Malware Analysis Report

2025-06-16 06:56

Sample ID 241104-eyr78atgmr
Target http://tiktok.com
Tags
discovery evasion persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://tiktok.com was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence ransomware trojan

UAC bypass

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Executes dropped EXE

Adds Run key to start application

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Uses Volume Shadow Copy WMI provider

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-04 04:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-04 04:21

Reported

2024-11-04 04:26

Platform

win10ltsc2021-20241023-en

Max time kernel

215s

Max time network

221s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tiktok.com

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A
File created C:\Windows\winnt32.exe C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File opened for modification C:\Windows\winnt32.exe C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751677570739926" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL\[email protected] N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\FakeActivation\[email protected] N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3596 wrote to memory of 4676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 4676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3596 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tiktok.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb7fa1cc40,0x7ffb7fa1cc4c,0x7ffb7fa1cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2000 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3052,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3044,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3300,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5332,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5344 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5208,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4408 /prefetch:8

C:\Users\Admin\Downloads\FakeActivation\[email protected]

"C:\Users\Admin\Downloads\FakeActivation\[email protected]"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5088,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4756,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5340 /prefetch:8

C:\Users\Admin\Downloads\TaskILL\[email protected]

"C:\Users\Admin\Downloads\TaskILL\[email protected]"

C:\Users\Admin\Downloads\TaskILL\[email protected]

"C:\Users\Admin\Downloads\TaskILL\[email protected]"

C:\Users\Admin\Downloads\TaskILL\[email protected]

"C:\Users\Admin\Downloads\TaskILL\[email protected]"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5680,i,3194023870344292830,9445376639779665348,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4620 /prefetch:8

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3a39855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 tiktok.com udp
NL 18.239.18.77:80 tiktok.com tcp
NL 18.239.18.77:80 tiktok.com tcp
NL 18.239.18.77:443 tiktok.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.tiktok.com udp
GB 2.23.210.77:443 www.tiktok.com tcp
GB 2.23.210.77:443 www.tiktok.com tcp
US 8.8.8.8:53 77.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 77.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 sf16-website-login.neutral.ttwstatic.com udp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
GB 2.19.117.150:443 sf16-website-login.neutral.ttwstatic.com tcp
US 8.8.8.8:53 150.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 mon-i18n.tiktokv.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 libraweb.tiktokw.eu udp
US 8.8.8.8:53 mcs-va-useast2a.tiktokv.com udp
GB 2.23.210.88:443 libraweb.tiktokw.eu tcp
GB 95.100.104.34:443 mcs-va-useast2a.tiktokv.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 71.18.4.241:443 mon-i18n.tiktokv.com tcp
GB 95.100.104.34:443 mcs-va-useast2a.tiktokv.com tcp
GB 71.18.4.241:443 mon-i18n.tiktokv.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 216.58.201.123:443 storage.googleapis.com tcp
GB 216.58.201.123:443 storage.googleapis.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 34.104.100.95.in-addr.arpa udp
US 8.8.8.8:53 241.4.18.71.in-addr.arpa udp
US 8.8.8.8:53 123.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 2.23.210.77:443 www.tiktok.com tcp
US 8.8.8.8:53 lf16-tiktok-common.ibytedtos.com udp
GB 2.19.117.144:443 lf16-tiktok-common.ibytedtos.com tcp
GB 2.19.117.144:443 lf16-tiktok-common.ibytedtos.com tcp
GB 2.19.117.144:443 lf16-tiktok-common.ibytedtos.com tcp
US 8.8.8.8:53 144.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 p16-sign-useast2a.tiktokcdn.com udp
GB 2.19.117.169:443 p16-sign-useast2a.tiktokcdn.com tcp
GB 2.19.117.169:443 p16-sign-useast2a.tiktokcdn.com tcp
US 8.8.8.8:53 p16-sign-va.tiktokcdn.com udp
GB 2.19.117.162:443 p16-sign-va.tiktokcdn.com tcp
GB 2.19.117.162:443 p16-sign-va.tiktokcdn.com tcp
US 8.8.8.8:53 sf16-sg.tiktokcdn.com udp
GB 2.19.117.166:443 sf16-sg.tiktokcdn.com tcp
US 8.8.8.8:53 p16-sign-sg.tiktokcdn.com udp
US 8.8.8.8:53 162.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 166.117.19.2.in-addr.arpa udp
GB 2.19.117.150:443 p16-sign-sg.tiktokcdn.com tcp
US 8.8.8.8:53 webcast.tiktok.com udp
GB 2.16.247.135:443 webcast.tiktok.com tcp
GB 95.100.104.34:443 mcs-va-useast2a.tiktokv.com tcp
US 8.8.8.8:53 135.247.16.2.in-addr.arpa udp
US 8.8.8.8:53 starling.tiktokv.eu udp
GB 2.23.210.102:443 starling.tiktokv.eu tcp
US 8.8.8.8:53 mssdk-i18n.tiktok.com udp
GB 95.100.104.8:443 mssdk-i18n.tiktok.com tcp
US 8.8.8.8:53 102.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 mon.tiktokv.com udp
US 74.125.250.129:19302 stun.l.google.com udp
US 74.125.250.129:19302 stun.l.google.com udp
GB 2.19.117.148:443 mon.tiktokv.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 8.104.100.95.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 148.117.19.2.in-addr.arpa udp
GB 2.19.117.148:443 mon.tiktokv.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.108.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

\??\pipe\crashpad_3596_SHCUAXSQJBGBSSFM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

MD5 15fd85b3810e98377549e1afe4fd04e0
SHA1 a7802dca780125e0b24e61ab637a0249124ebdb3
SHA256 c6c3a2904ecaa16360639b944c4def755e2c6351a9393ed0eeb7466bfa381278
SHA512 37636e12ede1343f2fee26944519fddec54224e9f15a4bc897469dce9e64654a1623afe5cfb4e44e87070f723f5d1ac7e85a97e9174fb1b32fe48b80075276b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57da14.TMP

MD5 9993b29a32e12ad9fa8189f25c58b45a
SHA1 034ece2f00d1d931e314bbc581cd1442fb112e9a
SHA256 8dbc9d2964ed5e41126abc4d8414739c16d2798172e43c3f6aa19b182145dd4a
SHA512 4e26824b16a3a4c11bcc5a7155063b95e1a6597e30facb8e7cd5e5cec2dea42f7c9fa282c3412a3e6a8573c75b780a46d1696d081913f64f9d236d57c83c1c48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1f2c036b872e5e89a76c11363ce83a47
SHA1 95df3ed1fbea143a4d56048239c17f17fb9192ad
SHA256 917b2b7bd169d5339731d8ca7d0bf20ad031a3ada3b35520c9fec63f5fa096b6
SHA512 f1ed885fdf2958098f2883739c9336dbbc175b0f5330e3b18cbbf8146b29c4c4a311434370423236c60ed4f140dce4d46f37f79cf4e8fc3cfeb4a3242943e78d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f2b2b23b9b248bdd1d6ad99b9bddbb2
SHA1 559188d8d3f79d2d52236e2dfadfcac485f20c95
SHA256 363587bb48823f83a755f73e9da23015b3ab567ede4ab303970003ad3fc58448
SHA512 cbe0f1114273a619a80c951252a93964e922b431f34ea4554e5bfe4eadb1d43317759714ec2fec0a097c9e4fe272ee1c148bc68cbbc1cfd544b9d861ff10e191

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 e3af0bdd4478b15c7c1f0b931ded1409
SHA1 ebf904514c70de12576fd1e33e6e7a798867cc5b
SHA256 4806fbdf92e5dddd57abfaf248e25fd13e2a239c24a536c4507ed0067ab9b438
SHA512 0ff2c14030f6c01310a7a7598ad4547513eb2c22ab1c6aa6fbd3d76cc8260e693a762a171871af9d4b488722790540dd8044225c54632dbfab67dfca3be9723d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5daeeee9adbfab2d4977bd946985a814
SHA1 24662641b16bcf0a471c9c92b449ed30f14d8c70
SHA256 6b949ad95e41689f805363d9207cddd52b336cf0863503c3e4ee3ffe4495d8b4
SHA512 247d7b868a733ba32a74dcc091a33a47432f93dbd6a6f36a9d5c823bdf3edbb84a3806ac683976a79eb4daad850d459f6577fcd504bd707e5552528e8a91c7b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 fdf2600d905a0faa060d691e0212e1a7
SHA1 62550f0993a219e265ff9a0795a4d9f49b28748f
SHA256 52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972
SHA512 7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 5e53ed25086aaa0d3337101b741466ae
SHA1 08b6244aa107201b2b4e6e76ce4c123dcacda182
SHA256 5ac2037030385ad8cf10e486b44475d778eef2e2a377751fbf3c938fd3991b1c
SHA512 7c90e1b48ee9a1dc112bc1921e2a42f4d329d734be246ed488aaead60ff14e2581580e6629bd2b24c109cb66279190df3ee494eb83d1b96f418886cd72f2747a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 26a1891f272dc17f5ac69a8cfde2991d
SHA1 097239d7cb11b964bd6a745f24e5f82267fcaf0f
SHA256 e4dd3bb15ae6492d5ddff59e08075a6023463b82cfe6c284470fec0d86fe52ae
SHA512 2b78bc3b2e57aeaacdbce5315b117c8900f9cfb99e331704c80f871882b1f0ad88ef7d6808fea6a8e93e1e65a239beaff9c3d61a07191b96bc21c0fac759d783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 cfd886e1ca849a7f8e2600763f236d78
SHA1 c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5
SHA256 c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b
SHA512 254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31aedc00cda96fba56190fdb7a16c883
SHA1 9fd4153c4c780a2abda03a1fc0d0ba921aebc037
SHA256 539520ca1cb5f6068d3fb728e0be7c4a1904421e49e4f546c5fb4438081db431
SHA512 6ca6c68a3aa2760bacee298e43cf021f2394fe41f2a776bc6887ad57f1134d95b1d73673da1ff614667c86366109199be95dbd67764ae8f51780d7a346fc9c48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1aa9b6748fdac01ce7caacf23958fcd7
SHA1 feac159ebb49e443c4d2f40cfbc9a9a7a0216389
SHA256 fcbe47b86a604eeb50f2aa6250d6c86f30a894650e93bf277ce02f24fcd973e8
SHA512 4f12a2b950ea678c7ec330dbbe87d44255b4967b28c8880ae2a2f0cf358113fcc10fa59a8e344fdf002c4fd1e8e12d3940b80606d2e2f5fb4c5ac082159416f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f24e4ada10153138f24fa4aea956d424
SHA1 a6fc38c87add016810ddb387d54b1f9caf3363a5
SHA256 5285f544a92ae9d366702f73004fb58d1bef35b7e7d1b43562e56f195fe3e7bc
SHA512 9bf7a4b9e84364b3758fe2569531f4e69700ffb90a7aad76b12572dc8fa8b835467c1118500779a1486add05edd20d6b5d1940dc5af8608dd2ee33e85583e245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\81122c6e-1583-4c32-943c-f3202fb4fa03\index-dir\the-real-index

MD5 8e0a7b20fad7f9589c0b21b472aefb1a
SHA1 e4b9d7b21a708a35e10c18492866d2fd3be65570
SHA256 85066c382ad0072a27dd0891d1c423b38415e34cb11959ff344bb06768b1785d
SHA512 f461a0c339e7b51d6a8dbe34b693678bc696c785288f86caca8563cd5a789703912b70b35d69777675ef7ae0b65847b6bf26c7000bc8479141914c4c3b9c4720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\81122c6e-1583-4c32-943c-f3202fb4fa03\index-dir\the-real-index~RFe5828c1.TMP

MD5 b4055d30ac7d02a810afb99d0a0cb6d9
SHA1 6722a3b027668662be55850927f95bf3c0a198a3
SHA256 dd0d3b87248f3a2db802aeda74906d47b1634562fe8826bfdb413e06f21c646f
SHA512 66c0bf25ca3c40057e1f38bccfef20baff19492426dcd68a787d04e15781befcd34a1b49020c403cbc55ee24419e51bb83d344e4261c291de0544ff7bd0464d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\d0e00365-b16e-4f62-b65d-4ef72e789769\index-dir\the-real-index

MD5 03ddcd51b996f4e3d98b778be982e534
SHA1 41390c6a73ea93ed0c875b3fd3a59597946b9c6e
SHA256 f8e1c4d7089557b5c238b5d0e5b446b6c40372ab5985f3170aaa4e6f5429eb0b
SHA512 9fc50b828784cf34ceea1b5c18f288a8236f8be23f323b8c48ffe1be457a2e64a98da87812783afa32acb037a13443bec0f45688a112b11496c763a72a6d7b6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\d0e00365-b16e-4f62-b65d-4ef72e789769\index-dir\the-real-index~RFe582d26.TMP

MD5 1dfa174c1c1a4f0faa2756e28de21bcf
SHA1 9f99486414d1cdd47b9eac5ed4491f7ec2df2a12
SHA256 a2862c9547fa9c1f7b1e067805db6b7228bee8761b55ef84fe074ff7ffe4d953
SHA512 ee7f7bff4502edf6752e9fc3c16a454a1551ca1a4896849bc5d1402acc862fb7f5b9bf6f4f81cd256f574bbfa3cb46b4144a983b00df82592c826e256c84356f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

MD5 09f919bfebf5080e8e929b38d25cb5da
SHA1 91a06d89ef8d29c73b3fc5462b48bae90d058a14
SHA256 57402d4b6bbf67fc4645e18afdf2c2c10f3c69c0296813ec33c12487bfa43cc1
SHA512 1645503dd165f8107daec332ad82d3909cd6ec8fee68566cafde4329956595706d11b429932141b1cb1eafe9888edb8cf1ec1834532a96410207aff6cbc942c5

C:\Users\Admin\Downloads\Spark.zip

MD5 860168a14356be3e65650b8a3cf6c3a0
SHA1 ea99e29e119d88caf9d38fb6aac04a97e9c5ac63
SHA256 1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9
SHA512 0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e1712a7c7547590af793c7e74e1bf0d0
SHA1 7fcb7e787ddbb0b92506f95b41ac60ec5618017f
SHA256 d1a63da88a623230cc386cc05337bdfc8f741fa33dc9576b353c49dabe3825d2
SHA512 09414599afad71805db28ab522207dd9c7f1e54553a79c3d2f5b170b4a72cdefdcaf706e9f6a983d2bbbd62e67a33d9b279dab9e9c2e5a166809ead2c30381f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f8bf0693731e293c557d59bc03e5d34
SHA1 6b41801549a954cae054d187e8dcf0c8a677412f
SHA256 088725e3e81cf7f5def0f483f3be4caf9f256cff3fbcda65e687ce3a1f0fa5e1
SHA512 beb630855a38f58139549a58dfc42b171f6fe6bada45d4f75205b5704b3bc9b445ab32892ed7c94ec57db70d5646ffba394a4d6e829a7477c9f828b7514740a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ab20422d5559977f734f407f7b19f93
SHA1 571789973f9ab956879e820ab04b8f3951715294
SHA256 f61628c75487429635dc10cbabd7ffbee1db5e2ae0bf489e2ffd2eb0a1e797cc
SHA512 7c21f4e035a366432b6a8af841b9377d3da12e67cfd71adb15dd698841178331fad9c6a48a4bdba7f46fe1d889583394b522febca1b15508643d04c9d73898eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c689bebe35b4cf50e8742608315dfa87
SHA1 cddda8ab59e71e5dc5e0938e9cd11466664c11da
SHA256 987d59c615c12be9cd99e975eecfa9d293d5119f75b4cc32fb311dc87e79e966
SHA512 8fab6a841566d9af5d5c68e6191f1d4309cb49333246a142eea26195abddb274920ca1a185964a45c32edf82af258475cf0482d40fd3de5e14201314c93e5154

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13a391e1ecdacf871bed5d8ff7132f9d
SHA1 d06fe4c780eb34d4f3f7afb11722221c31acb8c6
SHA256 898d72eae4bacfa55cf031d7b87f79dc538a26ea0c33c41519b07ba439d9f0b8
SHA512 2f826d3ef8ad49b236683cc4e0e345a394b1f6b078a89d696a4e9a2bb84884e67c5177cb454bb155d1ad0a76c12c7b62549670aa392d2b956428c57606b5c328

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b6ad6492d96e29eaf2255a789045fc5
SHA1 efa5a713472ee73a86ac3d613f0469ebebca9794
SHA256 80527febed7836b2b3d0b755ac9237b9623d5daf2317cd3102a009280903926d
SHA512 cc5be3b37ee533bfd91c09e5e4dd9299b5d9ef18a63c9b96cfc1ba62720c05a522abd2950c97f3ffff2f2c6f803e7b545ef69eb2ee8eff4c80eaee9fce291902

C:\Users\Admin\Downloads\FakeActivation.zip

MD5 6db8a7da4e8dc527d445b7a37d02d5d6
SHA1 4fcc7cff8b49a834858d8c6016c3c6f109c9c794
SHA256 7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984
SHA512 b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bd826259b787c3cf2c5a8837459e87b
SHA1 2c871d79401d32b7f01ebba587030c0ff368d488
SHA256 15f1687863a81872ac6c922c96d7e4ec4ced6f079e6d91e8d2057ae2b9ec52ce
SHA512 c9f20f472bae55cec5f4a2da38421387ef8190ee6edf0c676060918e82d9afb55609caac9f6d3872d043d617020e0c09ba38cf4c3aec74602e89658a0e0f4670

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d43caaef0fe8429930213d6247c64d9
SHA1 1055cc010fe10878f735b25a75ea4f1e67c68b32
SHA256 430f1dfcd35fb624ac62ec4745aad4f72fc5278837be164286e6ad250685d5d8
SHA512 3ecad8b7c0d6ed3b778183b56e969e24a1331573768f8184cb41a86ab7228f6d826a78a593d233e173ec1de99f41a011f1eafe3c9c89d849d016f27025640a7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 91fb235486fa9dcf71decd9f06b99ca2
SHA1 2cf5d9bf2ec6802a2e5d7251fe6b2ad63a6452de
SHA256 4c8dfb005cb6114a75f021b9d822f54613d31a54dd529a28d4c0a26d56a8a1a1
SHA512 91d33814794523847aee9336a3e37883cc070ba2b478242170014b1fdecb767ebd53bb99aa7802fb02efc3a9ffc0849d2dd4de522b848b0f09ca857bcea4e004

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c512e357519a51f527f91f192bfa7685
SHA1 aa5dad99cef9db4343747d8513564016c88ad8ca
SHA256 2ae077789dcb21a6324d1bd0be420473377f6a5af599e220b8db08fb322e928e
SHA512 3946aef39577ac1e3db00834c1307efbc5d99dc04083031ea89c35e0fdcdca6ab2b7de196730aff720db4a1e23ce47174daa79374495d297fa902b9f16e7080d

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5 f33a4e991a11baf336a2324f700d874d
SHA1 9da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256 a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512 edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

memory/2400-691-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4000-692-0x000001ED2DFE0000-0x000001ED2E00E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70750681126c1941da498d39ea82c652
SHA1 bfd9c0a89027456ab7d9f2ce68ac37ffeeadd1da
SHA256 4b667831988554052eaa7914565c9e04c3651ca356f25973148a6b80a69de9c7
SHA512 9e6a247f66ef85ac553bbfc209ff3879402358b3838eb1b8150a33ef3c14a390dae949a2ba1e6ba5a17b53da4f56e2791df4e0b4f7057ce3453fdc0ca56174b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4cc9fdc56408390bca04198f9675da0
SHA1 992ee91fa1d37f1b430591263e152c9cf9c33a04
SHA256 b5ce9abb6b03b2cc8494256fa2be3a6abb38320302ecd1b83c2a9bd9d2086f55
SHA512 9bc507f43b9f10d69a1cd1b19c40a84d6ac839aa7a6502921b5e9cb2a04cf9a4fc53199f97448bda936f46c0f4f5e3f671123f1525deb8f66eb9c262f008c341

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 14b374cb2bf683b88a0fef52303e7464
SHA1 2b2d2089a0682a45911fc4e17b7845d271fdbdda
SHA256 4e88a3b083bb21e6050d409d7daf5c701c6d9a8e9d306c8bf21a51daff2dc98c
SHA512 ce649990a9d01992a1ee2a977e7007c753327a8e66aaf4dc431e0d297547ab617f5b86a1ca7070301dd25ddae98732f4d17d52399c247417a7d4aac0a207befb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08328aed1ca8501eab77899feb084389
SHA1 85bc6cb8edfd5adf5d6b5f4405dbbb367f1b0605
SHA256 217720f185a7607d95ac46a1a049baf95764246df29a50982076088fe9f89525
SHA512 171b3698953f6b2cce2ee1046bd49b2be9f743e95a51c7af9bdf5cc0569e82e183b2befad70917a067972d0e2a7e9d78e20fad27a08d276fa9a6e238721426a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d423f36dbe8afd589d06d0a8d944cf6
SHA1 cd12cb1b37f1d6b7511be99e486be048a703331a
SHA256 3256438d8042fe1e195ba688f46ee8231f3f7ec44895fda6ae10f5340def0849
SHA512 022fc65e164dced566a192bc30d62eae9fa624b5d29b43949382e25e58a158b92b0a766928101ed44ea33599f015d81a7e3fee5a3b590aec9580802838e7b16b

memory/5040-753-0x0000000000F60000-0x0000000000F6E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 998be66c1dfd004b0d9ece01ebeb8928
SHA1 97443664b122e3060291b297cc2ab33ba1d384aa
SHA256 1f2d0f4e51cead6f78879e9daa39f6300497be8e1ed6bbbf204017d9e69c72c5
SHA512 324456a7d3500ebb4340e218b609ad19d28164aa16fba9642b899c0e3bc52095efc3e4f4a2157289abef3401e760199204e801eecdb2daa73e5f7a936a0b61d5

C:\Users\Admin\Downloads\NoEscape.zip

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7f4210ed9389e94b5888af05692ab19
SHA1 4b727c46b09849f520faac8e5186464e344eb61a
SHA256 1575bf77f3965f01b7f52d041ddd67ae1355866dd32d5bf11d5b1d1b598d3020
SHA512 139b4e31eadd707a35ebd1f2f183ef4be447b21266094f4236b3667553bb84319a5de9c3f3e8ad84a4ce626df8ddeaabe856b69e56bb4b9ada077e1181301ba8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 509b7b8a65821bebd0cd5658c9669b04
SHA1 91b5eec48d7ee3b8b9e4604651de64f45a62f32e
SHA256 0aded6bf050a4e3eea7e00a9531eaa163f71b27f9a60726dbc2bd4dd4719ac4c
SHA512 0aa5081ab7e36784faeb323bbe580a98e2a241bc825efb2d5577b9ffa1888055ceb5bbac390d41d16e24f963f4f2bd849eef5e7d9ecce98deb9137ff507dd82c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25a760f9b5005bc344dcf6a5f14a67ea
SHA1 ee8bf671df9610eedef295755e17f22e6bca0a47
SHA256 803426c8629da13cb419b882a993d42e4cf08a5fc44895dfb8896e3bf15729fd
SHA512 5cdc3386be6c39383fbda3ff3db3e1d8ee702fa14f32c0e8d38b3d35f7d0796fb6f12c4a7d056fa813d174042e7c1481fdb53c63f25bd10921007b316234f2e2

memory/1740-796-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\Desktop\Free Youtube Downloader.lnk

MD5 679b1b6305b30ab6d72bf4f2640a948d
SHA1 acf29846c66950cbf72e71f9c56154b1437ed7ce
SHA256 38594c5c44d7ac8b020e1112a692d92745ad889954b4f13e66b982d4ed7ee9b8
SHA512 9f6abae9e17e1635abbb787f74c486268b65e245885f029272596e4d9df497a35a1b29fb80c5080aafbe7418bd9a13ebf7528e672579fc6d066cf899b998da8f

C:\Users\Public\Desktop\ᩦ⇖ुⰸᭉᨱᔩⵚञ⼒᨝ュ⛫ଉ₷⣳ୃᢀי࢕ਨ␿ᖶሄᬀ

MD5 e49f0a8effa6380b4518a8064f6d240b
SHA1 ba62ffe370e186b7f980922067ac68613521bd51
SHA256 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512 de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

memory/1740-971-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fa87041841d0cd968238d59eb81bf8f
SHA1 e5d9164c9f80698606b40268e2c28c3d63511272
SHA256 6a8be71cf78d6b0bec35ea781a31f6ae24d75b07502b769a0855905aac669b51
SHA512 8f9ce711aae9c276cb4bb9d73e927b3d379a79b6a6b07d065f8af07e677bcb01fe9f101d3d00ca6e30bc4c0c2ee221889c5f1889cee832831debd654c00072a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c96067a54b495dd706e7f0a104b068d
SHA1 8135e554c53d3f25ef9a8457d2bc2900d082511f
SHA256 7104905caec03d3057510aeb4d2018f6f1d1ce6781013c49db21546de8c0e74a
SHA512 6e9304ff6899c8a1b419d92eca42590db301dafa488350668619e58bfaabac13e5195ead9d6ac12d73f723a84301ad459b9af9a868bc3029462ee010111670a4