Analysis Overview
Threat Level: Known bad
The file http://tiktok.com was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Disables RegEdit via registry modification
Executes dropped EXE
Adds Run key to start application
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Uses Volume Shadow Copy WMI provider
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 04:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 04:21
Reported
2024-11-04 04:26
Platform
win10ltsc2021-20241023-en
Max time kernel
215s
Max time network
221s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751677570739926" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tiktok.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb7fa1cc40,0x7ffb7fa1cc4c,0x7ffb7fa1cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2000 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2124 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3052,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3044,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3300,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5332,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5344 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5208,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4408 /prefetch:8
C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5088,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4752 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4756,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5340 /prefetch:8
C:\Users\Admin\Downloads\TaskILL\[email protected]
"C:\Users\Admin\Downloads\TaskILL\[email protected]"
C:\Users\Admin\Downloads\TaskILL\[email protected]
"C:\Users\Admin\Downloads\TaskILL\[email protected]"
C:\Users\Admin\Downloads\TaskILL\[email protected]
"C:\Users\Admin\Downloads\TaskILL\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5680,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4620 /prefetch:8
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a39855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tiktok.com | udp |
| NL | 18.239.18.77:80 | tiktok.com | tcp |
| NL | 18.239.18.77:80 | tiktok.com | tcp |
| NL | 18.239.18.77:443 | tiktok.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.tiktok.com | udp |
| GB | 2.23.210.77:443 | www.tiktok.com | tcp |
| GB | 2.23.210.77:443 | www.tiktok.com | tcp |
| US | 8.8.8.8:53 | 77.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sf16-website-login.neutral.ttwstatic.com | udp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.19.117.150:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| US | 8.8.8.8:53 | 150.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | mon-i18n.tiktokv.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | libraweb.tiktokw.eu | udp |
| US | 8.8.8.8:53 | mcs-va-useast2a.tiktokv.com | udp |
| GB | 2.23.210.88:443 | libraweb.tiktokw.eu | tcp |
| GB | 95.100.104.34:443 | mcs-va-useast2a.tiktokv.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 71.18.4.241:443 | mon-i18n.tiktokv.com | tcp |
| GB | 95.100.104.34:443 | mcs-va-useast2a.tiktokv.com | tcp |
| GB | 71.18.4.241:443 | mon-i18n.tiktokv.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 216.58.201.123:443 | storage.googleapis.com | tcp |
| GB | 216.58.201.123:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.104.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.4.18.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.23.210.77:443 | www.tiktok.com | tcp |
| US | 8.8.8.8:53 | lf16-tiktok-common.ibytedtos.com | udp |
| GB | 2.19.117.144:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 2.19.117.144:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 2.19.117.144:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| US | 8.8.8.8:53 | 144.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p16-sign-useast2a.tiktokcdn.com | udp |
| GB | 2.19.117.169:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.19.117.169:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| US | 8.8.8.8:53 | p16-sign-va.tiktokcdn.com | udp |
| GB | 2.19.117.162:443 | p16-sign-va.tiktokcdn.com | tcp |
| GB | 2.19.117.162:443 | p16-sign-va.tiktokcdn.com | tcp |
| US | 8.8.8.8:53 | sf16-sg.tiktokcdn.com | udp |
| GB | 2.19.117.166:443 | sf16-sg.tiktokcdn.com | tcp |
| US | 8.8.8.8:53 | p16-sign-sg.tiktokcdn.com | udp |
| US | 8.8.8.8:53 | 162.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.150:443 | p16-sign-sg.tiktokcdn.com | tcp |
| US | 8.8.8.8:53 | webcast.tiktok.com | udp |
| GB | 2.16.247.135:443 | webcast.tiktok.com | tcp |
| GB | 95.100.104.34:443 | mcs-va-useast2a.tiktokv.com | tcp |
| US | 8.8.8.8:53 | 135.247.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | starling.tiktokv.eu | udp |
| GB | 2.23.210.102:443 | starling.tiktokv.eu | tcp |
| US | 8.8.8.8:53 | mssdk-i18n.tiktok.com | udp |
| GB | 95.100.104.8:443 | mssdk-i18n.tiktok.com | tcp |
| US | 8.8.8.8:53 | 102.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | mon.tiktokv.com | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| GB | 2.19.117.148:443 | mon.tiktokv.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 8.104.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.148:443 | mon.tiktokv.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3596_SHCUAXSQJBGBSSFM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt
| MD5 | 15fd85b3810e98377549e1afe4fd04e0 |
| SHA1 | a7802dca780125e0b24e61ab637a0249124ebdb3 |
| SHA256 | c6c3a2904ecaa16360639b944c4def755e2c6351a9393ed0eeb7466bfa381278 |
| SHA512 | 37636e12ede1343f2fee26944519fddec54224e9f15a4bc897469dce9e64654a1623afe5cfb4e44e87070f723f5d1ac7e85a97e9174fb1b32fe48b80075276b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57da14.TMP
| MD5 | 9993b29a32e12ad9fa8189f25c58b45a |
| SHA1 | 034ece2f00d1d931e314bbc581cd1442fb112e9a |
| SHA256 | 8dbc9d2964ed5e41126abc4d8414739c16d2798172e43c3f6aa19b182145dd4a |
| SHA512 | 4e26824b16a3a4c11bcc5a7155063b95e1a6597e30facb8e7cd5e5cec2dea42f7c9fa282c3412a3e6a8573c75b780a46d1696d081913f64f9d236d57c83c1c48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1f2c036b872e5e89a76c11363ce83a47 |
| SHA1 | 95df3ed1fbea143a4d56048239c17f17fb9192ad |
| SHA256 | 917b2b7bd169d5339731d8ca7d0bf20ad031a3ada3b35520c9fec63f5fa096b6 |
| SHA512 | f1ed885fdf2958098f2883739c9336dbbc175b0f5330e3b18cbbf8146b29c4c4a311434370423236c60ed4f140dce4d46f37f79cf4e8fc3cfeb4a3242943e78d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f2b2b23b9b248bdd1d6ad99b9bddbb2 |
| SHA1 | 559188d8d3f79d2d52236e2dfadfcac485f20c95 |
| SHA256 | 363587bb48823f83a755f73e9da23015b3ab567ede4ab303970003ad3fc58448 |
| SHA512 | cbe0f1114273a619a80c951252a93964e922b431f34ea4554e5bfe4eadb1d43317759714ec2fec0a097c9e4fe272ee1c148bc68cbbc1cfd544b9d861ff10e191 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | e3af0bdd4478b15c7c1f0b931ded1409 |
| SHA1 | ebf904514c70de12576fd1e33e6e7a798867cc5b |
| SHA256 | 4806fbdf92e5dddd57abfaf248e25fd13e2a239c24a536c4507ed0067ab9b438 |
| SHA512 | 0ff2c14030f6c01310a7a7598ad4547513eb2c22ab1c6aa6fbd3d76cc8260e693a762a171871af9d4b488722790540dd8044225c54632dbfab67dfca3be9723d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5daeeee9adbfab2d4977bd946985a814 |
| SHA1 | 24662641b16bcf0a471c9c92b449ed30f14d8c70 |
| SHA256 | 6b949ad95e41689f805363d9207cddd52b336cf0863503c3e4ee3ffe4495d8b4 |
| SHA512 | 247d7b868a733ba32a74dcc091a33a47432f93dbd6a6f36a9d5c823bdf3edbb84a3806ac683976a79eb4daad850d459f6577fcd504bd707e5552528e8a91c7b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | fdf2600d905a0faa060d691e0212e1a7 |
| SHA1 | 62550f0993a219e265ff9a0795a4d9f49b28748f |
| SHA256 | 52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972 |
| SHA512 | 7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 5e53ed25086aaa0d3337101b741466ae |
| SHA1 | 08b6244aa107201b2b4e6e76ce4c123dcacda182 |
| SHA256 | 5ac2037030385ad8cf10e486b44475d778eef2e2a377751fbf3c938fd3991b1c |
| SHA512 | 7c90e1b48ee9a1dc112bc1921e2a42f4d329d734be246ed488aaead60ff14e2581580e6629bd2b24c109cb66279190df3ee494eb83d1b96f418886cd72f2747a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 26a1891f272dc17f5ac69a8cfde2991d |
| SHA1 | 097239d7cb11b964bd6a745f24e5f82267fcaf0f |
| SHA256 | e4dd3bb15ae6492d5ddff59e08075a6023463b82cfe6c284470fec0d86fe52ae |
| SHA512 | 2b78bc3b2e57aeaacdbce5315b117c8900f9cfb99e331704c80f871882b1f0ad88ef7d6808fea6a8e93e1e65a239beaff9c3d61a07191b96bc21c0fac759d783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | cfd886e1ca849a7f8e2600763f236d78 |
| SHA1 | c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5 |
| SHA256 | c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b |
| SHA512 | 254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 31aedc00cda96fba56190fdb7a16c883 |
| SHA1 | 9fd4153c4c780a2abda03a1fc0d0ba921aebc037 |
| SHA256 | 539520ca1cb5f6068d3fb728e0be7c4a1904421e49e4f546c5fb4438081db431 |
| SHA512 | 6ca6c68a3aa2760bacee298e43cf021f2394fe41f2a776bc6887ad57f1134d95b1d73673da1ff614667c86366109199be95dbd67764ae8f51780d7a346fc9c48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1aa9b6748fdac01ce7caacf23958fcd7 |
| SHA1 | feac159ebb49e443c4d2f40cfbc9a9a7a0216389 |
| SHA256 | fcbe47b86a604eeb50f2aa6250d6c86f30a894650e93bf277ce02f24fcd973e8 |
| SHA512 | 4f12a2b950ea678c7ec330dbbe87d44255b4967b28c8880ae2a2f0cf358113fcc10fa59a8e344fdf002c4fd1e8e12d3940b80606d2e2f5fb4c5ac082159416f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f24e4ada10153138f24fa4aea956d424 |
| SHA1 | a6fc38c87add016810ddb387d54b1f9caf3363a5 |
| SHA256 | 5285f544a92ae9d366702f73004fb58d1bef35b7e7d1b43562e56f195fe3e7bc |
| SHA512 | 9bf7a4b9e84364b3758fe2569531f4e69700ffb90a7aad76b12572dc8fa8b835467c1118500779a1486add05edd20d6b5d1940dc5af8608dd2ee33e85583e245 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\81122c6e-1583-4c32-943c-f3202fb4fa03\index-dir\the-real-index
| MD5 | 8e0a7b20fad7f9589c0b21b472aefb1a |
| SHA1 | e4b9d7b21a708a35e10c18492866d2fd3be65570 |
| SHA256 | 85066c382ad0072a27dd0891d1c423b38415e34cb11959ff344bb06768b1785d |
| SHA512 | f461a0c339e7b51d6a8dbe34b693678bc696c785288f86caca8563cd5a789703912b70b35d69777675ef7ae0b65847b6bf26c7000bc8479141914c4c3b9c4720 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\81122c6e-1583-4c32-943c-f3202fb4fa03\index-dir\the-real-index~RFe5828c1.TMP
| MD5 | b4055d30ac7d02a810afb99d0a0cb6d9 |
| SHA1 | 6722a3b027668662be55850927f95bf3c0a198a3 |
| SHA256 | dd0d3b87248f3a2db802aeda74906d47b1634562fe8826bfdb413e06f21c646f |
| SHA512 | 66c0bf25ca3c40057e1f38bccfef20baff19492426dcd68a787d04e15781befcd34a1b49020c403cbc55ee24419e51bb83d344e4261c291de0544ff7bd0464d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\d0e00365-b16e-4f62-b65d-4ef72e789769\index-dir\the-real-index
| MD5 | 03ddcd51b996f4e3d98b778be982e534 |
| SHA1 | 41390c6a73ea93ed0c875b3fd3a59597946b9c6e |
| SHA256 | f8e1c4d7089557b5c238b5d0e5b446b6c40372ab5985f3170aaa4e6f5429eb0b |
| SHA512 | 9fc50b828784cf34ceea1b5c18f288a8236f8be23f323b8c48ffe1be457a2e64a98da87812783afa32acb037a13443bec0f45688a112b11496c763a72a6d7b6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\d0e00365-b16e-4f62-b65d-4ef72e789769\index-dir\the-real-index~RFe582d26.TMP
| MD5 | 1dfa174c1c1a4f0faa2756e28de21bcf |
| SHA1 | 9f99486414d1cdd47b9eac5ed4491f7ec2df2a12 |
| SHA256 | a2862c9547fa9c1f7b1e067805db6b7228bee8761b55ef84fe074ff7ffe4d953 |
| SHA512 | ee7f7bff4502edf6752e9fc3c16a454a1551ca1a4896849bc5d1402acc862fb7f5b9bf6f4f81cd256f574bbfa3cb46b4144a983b00df82592c826e256c84356f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt
| MD5 | 09f919bfebf5080e8e929b38d25cb5da |
| SHA1 | 91a06d89ef8d29c73b3fc5462b48bae90d058a14 |
| SHA256 | 57402d4b6bbf67fc4645e18afdf2c2c10f3c69c0296813ec33c12487bfa43cc1 |
| SHA512 | 1645503dd165f8107daec332ad82d3909cd6ec8fee68566cafde4329956595706d11b429932141b1cb1eafe9888edb8cf1ec1834532a96410207aff6cbc942c5 |
C:\Users\Admin\Downloads\Spark.zip
| MD5 | 860168a14356be3e65650b8a3cf6c3a0 |
| SHA1 | ea99e29e119d88caf9d38fb6aac04a97e9c5ac63 |
| SHA256 | 1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9 |
| SHA512 | 0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e1712a7c7547590af793c7e74e1bf0d0 |
| SHA1 | 7fcb7e787ddbb0b92506f95b41ac60ec5618017f |
| SHA256 | d1a63da88a623230cc386cc05337bdfc8f741fa33dc9576b353c49dabe3825d2 |
| SHA512 | 09414599afad71805db28ab522207dd9c7f1e54553a79c3d2f5b170b4a72cdefdcaf706e9f6a983d2bbbd62e67a33d9b279dab9e9c2e5a166809ead2c30381f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f8bf0693731e293c557d59bc03e5d34 |
| SHA1 | 6b41801549a954cae054d187e8dcf0c8a677412f |
| SHA256 | 088725e3e81cf7f5def0f483f3be4caf9f256cff3fbcda65e687ce3a1f0fa5e1 |
| SHA512 | beb630855a38f58139549a58dfc42b171f6fe6bada45d4f75205b5704b3bc9b445ab32892ed7c94ec57db70d5646ffba394a4d6e829a7477c9f828b7514740a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2ab20422d5559977f734f407f7b19f93 |
| SHA1 | 571789973f9ab956879e820ab04b8f3951715294 |
| SHA256 | f61628c75487429635dc10cbabd7ffbee1db5e2ae0bf489e2ffd2eb0a1e797cc |
| SHA512 | 7c21f4e035a366432b6a8af841b9377d3da12e67cfd71adb15dd698841178331fad9c6a48a4bdba7f46fe1d889583394b522febca1b15508643d04c9d73898eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c689bebe35b4cf50e8742608315dfa87 |
| SHA1 | cddda8ab59e71e5dc5e0938e9cd11466664c11da |
| SHA256 | 987d59c615c12be9cd99e975eecfa9d293d5119f75b4cc32fb311dc87e79e966 |
| SHA512 | 8fab6a841566d9af5d5c68e6191f1d4309cb49333246a142eea26195abddb274920ca1a185964a45c32edf82af258475cf0482d40fd3de5e14201314c93e5154 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13a391e1ecdacf871bed5d8ff7132f9d |
| SHA1 | d06fe4c780eb34d4f3f7afb11722221c31acb8c6 |
| SHA256 | 898d72eae4bacfa55cf031d7b87f79dc538a26ea0c33c41519b07ba439d9f0b8 |
| SHA512 | 2f826d3ef8ad49b236683cc4e0e345a394b1f6b078a89d696a4e9a2bb84884e67c5177cb454bb155d1ad0a76c12c7b62549670aa392d2b956428c57606b5c328 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b6ad6492d96e29eaf2255a789045fc5 |
| SHA1 | efa5a713472ee73a86ac3d613f0469ebebca9794 |
| SHA256 | 80527febed7836b2b3d0b755ac9237b9623d5daf2317cd3102a009280903926d |
| SHA512 | cc5be3b37ee533bfd91c09e5e4dd9299b5d9ef18a63c9b96cfc1ba62720c05a522abd2950c97f3ffff2f2c6f803e7b545ef69eb2ee8eff4c80eaee9fce291902 |
C:\Users\Admin\Downloads\FakeActivation.zip
| MD5 | 6db8a7da4e8dc527d445b7a37d02d5d6 |
| SHA1 | 4fcc7cff8b49a834858d8c6016c3c6f109c9c794 |
| SHA256 | 7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984 |
| SHA512 | b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6bd826259b787c3cf2c5a8837459e87b |
| SHA1 | 2c871d79401d32b7f01ebba587030c0ff368d488 |
| SHA256 | 15f1687863a81872ac6c922c96d7e4ec4ced6f079e6d91e8d2057ae2b9ec52ce |
| SHA512 | c9f20f472bae55cec5f4a2da38421387ef8190ee6edf0c676060918e82d9afb55609caac9f6d3872d043d617020e0c09ba38cf4c3aec74602e89658a0e0f4670 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d43caaef0fe8429930213d6247c64d9 |
| SHA1 | 1055cc010fe10878f735b25a75ea4f1e67c68b32 |
| SHA256 | 430f1dfcd35fb624ac62ec4745aad4f72fc5278837be164286e6ad250685d5d8 |
| SHA512 | 3ecad8b7c0d6ed3b778183b56e969e24a1331573768f8184cb41a86ab7228f6d826a78a593d233e173ec1de99f41a011f1eafe3c9c89d849d016f27025640a7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 91fb235486fa9dcf71decd9f06b99ca2 |
| SHA1 | 2cf5d9bf2ec6802a2e5d7251fe6b2ad63a6452de |
| SHA256 | 4c8dfb005cb6114a75f021b9d822f54613d31a54dd529a28d4c0a26d56a8a1a1 |
| SHA512 | 91d33814794523847aee9336a3e37883cc070ba2b478242170014b1fdecb767ebd53bb99aa7802fb02efc3a9ffc0849d2dd4de522b848b0f09ca857bcea4e004 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c512e357519a51f527f91f192bfa7685 |
| SHA1 | aa5dad99cef9db4343747d8513564016c88ad8ca |
| SHA256 | 2ae077789dcb21a6324d1bd0be420473377f6a5af599e220b8db08fb322e928e |
| SHA512 | 3946aef39577ac1e3db00834c1307efbc5d99dc04083031ea89c35e0fdcdca6ab2b7de196730aff720db4a1e23ce47174daa79374495d297fa902b9f16e7080d |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/2400-691-0x0000000000400000-0x000000000043C000-memory.dmp
memory/4000-692-0x000001ED2DFE0000-0x000001ED2E00E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70750681126c1941da498d39ea82c652 |
| SHA1 | bfd9c0a89027456ab7d9f2ce68ac37ffeeadd1da |
| SHA256 | 4b667831988554052eaa7914565c9e04c3651ca356f25973148a6b80a69de9c7 |
| SHA512 | 9e6a247f66ef85ac553bbfc209ff3879402358b3838eb1b8150a33ef3c14a390dae949a2ba1e6ba5a17b53da4f56e2791df4e0b4f7057ce3453fdc0ca56174b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f4cc9fdc56408390bca04198f9675da0 |
| SHA1 | 992ee91fa1d37f1b430591263e152c9cf9c33a04 |
| SHA256 | b5ce9abb6b03b2cc8494256fa2be3a6abb38320302ecd1b83c2a9bd9d2086f55 |
| SHA512 | 9bc507f43b9f10d69a1cd1b19c40a84d6ac839aa7a6502921b5e9cb2a04cf9a4fc53199f97448bda936f46c0f4f5e3f671123f1525deb8f66eb9c262f008c341 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 14b374cb2bf683b88a0fef52303e7464 |
| SHA1 | 2b2d2089a0682a45911fc4e17b7845d271fdbdda |
| SHA256 | 4e88a3b083bb21e6050d409d7daf5c701c6d9a8e9d306c8bf21a51daff2dc98c |
| SHA512 | ce649990a9d01992a1ee2a977e7007c753327a8e66aaf4dc431e0d297547ab617f5b86a1ca7070301dd25ddae98732f4d17d52399c247417a7d4aac0a207befb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08328aed1ca8501eab77899feb084389 |
| SHA1 | 85bc6cb8edfd5adf5d6b5f4405dbbb367f1b0605 |
| SHA256 | 217720f185a7607d95ac46a1a049baf95764246df29a50982076088fe9f89525 |
| SHA512 | 171b3698953f6b2cce2ee1046bd49b2be9f743e95a51c7af9bdf5cc0569e82e183b2befad70917a067972d0e2a7e9d78e20fad27a08d276fa9a6e238721426a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d423f36dbe8afd589d06d0a8d944cf6 |
| SHA1 | cd12cb1b37f1d6b7511be99e486be048a703331a |
| SHA256 | 3256438d8042fe1e195ba688f46ee8231f3f7ec44895fda6ae10f5340def0849 |
| SHA512 | 022fc65e164dced566a192bc30d62eae9fa624b5d29b43949382e25e58a158b92b0a766928101ed44ea33599f015d81a7e3fee5a3b590aec9580802838e7b16b |
memory/5040-753-0x0000000000F60000-0x0000000000F6E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 998be66c1dfd004b0d9ece01ebeb8928 |
| SHA1 | 97443664b122e3060291b297cc2ab33ba1d384aa |
| SHA256 | 1f2d0f4e51cead6f78879e9daa39f6300497be8e1ed6bbbf204017d9e69c72c5 |
| SHA512 | 324456a7d3500ebb4340e218b609ad19d28164aa16fba9642b899c0e3bc52095efc3e4f4a2157289abef3401e760199204e801eecdb2daa73e5f7a936a0b61d5 |
C:\Users\Admin\Downloads\NoEscape.zip
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7f4210ed9389e94b5888af05692ab19 |
| SHA1 | 4b727c46b09849f520faac8e5186464e344eb61a |
| SHA256 | 1575bf77f3965f01b7f52d041ddd67ae1355866dd32d5bf11d5b1d1b598d3020 |
| SHA512 | 139b4e31eadd707a35ebd1f2f183ef4be447b21266094f4236b3667553bb84319a5de9c3f3e8ad84a4ce626df8ddeaabe856b69e56bb4b9ada077e1181301ba8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 509b7b8a65821bebd0cd5658c9669b04 |
| SHA1 | 91b5eec48d7ee3b8b9e4604651de64f45a62f32e |
| SHA256 | 0aded6bf050a4e3eea7e00a9531eaa163f71b27f9a60726dbc2bd4dd4719ac4c |
| SHA512 | 0aa5081ab7e36784faeb323bbe580a98e2a241bc825efb2d5577b9ffa1888055ceb5bbac390d41d16e24f963f4f2bd849eef5e7d9ecce98deb9137ff507dd82c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 25a760f9b5005bc344dcf6a5f14a67ea |
| SHA1 | ee8bf671df9610eedef295755e17f22e6bca0a47 |
| SHA256 | 803426c8629da13cb419b882a993d42e4cf08a5fc44895dfb8896e3bf15729fd |
| SHA512 | 5cdc3386be6c39383fbda3ff3db3e1d8ee702fa14f32c0e8d38b3d35f7d0796fb6f12c4a7d056fa813d174042e7c1481fdb53c63f25bd10921007b316234f2e2 |
memory/1740-796-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\Desktop\Free Youtube Downloader.lnk
| MD5 | 679b1b6305b30ab6d72bf4f2640a948d |
| SHA1 | acf29846c66950cbf72e71f9c56154b1437ed7ce |
| SHA256 | 38594c5c44d7ac8b020e1112a692d92745ad889954b4f13e66b982d4ed7ee9b8 |
| SHA512 | 9f6abae9e17e1635abbb787f74c486268b65e245885f029272596e4d9df497a35a1b29fb80c5080aafbe7418bd9a13ebf7528e672579fc6d066cf899b998da8f |
C:\Users\Public\Desktop\ᩦ⇖ुⰸᭉᨱᔩⵚञ⼒ュ⛫ଉ₷⣳ୃᢀיਨᖶሄᬀ
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
memory/1740-971-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0fa87041841d0cd968238d59eb81bf8f |
| SHA1 | e5d9164c9f80698606b40268e2c28c3d63511272 |
| SHA256 | 6a8be71cf78d6b0bec35ea781a31f6ae24d75b07502b769a0855905aac669b51 |
| SHA512 | 8f9ce711aae9c276cb4bb9d73e927b3d379a79b6a6b07d065f8af07e677bcb01fe9f101d3d00ca6e30bc4c0c2ee221889c5f1889cee832831debd654c00072a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7c96067a54b495dd706e7f0a104b068d |
| SHA1 | 8135e554c53d3f25ef9a8457d2bc2900d082511f |
| SHA256 | 7104905caec03d3057510aeb4d2018f6f1d1ce6781013c49db21546de8c0e74a |
| SHA512 | 6e9304ff6899c8a1b419d92eca42590db301dafa488350668619e58bfaabac13e5195ead9d6ac12d73f723a84301ad459b9af9a868bc3029462ee010111670a4 |