700e8bd711e7b

SHA512
1534244c6d0f96dc09a6eca699acb2c46961a30072e3020db8f2aee85fb5c3ae7262ae3de3040dbd492d460036759a30d3a8249a65b45915481cdf7b637e061b

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\libGLESv2.dll

Filesize
7.2MB

MD5
81bdf01437e065ce2bc86c5cadb4bede

SHA1
88d012880475a7b871cdcf87bec59a51e71dab92

SHA256
b1af308f41901833ade0dea549aca42b1ecfa592c279ef0013444edac91e5fd8

SHA512
b42fb19453b20d60d3e3d488ac0dec92d8fc914e8bba49b17a7b436fef107bf5fc8c9b23865a2a2bfe99f8ccfd611fe6ee311abb637e657638928b83ea0fde63

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\lynx_core.js

Filesize
184KB

MD5
ac4c7c3c21fb356964ba682b95e5236e

SHA1
7d7435dc6f284aa85bba6924fa7948168861a240

SHA256
62e3f90bd87e19a2034c78e53e864cf6e6244487bc061f27c31751c2fd91c48e

SHA512
4b4a43ef986f11a484ebd1f3b4835722075c57c69d8b275df5a6e3ec0274d4ce359ec5a1343ca596a12a2f01afa2ce54d3ba67a84c784af49708dce613898884

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\lynx_shared.dll

Filesize
26.1MB

MD5
4c3b783b22a2fb13c03bcca046be8b9e

SHA1
22816417329c4963c5c2ff9453e5177d943e60e7

SHA256
04499d3af2e462dd973d814c14f83ecf7222161dcbce8a1e32ef656b645cab0d

SHA512
89f00a97e9c9503b2180e5d66733b8d25784cde0d97a95f03abf0eb9a35d24ce4024508cd395db68da41b7b288c3b349743b05dba2df71cca8badf93c0136039

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\metasecml.dll

Filesize
9.9MB

MD5
104307d53edbd089707c497c301a35fc

SHA1
d612c43c539c87c478926dbdac8e14c924f61930

SHA256
98dd26105a076e62f335887c893f7dcd9a240ba91c1af234296897c4aab8b4da

SHA512
5edc6a8e3db2833b9c4bd31f0de99f9e76e118e86395bff5ab69861d81d87d82cc577c66c92d82968b150b55fb24e130c80f3e3b2f114ff4c6dbffe5b29fd825

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\parfait.dll

Filesize
1.2MB

MD5
5aebf388bbf9fa32a1a236ad3749caea

SHA1
b5ed816abf7e615ba050fb4809523c5ae11f4544

SHA256
90e08e598a9f2ed0c8fe3329521fec117897de46fe18b36419805ec966838bbf

SHA512
07bd71a295ccbbdcfaba1ca20b1078b64ecfba436402c2cc006e43e93c0ad67f2e114f004f04b9a078c9de3acd71eb904bd4c89e4d0e00082cfe777c73aae746

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\pthreadVC2.dll

Filesize
468KB

MD5
29ae5d218df70b99570359bdcc78931a

SHA1
e40c722d1eec349f991269998c15ed012c108fd5

SHA256
9d03d7a2d45d3b1d91c703a2a8a6241cbcb73446d61327557474a6bbc9252605

SHA512
dd06c67c412eb7fd43d3a22e304c3642a2fecd756d5057ec49574d21fc1b9d4b7f681bed7b19e6f6105662ee0a7579af5806cf46d08d11e42ffa82c7bfe3e00b

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\renderkit_windows.dll

Filesize
13.8MB

MD5
df71463a3fdecf6594885e63c32e5edb

SHA1
0eba45403204c4753b79ff0ff9525727c4c5122d

SHA256
c4a68afc7fc704793a247a6299d2f8a3e4f8bffcdced744e13b0ecc8d7ea4c95

SHA512
42cd8f1a0abbb5425dce7a162ab1d0e8c9bec38f68d3a1d9b839facd68e0d9875489d72d345490fd632a33ccf575c094cbd7321ffe7a9d0d40bd2a66ce46d1f1

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\poster.jpg

Filesize
6KB

MD5
2ab41cd7b296819d4507869bcb867e28

SHA1
88240de32219ad4821016410ad1b44a2f30de694

SHA256
c54699ef54d699761063b9ac00dec93ad3ce551e6da840f781c2d547f6b18dfd

SHA512
964065252ce40f7b35f5a2970a5c877af3f0d1fd7b82cca3184874318604f30c611a2ad40badb97dac922f2e6294f5e783368ed94ae33561312a218f06c01bdc

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-dual\scene_dual_1.jpg

Filesize
231KB

MD5
53a698be54485ae8c05cd11d8606a76e

SHA1
a4720d0d0e4726c9c6cb237908959eabdd79fbfe

SHA256
5ede3536b9db36735a113bafc81ca668cd023aafaf11e98cb8606d8e9e0f7e24

SHA512
99689027e8beb6728f26d8f7e651e98bfaa43516c5ec5c94c9ee2ef397d6dc5d13a9c30277028fee5174a25e607ddaeebea65dc412897c5b8851ac113d31260f

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-dual\scene_dual_2.jpg

Filesize
227KB

MD5
7dad7411aa8b83f1b142dbfae2f1c210

SHA1
d130fdd2584e6119525aa6015e5b1f3b48e8db50

SHA256
d1ca86711bf1bb00c9051afede4e5426810fcbad46322b8535defcfac695efa0

SHA512
7f80abd08f536ff76599db8380c0ff52c14eab3741fd64b3f1ec1aa43500546cd169b3028ae74551ed973ef0f29c68880b243840f8b4631688ea58e1453291c8

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-dual\scene_dual_3.jpg

Filesize
150KB

MD5
3c991a35b8fabb388099c247adc656d8

SHA1
230e2a1db237ff93ad84c4d829c35d4f9bdab168

SHA256
c59f7044457c2e67bd2d6509bf3604b10c914a520505880a4b80140e26b28fe5

SHA512
169993cf867c6878621a240f24517e78eecd820e9ec3b1be7e616c05855dc8fd3c8fbb965aa534a543fc91ed5d140b99c4c924f6ca6a282405cbcd29e410ae50

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-dual\scene_dual_4.jpg

Filesize
46KB

MD5
1e477e03db65d48600b18da4cec995f1

SHA1
e8f6cd81f18ce46d10f411c525dc1c7a8965cb59

SHA256
07575853b5e1824b75a706e2ea4ea186ec05b84ed4ff697c148c52f3df31656c

SHA512
735fef710317695137c22a4bea657dfe1f01df195225cda74dc36f5c212479591965f5ce836c28d0953a7bf233495376754c3ef0cd534c98ef8bd5014a9dba23

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-dual\scene_dual_5.jpg

Filesize
37KB

MD5
2191b78b0543a268cb669647d0676703

SHA1
54d730fed87cd39de6323f9ad3882f2d94bd2eff

SHA256
77dc4e34cda2923b5831b06771fe3ee0c75e962b15cf8f6dc938f0fd7aec76c4

SHA512
f29bff9e8e510f07997f7b4ff087e0c7e7897b9c7f4e06f48db5f065cfefa7991ea182fe3459d73fbd694b53181dd0c1c6625dacdee3fbf28e2d4220c829382f

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-dual\scene_dual_6.jpg

Filesize
23KB

MD5
279f89e2c21bf557763c1889902f5862

SHA1
2059bf725fdabc3692462370024f95bb3ec76f1e

SHA256
8ee7da14f665176046a64a0541ad51e0687d1f546f4ca1952a1b9a08ccee535f

SHA512
fb0f16b21b4f80f548dc63f76871e9a191f8d2a349144f9bf26c2ed2b5d023ee2be91de17ac4715166c39c81247c1bf290aea624afd73885239e7ecb757b9f8a

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_1.jpg

Filesize
196KB

MD5
17c05310b6c2fd01d5b830427fcba795

SHA1
6abc491c3b9ff92660e5eb7b5363c49401afe4da

SHA256
3ccb8ca2b278e0d56a9ac8c4ef1588661669bfb20aa364b59febea32b7dcea77

SHA512
73f6adaf95d1ffeb4ef3c0e1f4396135a5d1b1e94e5bb3e2311592e3e53cd339291974bcdd16883e5af8f412eb56942a14b01d42c9cba3b5eb67cbef08ab8c75

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_2.jpg

Filesize
196KB

MD5
66d627597bc9c9344c43e10cae823f96

SHA1
d808ed8580c7343bbbca47c0d8c568d03f72b45f

SHA256
802e7ddf1a3688ee08e4123b1fb1e2bdfb0c7ebf20a1a121cc380b5ab5195a99

SHA512
38ab0a5326140bad640ee8cf21904534a1818d3e639a75c5d1999ac38c669ccc49c9c8364ecd88558149ac6d04aa33d76f241db291dfab43ceecf19c1c11dc40

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_3.jpg

Filesize
221KB

MD5
5e71f17c916699bde9a7be71d338c478

SHA1
afb4b3c74fd60d475a816a9f71cad429824887ff

SHA256
587abc0debb95815c77e0a67219c23a9c7a3eb25a5167f8bee897fbd095d0de0

SHA512
a89ecfbbd75b6910340ab3039ee33031ed7da57b77f51e1312e4bb82a7f9029c96cab47540220f3537f39e341a0903e4ee7e4834c5b7a547bccac9338f17344e

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_4.jpg

Filesize
115KB

MD5
114dfb3cf8afc0e1f7bbb17119792107

SHA1
cfb2c7ea0f1d5b89285cf10cae3a70f170e2fcb9

SHA256
6a1d6e2bb46fc8b4eb2c80bfe04321450031fedff40044ee641ce5b30f686081

SHA512
229d7d60466d10f7538e9d219fb1681fdba2fea08d52d806755aef307ed0cf98d2d3ffa0d56df24598f8faeb73e2b800cf0e07e96a299b75a7442588dbf0aee5

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_5.jpg

Filesize
43KB

MD5
dc52c1990578abd92fa1a9774c3658ac

SHA1
7f80806f398734860d5ed18becc200765baeda5f

SHA256
6dfad1c2990d9fb61e1565540543a1dfbb8f2fb84e9a21a4cfd6729754a75142

SHA512
791c5a89e9278776e2bedcc91142b7b22c4fe482b9271c0f0545ed50fa5a5d493e022fdf889d7e4a676ecb148b1b883601b1b8ef6bf066a997960b9998aee46f

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_6.jpg

Filesize
39KB

MD5
91149d47df7a6a37e3e46cc30f17e099

SHA1
0a1494600161fd089eaf76f5410ea055da9d4f6a

SHA256
d1189dcd6374567488ec70feb7c526e6b7af566c2e3f4f83adc3d57cf0f91cfc

SHA512
24030ee0e1f44d70251430c60c5f4d1d63f04e28cc406fe83cbc951766e9eed0cddca5afd39bf0333c57c8c8346e27f481071bbe738080b2da61063d3fe51cf9

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-horizontal\scene_horizontal_7.jpg

Filesize
13KB

MD5
3e810d6321ec0769abb170c84ed976b5

SHA1
24a4da9c7f23d089049ce71f6ca738e619966643

SHA256
0dfb64e204b26e41a58c030c213139abc9b4bd8f9d5152fc417997aa5cb3f365

SHA512
24b7fe3a14213160ca8f1aca7a6b2801924c336de0939a90fa7b6bb866d4d43450418fbbeb2c7bec57613012532c800c4471a4c00d05e1a4d47f9ddaa3e54c1e

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-vertical\scene_vertical_1.jpg

Filesize
160KB

MD5
162fcd78b0316f794b37b8f4be6d3699

SHA1
194e3dd956560f06344ffae357265c4ea8a2f3e4

SHA256
ea9d167bb379f4e5434fad057d0a42479565e376fcbb25daeef940fba611197b

SHA512
170eaf9a6d67716e00634966651a40b0f4ba9717358a9816fee28cac789d80d9aa768594affc587a79817e2af848ee066fd016f264e1250b7af2eba31ef026bb

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-vertical\scene_vertical_2.jpg

Filesize
157KB

MD5
4e716a723976e440f96e1c387cdbc238

SHA1
98066574a373f37c1b7646873e8cc5de6533e3ed

SHA256
6aff7440a0ee91f6b783c6876d4964eb1815de483e9aace90a588a1c3df8d846

SHA512
17174946a5f24bc5c79fc8bdc1204b120dbde718dad3a46afe6f3232bdfddfdf99ce5277da28695f4b59c164dddd7a8c09d06b885c390ca70066d90354a8663d

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-vertical\scene_vertical_3.jpg

Filesize
176KB

MD5
c5c620680f0e7bf139025d35eabf2e9e

SHA1
c4c9409badff56fd9815f43a6e165d8a3a9ce2a2

SHA256
e0544808b659cd8088f6013d593a065fae559b82c8b17061c4e094cd821fde38

SHA512
01bfc0c943eb4d60936279eeff9991f8976820cf0042e9d5299f5c39bf341096d7f92dcc4c5abeb24f468a0f1eaea4b8534783745d2e32841f3b0a3525eee968

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-vertical\scene_vertical_4.jpg

Filesize
121KB

MD5
614cc206e175f4a3fe0673cb04dd837a

SHA1
08e044f56e725b647d293c145722420f50a54adf

SHA256
aad3b1feef792c61f825c0ecae4f9f4e0f7ffcb2fc67a4c60a51503575a71f81

SHA512
3c78894f22cb3cef540182c460258a0bf11738aa145b3ea5948e37adaa37d9f42b8026114cad68917525cec74ac7c887fa69223ac7f386919063977b2f4c3c50

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-vertical\scene_vertical_5.jpg

Filesize
28KB

MD5
edb80d31fcd54af749d0aae29da7c308

SHA1
4bb70d3fcd4ac19d199e8362bdab48f08e0533cb

SHA256
d11fb4f3d5f49f6cd3c3716f03be03c62abd01aa0045f32845dd03d1bbbbf9c2

SHA512
8302feecbc0714690d3a285e7560a474dcbebd8be8347bbb29606e9af0c80d1ee9eb2f0ef0a73a3ef5fc9a63e4e2b08d49feb7e695e1f63cc2c0cb0032d97413

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\scene-vertical\scene_vertical_6.jpg

Filesize
18KB

MD5
68a01d38b8a3643fda3160d6236d4fd7

SHA1
56e025870ab59573e0e1d439f35de059ab918524

SHA256
dab6de9f3dd65651689c5f01e2a6c280fe1bf841f5ccfbf20d867444eab12281

SHA512
b908b35095e73273bac653488f8e41247afd39399fc98ff63043fdc50fd69576162ef4bff9b5ba5a29db52f3112d0d2289ef827112d179748126eeadcfefa897

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\preview\source-camera\preview.png

Filesize
6KB

MD5
d99106bd91aec766ee93b95fe2c08aec

SHA1
739b42abbdb2ff75c09ee6f958ddb59e77227a1b

SHA256
f69b7f1f1140186c23409e8fbd9f86c965185cd39680d5a0cae4696dd304b508

SHA512
6186d6696a78abc30357f1d62efe4332b4ea367f008fde2e37d308246a3f7beec0747a2a5ca618d22445e372595644bcab2df8067e9699782493c63773240bc7

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_1.png

Filesize
5KB

MD5
6624c2168b3cb5c0f013ddcaa53e2e6e

SHA1
48c887f4009f4dfc3c49576a0b1fc94ba2df3a43

SHA256
15d55c2e9ef2bfc23da4a711bd7ba40c97f70f2e2ad24f759a939d786987936c

SHA512
8065ad1b2f381e6ed2ce64ba11344359feb8f9d9a35689ef70187f17d7bb2707978382d7220143dc6e2c7cca540c7686be8a5caa99e6ae79a71b6c159a145794

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_2.png

Filesize
6KB

MD5
ba6d9da1df81aac2d2e8d4f59ee87771

SHA1
a6d4c1e5659a02cbb5f821ad417bd96f8dcc238b

SHA256
33cc4156050315b8fcd430b080643d2f90b25ed70969d9bfb24e4f7e9a23934e

SHA512
da286001aa00484a167e7d871e3eae1621086b1f344f03e6607f7304289492acb2654b70cbfdac6f853cc9587e7f94e3bf5f0f111f6a452dc9b957227f9172ad

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_3.png

Filesize
7KB

MD5
0cd482c138912978118850a610fb9bd4

SHA1
684f4970eadf7012edfa315df7282254a8c9098d

SHA256
3434d1a511ded8833e0e301a7642eadb60017ad594fe2e8d8e6078d43bcb2b25

SHA512
941591e2d6cc0a510503394b11b06896d95a8d12e209cb24af1294424b08d9e0e6712e6cf63fc4c87657abed076bd0858f84f1e1a610d21b33cb2901e7565023

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_4.png

Filesize
8KB

MD5
6780dd311dfcfe4d99e16d9dad721623

SHA1
bdc4ed0a2feee55a8c4a869b77e256a71edfed90

SHA256
fa25035fd3c1ff18591ba568589ead38ea53d30fdb90e1d24e2f33677e5d061e

SHA512
19de500d515afd8f7f00efff83ff55109dc30c299085d21cdf0336d466b2c95e02c1c6827575b185bb68b10ab949b083c7e68170f03f67d5a44e70c0f0027afe

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_horizontal_1.png

Filesize
8KB

MD5
e72c785a9d19cecd3bf1235f345e626c

SHA1
0571866162cf6acddd17bb8086a137bc509c95c2

SHA256
b32b8cc7db12cdd9940e92d21b9c8330794f0705335de5df43cfa47440b4d867

SHA512
d561190b414d718aee37059771774808a4003743be3bc0c98af7f69e443a44e029443e064725ca392e2ee13b871e319b37d48c83c4b0280a6e9a877d5d4af204

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_horizontal_2.png

Filesize
9KB

MD5
6677d683513de7571295f93a45402e7e

SHA1
81e6183c2bf84cad72fd5a826bfeff31543e2723

SHA256
1e54a1304e7cf8d50a98254db95bb4b9a62e2acb020b8a57a24ee8e83d29e133

SHA512
2c56a0dd0b5427b3b7d21ffa799471a5702d38f34f809623188cb4e59be9d7150ab920fa6bdb1d214d77cdc12db9aaaeede311aab5ee769bd48103ef2f6bd9b8

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_horizontal_3.png

Filesize
10KB

MD5
4b7105c5e90c9df544e35d0cb753f3c3

SHA1
a93b2a824a656a39f9e3e6687b7c6d6329bcca26

SHA256
fcf8ffae83904452a561d7af3d67d2e905a2f52c0e3669c3c1625097459e1101

SHA512
8a14535732a5e677d58d95f8cdd02b8400daf3dcdc91172fdfaafcc69120867f07c9019d95331cbd46813dacca3e7dd7806cd8d179ae9e6f5d51861c58fc423d

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-alert\alert_placeholder_horizontal_4.png

Filesize
11KB

MD5
59544f2e29c7cdfed9c8457ab75f5f39

SHA1
5cc8a1c603d45281ab75a1e8212651ae10e2011a

SHA256
0a6b611b2078380baee62ccbcbf65197a52ce3b9aead545ed45cca9b3f5584cf

SHA512
9b5a855d95c6fd74cd34f682d54f5ca81c93e49792b2155a89b6794241416b477b5d9b7edecac7d7443b9edc19eb9f1c45aee4f8ad0b2a8bf284f42cb6ffbe54

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-chatbox\chatbox_placeholder_multiple.png

Filesize
3KB

MD5
7715fced6428aa07654b269c2048d92b

SHA1
c3c4ccafd79573f7124a63b9d3a7a0d40dfa8931

SHA256
9f06fd5267beba6a58dd5939d5e9c264368faabc8f766c3e3a6d65a5f976540f

SHA512
1bf5a10f6e8d906e77c4dc4854e4a11eb823cdf89e4f448809502f469da542537c0d0832407a5a03ca0d7896e4ff9c48aabeb3d1b6d10012b186adf8b3ca6d1e

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\source-chatbox\chatbox_placeholder_single.png

Filesize
5KB

MD5
20084c719f8d50b1872380340b4a230f

SHA1
f76e6a59bf2401913a35d092254685e37f39252b

SHA256
5826fe0875fe5df34ebb988c080a3f122fde7399d861c42313c05bb13eeacaed

SHA512
a488d6018c85a60c564a0d44667c889fda3411b46b52d19e7dbca5654413ce38a4322be5c9788b36f7bd0eb9ac8ea6776d11c7984458fc9839a1ebb06eb686c5

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\template_horizontal_image.png

Filesize
909KB

MD5
be0b854c19c2f74a53acd853d7615ba8

SHA1
ec6b8b3cae81463c92b7bc38266a7526f0c2af0a

SHA256
ff901258186f2629d7a22e91222ba8b821e2414b2fd9032eeba6d41548ab6ae8

SHA512
a18d06e921af10463dda947b10ca294cfb72e0326f33dac9da81a02ad652b2e718ab040f9f73c40c97abaf7952550c267896dc5b5a3be5a6efd5301b232a9397

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\appdata_resource\overlay\Default\template_vertical_image.png

Filesize
866KB

MD5
391b51267e4af9954a605363355c22ef

SHA1
856405341ddf36f6a2cd8a948d4b8122129be754

SHA256
6e7f84630d62cba06324f2da77ec8323e34dddc436d154df3c8316e5d1a1133c

SHA512
fba5439616155348faf89d8a63a2682bdaa2a4b59a2b46237d8922cda5c1ecb1a67294a0f821d79d2e9de03705dc0f1235987dc5dca8a2c26bb587e7fc44fee0

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\effect\model\ttfacemodel\tt_fsnew_v2.1.model

Filesize
867KB

MD5
8572969b01c3ca4b84b7078b3d9bde0a

SHA1
e3b83e2296adccc174ac362997589f2417eabc80

SHA256
c4b081d04f6829f7cd5849abca0941891f1a7f2cb250efd7f0e42fece5426610

SHA512
2842d27d389511163daebed6dd6ac6735642b28a086508bf143f8a4bf4c67feda00af02163893f4a652b27bb161c02838ee842ceed36c0165c56aac187d83e13

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\assets\gift\6427\AmazingFeature\js-meta.json

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\link_mic_sdk.win32-x64-msvc.node

Filesize
2.5MB

MD5
8357a27a0b8c5170d3239e3555deeded

SHA1
1feac2db661aaa0ae1a31fb808c1902f6ba49607

SHA256
69522aec5b2fa86dc8f19fb34e0702a903f7c3d3b6f7b9523d65647755db7010

SHA512
74069966bf84aa210431a78dbe7785a074b507223b5c1203d43fae61eb793c61fb5ab8097691381e318f1ad2e66547fc2ad4eed08f45be3446dcf6010c1929f8

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\electron\main.js

Filesize
13.3MB

MD5
f221e7b12fdc4368847c8dcbaff58ace

SHA1
b77aed876e7d9e5de3bede09a19e97f4b094cb46

SHA256
5919b30d66b1abf94846b849155ef7dafd16acdce0ee39abeccd81566d15c52c

SHA512
b8a4b39c4c00a95b3286a7aa3623cfb86a9f97d3841d22454cdc28f4dcaabc09fc9e49f62ef976ac4465b905d44f86b81c6a0d333a1323a815412bf329f84043

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\locales\LIVE_Center\sw.json

Filesize
431KB

MD5
4d4b45b5efb2d9731310d5a934364f18

SHA1
95cc530c1ce6818e13f52d04a9c34ddb7e1d97b5

SHA256
ea7729cfd3ca6659803b1c95ee55fb76774296b1d123515c69ccfd39db3d45ee

SHA512
0b7cd9b3e90e2b2633cabae86ca712ac0ac04b110735c2240a8fffa7e8a6cf54c4bf4348f0ccfbfeba675d4e0a4dfda9c62a137cbaee1a70a248f171c0f871ca

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\locales\Live_Studio\sw.json

Filesize
626KB

MD5
bb86991d17cad4a1148d156544358b2b

SHA1
f49a43ff5538185da853095019ef784858718412

SHA256
f52b01c4e103eef9430337f7fccec3342b1a08f618f11a66be0e94e33b4f009a

SHA512
86eecf5022ae1e90ad27d7de0646e4a3382f5d4a547bb3046036b3ba02236af9ee5a8ddad5fa5b0f2ac7edcafbaa7ff581a625268a24d1aed2f6cf5c456110e9

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\node_modules\@bytedance-dev\gecko\gecko_addon\x64\GeckoSDK.dll

Filesize
4.3MB

MD5
35b9cbe2aa18641a9366ca0dfac75fb3

SHA1
dd503e4ee00d55bf3dbdc2af2375d607499c5619

SHA256
56974fcf864a41e24a714c03ca108af51c81c6445aff2b9fac53522035e49b33

SHA512
9e3fc4457e4b5bc8531abff2eb06c658062f3849fcb6160c446cd024117c5ea94c5874f46928571409fa65d1e283e4dc38e2a1263a5147c2db41ddd857a86fbd

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\node_modules\@bytedance-dev\gecko\gecko_addon\x64\gecko.js

Filesize
68B

MD5
61b0bd3ac1855d290d2e975bd93556ed

SHA1
3e4db601297c95dfd93aacdcdae15145d4605ec0

SHA256
b431d25d5792c67c5ed4ac679266bc2ff8ebee938cde183554c19216d98b920b

SHA512
5cb4062ae1a09d02977554694c7df3a0f9f4b8411a88347b66c26af7d942c9efa4f42c81f8f02a8fc59ff19b5c38687e00e02f0e47f55c7bd8f940d8a652ca83

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\node_modules\@bytedance-dev\gecko\gecko_addon\x64\gecko.node

Filesize
1.2MB

MD5
83451ea4eaebc8c5ad941c7336aea220

SHA1
97dcd1ccf045332390e1fc5e105159920f994837

SHA256
1e52f709112c43df3ba4b6cb6538a8da3301266fe13c84a5790d80002273984c

SHA512
f7d0169c0350baff23bc50c717a765006d7381f768422a73b23976f4d6049d4a34a71bfcdbff4e1948ace07cdda8078aee071fcd5dbaa9787849274726a5c9d8

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\node_modules\@bytedance-dev\gecko\package.json

Filesize
568B

MD5
02308d292982eee261ac5cca11cf898e

SHA1
d8f2ced29c685cdee834a43f00c5549ff333cb68

SHA256
2e423851ce09c71b3c8ef20534cbf820ddb74c44304867bdb60fdd7f34bdef2b

SHA512
28b89fd1d61ca37471dc4c899214cd038faf006ffd43ae169571c6672385f1a1238b3548f5b152e43eb0b8a5a15e78a1e68309b6ff669587c4f214802b49d03e

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\package.json

Filesize
798B

MD5
fd085432d0a2fe5413a62f601ed6339b

SHA1
efa18a13cb08197792ffdacca649bff9af79dfe0

SHA256
c8fc50fa5fcae6114b141bba5ff1af71771914f9625a35ee03030db003e1805b

SHA512
d6b0e202892039aae0ab7eb77c30fc5d8c8548c7748d046a07738808a7f03913272bc3f67dfe255481672001b90dc513673c443a186291cb368cf6b9e8ee21af

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\css\browser.713ee161.css

Filesize
21KB

MD5
b641f48b28b2a1052bc64aa55f11bf4a

SHA1
4809f969dff370bb836e0244d786fdca1ba60f34

SHA256
0852936add79b469cab8662e0e15786f964caa8aba66944dc68305c15fb05109

SHA512
aa84ae14209f8e01ddd8a860c3150ae2eac8cfeb6236b90b4028175bb0f20e28db244b29ba21a0ae1d594404e092651fe8a79a84e1d760c24998419769e92f3b

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\1524.12cca74e.js.LICENSE.txt

Filesize
124B

MD5
fe07165234709e61e0cdc05d4056de5c

SHA1
992fcf4ea155d75e1b52c980e51dfed9ba000f74

SHA256
e4abf59ab5eb5c47cea1f6e87534508e1477270b5644ffa2fc242d68f472b8f5

SHA512
848399f880b3e595446a13680c897e2ce7ea1825efa8f3043f2fe1c96404a02a020fbf3aad3cfbbc1ba85131072e73059dd61dafca7f95a7a233ee9f29f34698

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\4405.90a06e1e.js.LICENSE.txt

Filesize
808B

MD5
783f14fa45b10e088e68f98251448010

SHA1
cd522246a57b87ba54b1b6b92174b9091f70e983

SHA256
0d8f66cd4afb566cb5b7e1540c68f43b939d3eba12ace290f18abc4f4cb53ed0

SHA512
b7c82962cb44702c31572d8d4057561649bf47fe553441f54a9527c14f5b4f0fd747bc346e0ebd108879a9482f5afc3cf73229ac52143c5914139e108b8b58d3

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\7871.701c57ee.js.LICENSE.txt

Filesize
507B

MD5
1f4fdab8642715b73399a8643972d4da

SHA1
2c17b8a9d0f222863cd6b71dff942a53b86a5b6e

SHA256
8b06414186397c2ee8f3db0686aa4ba142346cea6948aaa72bd362d3181341e9

SHA512
17cc0c7376ba3486e0a71cd8219f20d315876c1bc4d6458dbd1719be2959d405801c08e4090ee164888333735be1c0f891f73f903bce59afcf0aa82387f3bf8a

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\js\shortcutMask.e9c5ce15.js.LICENSE.txt

Filesize
254B

MD5
dfa7a9b54c32820ecf32286616324db5

SHA1
1fdfa4de38fd6008d6159c9d44ca1b12a0e701b4

SHA256
a8253b45054e2d65ec86572a2798a199c0e320d8c3d3256f6d0d3b08d9a46cff

SHA512
29648118cd95ba9b5e2c0eba3b4ca7e1800dd5cf3e58c1ecb721a7c1b2cc38354103ac380243e098a78dccac9ff02d4ba239e9ae9195c9897ab33b5c273bcbb9

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_82.png

Filesize
15KB

MD5
b0fb777564f8e386d180ba36cb795117

SHA1
72f425c7504eead01f1b9ba49ed9f08cf0015896

SHA256
94f76476d09f57b24a753306e9db28ebf8dceb9758c0658c68187da9af9078b7

SHA512
7ea6d91e667d33d5e13c6bdf7dc723951bfd85d2a8efefff0e2ed1e4a4a62dac60fe72dac38db1e095e407c48553e45d36884d08c1e1d25156b8118b48f8cbef

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_83.png

Filesize
16KB

MD5
6b336cd0369cca84e1b732d5c0bf65d6

SHA1
954a4a1700e6d76fd23dc2e09130fcfafe38482e

SHA256
79d68b919247e3c61d2480f304f395247453c48a5df118ac47b2cd05b2c81d1f

SHA512
ac55f4e0a7d98711f1f25c234dc1da5303e7e203eb21f571331f53de458ee5756ee8d6f2de7368117a59a50f521c5e2e4a23cfdf6c61b6e549df73befb1e5034

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_84.png

Filesize
16KB

MD5
b28956c7494bf0c3e9b3cbeaf3d70b73

SHA1
3ea282154af55f8d1435e843cc8b9af3410078aa

SHA256
4824f79862117dda1a75c7bb8e28af76a6f725ae6050e451ae6604e319ab0699

SHA512
72739c5d44c324904ac83985f9bf66afc7c13e98ecf0e14e3391da44edd4491b1eb9b6ba1da6836458beababc101631e05abcaa0b06b99f1b76b358712f6868e

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_85.png

Filesize
15KB

MD5
ff52970720fc2b1d42026ecf98d6fc6e

SHA1
619130a4f4ec6380a48c9baa341ccc411eb7231c

SHA256
291bdc4ba3bd505f07016b35fe06da4d6675578a1e4de36d5e8345f27e96e42a

SHA512
367168c74b245e12835ffef97be97c2fe28c15f97fd903c80203704a8c976a7f3a20a3626654982d41963943f6542201e85de66c4a70ff561ad5dc8a9b217082

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_86.png

Filesize
13KB

MD5
a49061118e78e78e04af86a880348458

SHA1
0b06da9335bea3f16f42ebfb78bb9aa21b4bf6f7

SHA256
f75630c85958b574f453ee2e81ef069ec66a214b6e2fc87d839849c973d6ea91

SHA512
8c9fbdbf7c9971c0271e0a24cac319cc8e8e475d54cd542789416f7ccc4ccf98df2bdd2b7d41993037b9fcdbc9e1d39a9fa3f96324339a707820d426ded2db12

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_87.png

Filesize
16KB

MD5
44510e52962f94d073679a536cea93b0

SHA1
79b281d3396af61a119284e70989f30929b68269

SHA256
afed2ff208e8640397559a6dffe3a7210c96f19a0a69e406df1a340ed6ef10b0

SHA512
157e61c6fd3e1bbcbfa36b4fa66c996d09fce2095332de00523ceb7212ea909641d853c110b54c0bf288f603963fea449ece26ad5ca98fcdf8c4cf55659699b9

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_89.png

Filesize
23KB

MD5
0c0704e0064e6ec75bc302c3ca9240d0

SHA1
56a365629d169cc8887fb2d9688a7aa6d6b5b53e

SHA256
1b6fa3d1bef5f70814d2dec5d2a2ec25c627e5da4536dfd6c81b1908f848690b

SHA512
17a221046e5ddcf6a4858e73f2985ec2644bc818a48579498d794edbb80e20451b8a5b489fa880570b12591ed99750e0adf285d8d67721ad75daa72ca0a00eae

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_90.png

Filesize
23KB

MD5
5a9ac1f5c520d52d021c6632dfa0f0ca

SHA1
828275cf14d07c3ac749713c5808b3516a6d7d69

SHA256
ec8b8f9e3dfd5aa189e7547342f6db0575353822f8254a122712f681cba24ae7

SHA512
aba62af79b5b1febbd204935347d0d96c6d164e9e9a97cf462812024bb82425ddcfa5cc47eb074ec7058d83919083c48924fee897e2e6601c398a1778d354d94

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_91.png

Filesize
19KB

MD5
b55b4865b1eb258db65322998fb4c67a

SHA1
f58eeb0f6b1e8fc4655393388e27be3146cf612b

SHA256
38dd66f2da3f276782975d843825d7dd36e5270a5e1e7b55212ee8ed738c073c

SHA512
4a106f973a7764032b9ae4cca9dadbd8d1de38ae3cdddb7567e1a72f780f3f3e310c3200a130e71f153a6e388608cfffc88c50efa951cc25b6097901d5e0040e

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_92.png

Filesize
18KB

MD5
221f10aaa333a7358d41b876517fba6e

SHA1
56b958d513ecea1f445d5f1fa16c67fae8a5646c

SHA256
3738793515c3bcccef12d889b47fc9c70661c18ea53d587d4e14151b9103b9ae

SHA512
b95f1bc48a98b71c40243febaa36f8d5b2299e303f3cf3514c43bba8406a1693edb261207ba6fb927470ef4a9c4294f328bf9827b7824d77d7cefb5e678d8af5

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_93.png

Filesize
18KB

MD5
5b97e3e8cf4f440ea884b8055f8e3b4c

SHA1
eeedea5ce9d58d5f339eb28585498e460288861e

SHA256
04a95bec8b7c577d7b8bdb3144d5b831ec21aa59118e6e1c4b0bf8f099a33b2d

SHA512
230607fc9c16c056eb64981891a52b919a80311b0516b63d008e1d2b910d833e03252cb2157a10cba62f2984ca9838bb7257620d424e240c650f0a4c53386505

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_94.png

Filesize
17KB

MD5
a40a7376dd6bce5b35f2d8d9781001de

SHA1
8ea2585c572f9830a712f23aa11edd33a70730f8

SHA256
004f59671c4b19f7e328f16f4d7cdfbb52c9cd2ef41917349497c33c64323844

SHA512
97482292a843ebc6fd5b8a15be4b0047071f6e0b6256e68d1392f1d02a3eeb5aed274aae37b7dc725420fdeab22d7b579d617687137e6ffe11220a01d9312778

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_95.png

Filesize
19KB

MD5
d2e4d23344c2c1c7b957ddb41581c18c

SHA1
d6d1986529f3b20933da9529116ee2dace8312b8

SHA256
e1c3fe6cb0b19900e688c8a8f8ae104570eb9fcc2f57dbb09a6a22a2a5b2fb77

SHA512
903c63c5be8f0d30ca5cf7cce5b94dcd5280301dcb927ceaa780dfa2f655c5f1ab006124ab3bbec98c3f2c278ae6bef79de3ba8ad6e8e67e9bfc1f698c57bccf

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\lottie\crit_card_in_img_96.png

Filesize
20KB

MD5
646ec555f177cc80bd91ff18d5313966

SHA1
b64821215eb13e60c26bddc34f003c150a0202e3

SHA256
1790827e5c08da16734fd305aa4d71ab7e35a81f492d6949d3855cfd06f60001

SHA512
ac70ce13062d68c846e2ecf6916e982f4950523c3fbfdba3a41712c8dda86c47c2d14fd901b6f21afd2fa838d07dd416bfb018675d89b2a3f48c4f9af0506678

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\crit_card_in_img_80.22e288b0.png

Filesize
11KB

MD5
1c78a7ed027e18617fd65c6adec35807

SHA1
9f5acf91bfbd9ae1d15ff9800cc0bd786f5477df

SHA256
13ab41a69d6bb275a1a3e4730b1bbd58313a1065b1fc731523fbcdf72d786cc0

SHA512
c1e72651f5a893262d5e1e337fd9a44b3314885eafb940e1f85409ed93354442fc6dfbb9857e926c1882731290fe8e0810b3ab7e8387b2e72b4d8a8dcd02b797

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\scene_dual_2.eedb0bb2.jpg

Filesize
2.3MB

MD5
beb195b4853e7ab417bd04fae28f7de3

SHA1
dfb85b7a1b3effaf36935656753867c7e92a07b6

SHA256
16805ad23858a3a2f46d8eae7dd7896b9442873d5567287935eb48b3cf3bf78b

SHA512
163c2111e23e183929c2af52121d5891198358e90ce0ec24abf810fcb085bf2d8b1b8fa148a8eba0a6ac81d89f4dbcbb08db83ac674e5f79f79da4d2b9977f20

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\scene_dual_5.4204cf7c.jpg

Filesize
4.3MB

MD5
67af3087b88dbd643dd54d9c4e20a744

SHA1
0cb6f9ca4546363886b3faf0f58bc1a1b8453ee2

SHA256
7d49e773380e3b62cc5cc62354c7d1d6dc1a7d109b0cbfced3373ec1ea128214

SHA512
71e29deb688e80c9b77382f684c4d98a4318ea1b70e41b5772f864ba9f1bdf2135861c380d058f633b5f0394123dba60dc4b64113dce3d23059b433688dab289

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\resources\app\static\media\scene_vertical_1.14265f65.jpg

Filesize
1.2MB

MD5
92220e1c8fa6d3a8e5f51c13b4ef4b5f

SHA1
7aacc3aa79fa575a8eb7d34cafae2ef59cc066ca

SHA256
eee6ebb0ed39b5fd1717dd6944edcbd7c71c6080665cac88649262141b485a47

SHA512
ff410e947270462f59f31db8af0ea524201afa80e6b795746fff9e3d0d4f945df75fb7a3aca76391153324ae528c52d439ee79a1e64e80376977c1c81e5a3ff8

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\snapshot_blob.bin

Filesize
168KB

MD5
b82ff216a0babf602940759b9a3af870

SHA1
07e8a22dcf8d7be04a6ddbcab3098e040494bb0e

SHA256
943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5

SHA512
da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\sscronet.dll

Filesize
7.2MB

MD5
c01156d6766e017488cd1114e57b6614

SHA1
9fbbcc3f3b8a5267dfcbc27d18ddb033350f9ba5

SHA256
7811ee1eaef91c6a1d19a2f05cdb2139ce3a715ff04199a41dba4783918d234f

SHA512
47d7c85177b539027e5e69856be3fe3a965130c056c4d64d3f297429309da2d883b17c5147b16e314a12a258c998ab3a62218910f24a2ba6de9b6290e74c7f48

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\startup.zip

Filesize
344KB

MD5
ecb6b76ce02e64e02021e819b22a1946

SHA1
600abdb70c7aee77542704a27663f36f4cfbe5de

SHA256
d8f858c004c8aae46551f15848e1b7e3bdbd1e56424a4cb3b63f07b49653c404

SHA512
830c4a8f37c6b6f19aa48fb604e05a1bc149ca4bb53585c0c889e6eb11d2dcc17bc39af9c817e31e95dcd8aae191e6bdd1f3a41c8fe9f556702adaf1cf80cb2f

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\tt_crash_reporter_config.dat

Filesize
768B

MD5
b1bb820d21be925784baaa5656d77cd1

SHA1
21173c219eb3750ea19153b142ac6d1546f80909

SHA256
a9138ac996be52024ba50479d50758e1fb84798188fa843fdbd6ecbdff20d71f

SHA512
218762f232ee94198b53598f2585ee6de385ad7eb885f1cdad5a27f92c88a2afaf71baeb6c28afcd432374dcb78d932fade21f0515d2c12663f28813ed155544

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\tt_electron_config.json

Filesize
128B

MD5
eacdbc3a7806e7371ea823b5ca8d419e

SHA1
d84b91e5ae6eadfd2b4a25676259fad666dd7db2

SHA256
b5f1ab0ebfa4bcb64236ceee7ac565ff48e71fd8809900305f271cb43870a53a

SHA512
f9ea3484f1a09d90706b8fc3e661b1558cd6012ddc3a45e303d9a449bd4cdffe8b17c7e3365747fbcbbbbd0bab64cfdf6e039a833f3be495befb31a916526905

Download Submit
C:\Program Files\TikTok LIVE Studio\0.62.2\v8_context_snapshot.bin

Filesize
472KB

MD5
8d98148032dbcd94b37bf7b83a34a21a

SHA1
01619e0e5f56c412e22d8d6e59640f3c75761711

SHA256
2845997616844ac3935dcf567bade7c9582f53f408cb45e3db9388c93a9860c1

SHA512
597004c4da0f5c1f671ddd8be14f7364a5898d0ba0f486315124b5c78cce28cb85c88fe7246b293636c49bd0137f7811b064c531addde6bbe39e310279fd95d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e22c2898ac78c14a840076a8446b9d

SHA1
ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6

SHA256
a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d

SHA512
19381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d8ccfa6a8b1b15db876b848b8fdc102

SHA1
dc7d92c35e9c84d8d78ac0aedc926214cee68135

SHA256
b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86

SHA512
6ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c784cf1c1fd7e1977481d4630467227

SHA1
7d67cfc1fc34b47ba99722975607486370906487

SHA256
6568f0f54b1c313421175b7e076d6523985e76d4026eb39e1d935b2845141f45

SHA512
10d8172687212d6c8cb20d61cf254a2c59532c574f628accdbccaf9fd0bb0a963f4975386ed7241b6ed967774f34b30ce2fdd8d046ec0cd7abaaeda7c6d3b928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12bc0c0ec00933d83229b8e81ede414a

SHA1
42661bfc2c62f86a0844e2abc4b6daa0efe264f8

SHA256
878945d7fdae7ff4841313cc61d14dbaf7ddb59e1d61025c67948771bd9f70f3

SHA512
612ca2d9a5fb2eb7f15f07e68e2ec12388d9ac23efd0ca0b20bbd0075b9e9ce834e300fbd3fe170e1aa23af95dd3772cc608e04ca8bcc46209c66ecc12ac205f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9682d60-1f46-4516-88a5-1248ec5eef12.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
73918bab536bdacdcd064e0cbb3025af

SHA1
3af5eee71ffd52d32ebea8665bf5afd3cfd7e78d

SHA256
d9afe7f49fb83244d3e39dfb2d787e646210154675b7799a004c3de92080c401

SHA512
b76dcf9f50a2bbac9570025dcc1e8de0a79a3f05cb7ebcc9f7abce83a2ff58e0f53054cd5c4b8f2cdea88a3d3c7a25736d7fff4cc35ad17e8a85c3223b43d56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9C0.tmp\nsis_plugin.dll

Filesize
1.4MB

MD5
cb54bc9d236c172f0e473735827f5265

SHA1
094c94b5516e50c39c39b4d8d81775f0ed91d401

SHA256
872c256a6d4bd9d2a9a20b28221dc1c672046eec982be4499d8cb7b7de9b48c3

SHA512
d571f70e3695377ea4662d37de5f8585c23e8bfebdddbd1dbe02a80a0ef75d254e15ab894b0cdf2492227fa64e7049e589a1871208d29cc380c02f86f25648ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Cache\Cache_Data\f_000001

Filesize
55KB

MD5
fdf2600d905a0faa060d691e0212e1a7

SHA1
62550f0993a219e265ff9a0795a4d9f49b28748f

SHA256
52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972

SHA512
7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\Network Persistent State

Filesize
1KB

MD5
e0a6916a9d8530933bb389e791f4762f

SHA1
e50cc0bdf8a12b964341845a0a2636ad7f266c70

SHA256
8f3e48d45f7bedcae0f334957d691363e84169e0ee9b20bb06539416626e11fc

SHA512
b12c8a0b7cc9d0f637d9586411d7f6a4b6abe289963f3a039c335008f848fc05e7e45ec246de8fda12b268626d0291b1a8817f4ba3b7c544346e2431c6c8f7b0

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\Network Persistent State~RFe5a1687.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
cdb3648fc044409149ffe188563d2fad

SHA1
db28bb65b11f28da9323b8127ba53428043ca215

SHA256
204ef75f1681260a2ca28738b26814d19ab37e3f738d62d50e2dc29e0404da80

SHA512
6e76f9ec8c029b2a9a82bbac58fc35a83920ea90d334e50f437fce60a4026a95a677d232b90cca264696176683aedf21acf7ba7d97ae0030d6a9288e55be1ca4

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
b13fee53b985e083df1c943217ef1dd3

SHA1
45144bfde2d87deaf0a54b6c8252a3bb28878649

SHA256
142fcca59be695f65238d5fbea3632b8907059128009d011a320c00202478dba

SHA512
face805b1ce211407d734f6f6f7b150347f99b554109034b3c7d268f72daaa147da2685b8193eb319a92032776e2a56243996da8db2c974f6573af15594e39c9

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
facfb9f2878131bf904277c6b48744a7

SHA1
341633e8856c1d0263962087c9ec37f38ac7a5c0

SHA256
3dc4927376d1093fbdbabecb9dc5ea062477c08f8e467015b2f8336299a2c9d3

SHA512
94b7e48c2c85f0a14fdc03e225cb073b05124944e1d1f37507612a59715dcf817c905f86b83b1bcccd7fc271e53289aec2bf43aab37ee64e40ce0996361f527e

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
0f105411242c898be64d8043244e48c1

SHA1
0281602dd5531fdb24221c5b3fa57a28496c2091

SHA256
5d9a80990ee9d9e1a3904aac6344be65214ea34ed3c08ec76c528782a6ca8c88

SHA512
50914c22ffa191aae9e262d432c24c11ae6e2c489c5d70c2e8d5834ca1022087710fc82d36997c9733eecadceee11ec78820a0fb204946185a62d23e0c4b7ecd

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
4e6a144e721c52516f02d6a9ec66737a

SHA1
e6b386a4ee9d96351ea516d4b8ac98f8f6419aec

SHA256
a442e115830da050a5773eaa21c7d2cf3c7d7c53bdc394d99f70585417fbd88e

SHA512
4fb538d3f995e2173bd84739398c507d59598c63b9052e8a6f0059b40d286fb9629f9d3e5dd0dcc6dcd3ccc0d22fd8ce17d34bad78a285add15ce1dd71987ab9

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
9a37c4d3a4562ace02ec3e7eabed3790

SHA1
20d94256971ca334f72a9f8d074f39a0c4336f9d

SHA256
2feb10a3cebf341991f20bc125e65778ba6665ccc55250b6b7bd5b7e3681946d

SHA512
6fe452d396b244ea51dfade5066346b6ceda83b72148253e8c53f1853d4dd1e6aeac8923845aa7763ac0527c94d47ed7a562ddc9121607a23a93380edf9fb1d9

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
4dfb7034972019df65d9229ac77b519a

SHA1
44cbac83ac0ffe70afab0b26e4f51b8566e29643

SHA256
64dffcc434b64a252efe7ae438871551aecd0a396ab59064967e54cb7a2bc801

SHA512
ddc166cdafb0c2c4bc9e780b53576cef14b72fa285c889416eea5421c7d72369c5cab8a1060e21508af9eac698264f79793f88629960fa04c35897d3cbbbce37

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
535B

MD5
aa0a89b1d20b4891a50e20adbc2f7ab3

SHA1
969ab82d48aaec455547750b92611f1247989dfe

SHA256
4218e17249de2d3279ebe001ef19c880aafff61b24aabe177c335ab49d66aa40

SHA512
8dc985a07e8e3e242ea2b9a4315035120421c1decb30b81cb23cc1414e552bd7bdc1be7f755b0b1b4660720fed9f79390742aab43318d80ee3f03582594c2ad8

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
1KB

MD5
e8f2ee5f614c8136719e069c0aa2f170

SHA1
9bf9c6d3eb9becac6688b3c6b022aca372bc1750

SHA256
1a0357f510b69dde8c9c7425955088767d1db354227f02ed2f67648ffad66cb2

SHA512
723d30d46bce204b5dbdd94557016b8b619cc118a65ef71f485a1b1c169123fa44ee146efbbe35f0e7ac112cd7de9ab3a9b49352475da13f96b73507a9c5b259

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
d03eb47ee2959d90c40222b8467bc54a

SHA1
e74bc576413aa116f03eaa7b6213bceb3b02bdc9

SHA256
52d00e4f431102d9fdc57b39876562bae59269fd24d01af1e3b65bc897f566bb

SHA512
7f58595ab4d7f2c84042c9691c1d5d337bef65ca237f71e3953d92817af806cda2867104486ccffdab7127ee3140deb3a4e06fa4549e8155d8234345f0e11da6

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
535B

MD5
259691c18e6b831aad3302d6405b3f6c

SHA1
fe21f49c6e5b2c77978c78e6b6a9d971037e2163

SHA256
fe50a111d096f1510b8bf9d08455600551784990722c0f38c5ab315f6fac9903

SHA512
01c8d0ab3d3bf31905eed3818467459d440aed8a713f0bec5d5407c5dd8704b6b23c32081a6acbb477a014713a3901387ded574ec81471769f64a228f5772478

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
535B

MD5
507a2423ae72d8effc969a4c64290038

SHA1
d80d7043eae2e8b61358f2291698684470c3a22e

SHA256
f2427d89335d45748e042d44eeebc10f17e94681de6670e30ada21cad223ed95

SHA512
b2e485276a711d3ed8c9d50685f5bcd1784c378959632543a2f2e90596fc02f3370d78fe799184f75d79a4217dbcb6e5f92338cfce96335c2942e2f76cc28aea

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
537B

MD5
d1f89fd51be598a661593cd1147c7310

SHA1
c21a5573e208b3b3ede5f404c65e8a7c338c687c

SHA256
6581f2d0029506c0ed163d798d6541ce66bd8a5f1840f4487edd00883481768a

SHA512
e49628dd7fea4d7956b52aea9ffc660bbfff500fe50c8a9acda309274d6f3f6a22a80dc9b07e700c8473a0a1ecc05eae8ea3528d6582c0b12f5324c0804d3af8

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity

Filesize
535B

MD5
aefed90929cbafed62665382ff2ca967

SHA1
71fb55bcf374e056018ee386616fe968440e8b0e

SHA256
6aed8c4ab48ee46d244415154f0760a422e01a65ac4cc78e8861686bd8dc0f9d

SHA512
dd252cedaa03d8a67414fd5247cd9edff9f750b96f601c2774b96890e21e33b93d660cce20ed962f3508dc3b1a7c920b7f7f50fc57ef7130aab58632a5533389

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Network\TransportSecurity~RFe595fba.TMP

Filesize
370B

MD5
58a6e9f7824ffa7f50cdf57f270f65c5

SHA1
a300f18b008c5de4e272adf65ee82a16dc653547

SHA256
449d43b181e6a2554797bd8449b8cc137b3356c613e7b3b416c228f15e210ff9

SHA512
d6567fb18f159282676c6a2cf3a58aefbd570cf28ea74961c61257950dc4cd17ca326a498bead83f9676bc78a629436922396e9345a130bfa6120e32e4ca5c35

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\59939ae6-748c-4f6f-bb4e-24098063db70\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
197B

MD5
128a4be513e5d800e3136ec1d4b88727

SHA1
46e2cb9b5dd96a7fd09487f9b55b86f0865e8fcf

SHA256
f108924716b0bdb705f436632fe90d231591f7e199d86af96e4f765c21f3d65b

SHA512
d4f4c6b3355e7b70f7ac1dbae05d3d1fde0af4396da4615144204245aa9296db35275d2390c634aa1c03a5ad6319b54250f09abead1dd2ae3d771eadf2f1a5bd

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe5b6e76.TMP

Filesize
131B

MD5
140417be2c39ab0e1a831cd2fee3e1a4

SHA1
5a8c65c28477084e7b9a7937140ab0d309c28e33

SHA256
b304002afd1985e88aea67754f8259a30b0d5430d5b43b4105dadb5b3f4c6487

SHA512
9e36933e3cf1532c9a750ccb64b67c088331796f293a5a7b3e2de587fd8a8394dd1bc988691b81e3a0190d70ed201dee3beb60920a4877bf8dd2c7917f7fe0d0

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\TTStore\localStore.json

Filesize
31KB

MD5
257e6c2246edef9953d3d4b49eabd4ff

SHA1
3d1772af93eb47deb0299d6cd227a1179fc5fd07

SHA256
4c9b3920d81fab7edf3747e4e725902fa031db41025cbefcabb17e4c1ce5bef4

SHA512
2a324a51b9b876a0df540729aa5f905d50c2b18568c5d43921a6f1f7185ff0c5831ca100e616e2f4b244f8960f7dd9b209d3b1b2adf52f5871c736e032c5cf34

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\TTStore\localStore.json

Filesize
82KB

MD5
18f41c15e6fc40bfa14872bee1a2493b

SHA1
720f4124493b00364dd5ad46d2bab3c19ac61b4e

SHA256
7263cf52c2a1d1533484572df40f0b48423b4bef42dcf1258cefed664e8f88b7

SHA512
6a093ea46c4cac39466d154715fbed9ca88008e07d4f532412fd9f6922986b9ff04165625237d8ffa0ec1b084448896b42b22aa2f78ce17217ceaa7b8daed53a

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\TTStore\store.json

Filesize
5KB

MD5
bb05c5da822e69c5ee5651de75de1231

SHA1
e98214dc33c34188fdef003fa2431682da88e1b4

SHA256
267310ea762fb237b1cf075e4bd98fe28f2a6808fbf46cecd2b4793ec5e16c24

SHA512
9510262d99ca0485bdef010633514b364fdcef03aa70f7ec8d1ce9222c57d1cfb083734893cf8d3dc036e226183032346f8d55effcf22e0af32c0cee16063843

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\TTStore\store.json.tmp-25486528839a718a

Filesize
5KB

MD5
905668a600343dc4d7fdeb69ae365823

SHA1
f44563464b51422e49455eed89be58dd1f1db526

SHA256
6f9806f2e140a1c7af628a9f2343c7471b80661e8f50aab2dda25781df8b18d8

SHA512
9219a9336e14c573f97491dcb783862ea5ef56bcd68b0c85eac550182fb44dfde4cc16265c6bee25b9dfa1b4b97da9a9bce10721ba1eae2c76c3548190957a0d

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\d063d993-8a33-49c4-82ee-68fa1d4a7ef5.tmp

Filesize
798B

MD5
db5904a4bfb61f15e8cbbe57760df3ce

SHA1
29cd24c95fbd40b3c25b705d9ef535e2bc8ed950

SHA256
e36174e76ca003a8f651bca584d9c8352f6cb78579e2503311e8af6eeef2b33e

SHA512
e3b664861184ed16207e7602033782d9c5cd9c119ada38dda6a7088bfa02ed9da75a398e8b124ef7fe454bed693a41ba221c3f4526c5f03f4d8d9a3c7db93f6f

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\log_sdk_v2.db

Filesize
11KB

MD5
5f56e1e21b077ae401630ef96f23ece1

SHA1
c97392205791a84adbcefc51f586b9d1f0b4f1e2

SHA256
b87afa4ae5daf346c1f4eb4ae2db163806d5e420fb0cfd576340938131e337e7

SHA512
a51b25b6d09956a2834e882bc06b40047e085200175e18efe1ebf5ea7e921ae922c413916051df714a8bf1a1ba045e2045db50413620a82cd36283eb9e2d6f8e

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\log_sdk_v2.db

Filesize
22KB

MD5
df8ec8dc623f508c4adb33bb1117c8ee

SHA1
1c14f18ff2517b342dea3c2090a16b0be6ebf8d5

SHA256
7568626b180762e6e64d7b2ec2fc433908fc8726112c696d051beab441b9c38d

SHA512
b6bdfe482f3405206baf99526f9d150d4405b7854346ec860fbdb236cab1292359f0cff84009b0e867776c895798de8d9f27e8b23341755cc21d6e4524bdcafd

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\log_sdk_v2.db

Filesize
34KB

MD5
8568bf50f82f6f6e564ee2896df01e37

SHA1
45169f35fbff0867474a913ceb7afadc26b83692

SHA256
bde0547b1c9c783546d693df32123684f1fa6f1160e5dbd29ce81b192321e96d

SHA512
33d7f09a67817af0c9922c538e181de989f34a315709e4bbfbff728cff816b9f4836322d3e4a55a4572621917ef2cba5def72c64f56712d1dbe28b06b139d9bd

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\main.log

Filesize
1KB

MD5
6f629067f8373a91fe7084e1decc0cbd

SHA1
99cb41d5fa839640cacbceb7bd04e85293fe1037

SHA256
e5a3c1ece5441f44038458b3164c9033d2f72bdb91a870e04c0de33d3af95c12

SHA512
addae75a08ec8b8d96ed287dfb8433d569da3d42ce8f599bacf7f61c3e79f64368a173ed81c4e4364296e7b9bef0588a75937787bfcc5669c52e2bd135a3fc80

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\main.log

Filesize
5KB

MD5
fe736883aa129898ffecb59959a11c87

SHA1
09ff7fb2c089f6bb8ad6dd964f071845038f178a

SHA256
2f8ec52362b892d1777d06d65f07635ccbd3ca5ae9f1ad607440b0ed3c34deaa

SHA512
22482ff408bdf647bd436b1aac2904b7eb5fc1aba62a2785f1f38e3d01accbe8cd3229757cca7902d2b3bce27c3985782439edb940f03d84369d3478df9c6c00

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\renderer.log

Filesize
1KB

MD5
1b9fbc064a0343a0b17d442a33481565

SHA1
a4a4636282da1dd0382f7319c40fe63e25c0f451

SHA256
c80d7ae9de1f9040c03b5dd788c3b2f667c9efbbfa174d977b073a2c13aee9c5

SHA512
7b3447a84d66523aeecae74c57ebad4305085ead23ee14df009bab7010bb2d425da9d52c486ba12ba4ca26f532dacd746a2293b3b3724033a358c18ce3bdcced

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\logs\renderer.log

Filesize
4KB

MD5
40e6ea6d0510306803db8cb3b94ecc06

SHA1
623d899cd2a7f04509b5275d5b58184e5aa1e247

SHA256
97c81013a714efae47b42f654a785a7bdb66716731ba009210b9478f9d3a72ea

SHA512
5cdca5fb1792f0eb8fec9db0aaec5981df87129e15c469dceedc45258b9d9cb38cb1744479713b09c55c48098dc00c5fc9a774db974d53bbaceadf1796a04974

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\perf_monitor_cfg.json

Filesize
164B

MD5
220f0f1b3a9726d1235279103767e992

SHA1
5d88f9ba5f13b76051eb03769f8555b7b182086f

SHA256
a484d0e29d6c5c722e3bd01d585fbb035be550d68dd10d61df658a8e351a790c

SHA512
e653b6a7107ba9e3f0e9029db5c09d21ec1506518378a6fbafd11f41b017a76283c8c8680af4195983a0bf77685bc2d46e2fc03b407d078739e08b3515c8b58c

Download Submit
C:\Users\Admin\AppData\Roaming\TikTok LIVE Studio\ttwebview_net_config.config

Filesize
847B

MD5
ef0301ecaa1a987be6a56cbd0eb00e6f

SHA1
403f7132a8040c60803e388dd9250fe97bbc2b33

SHA256
7a2c90b274d60e8cbdb0505363964eef32f2836036f0e7f83deeb97dffbb4fd6

SHA512
10c2e0b24d3420230214463945bb02c616f6c475798a2fac494ca4ca7729ce73c579ad5e451b1d29b1e6c335679956b7d34516b66d2116e1c41f2232c437df51

Download Submit
memory/2780-4654-0x0000029D662C0000-0x0000029D662C1000-memory.dmp

Filesize
4KB

Download
memory/4004-4771-0x00007FF97E380000-0x00007FF97E381000-memory.dmp

Filesize
4KB

Download
memory/4344-4513-0x00007FF97F4F0000-0x00007FF97F4F2000-memory.dmp

Filesize
8KB

Download
memory/4364-6985-0x00007FF97F050000-0x00007FF97F051000-memory.dmp

Filesize
4KB

Download
memory/4364-6984-0x00007FF97D820000-0x00007FF97D821000-memory.dmp

Filesize
4KB

Download
memory/4552-5153-0x00007FF97F4F0000-0x00007FF97F4F2000-memory.dmp

Filesize
8KB

Download
memory/4552-5155-0x00007FF95E780000-0x00007FF95FA19000-memory.dmp

Filesize
18.6MB

Download
memory/5656-6216-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6209-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6210-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6211-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6217-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6221-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6215-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6218-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6219-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download
memory/5656-6220-0x0000013A41530000-0x0000013A41531000-memory.dmp

Filesize
4KB

Download