Malware Analysis Report

2025-01-02 07:43

Sample ID 240510-g7fxnafg6v
Target Ultimate YT Downloader Cutter.msi
SHA256 bc4d7fbcab5275cd4f3459fab23a8bfff4e6abe9f3b5d407ceb7742049f42fbc
Tags
privateloader redline https://free-yt-downloader.com infostealer loader pyinstaller
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc4d7fbcab5275cd4f3459fab23a8bfff4e6abe9f3b5d407ceb7742049f42fbc

Threat Level: Known bad

The file Ultimate YT Downloader Cutter.msi was found to be: Known bad.

Malicious Activity Summary

privateloader redline https://free-yt-downloader.com infostealer loader pyinstaller

RedLine

PrivateLoader

Downloads MZ/PE file

Blocklisted process makes network request

Enumerates connected drives

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Drops file in Windows directory

Detects Pyinstaller

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 06:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:37

Platform

win10v2004-20240426-fr

Max time kernel

642s

Max time network

649s

Command Line

msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Ultimate YT Downloader Cutter.msi"

Signatures

PrivateLoader

loader privateloader

RedLine

infostealer redline

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\runtimes\win-x86\native\WebView2Loader.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlceer40EN.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\AutoUpdater.NET.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Newtonsoft.Json.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\NLog.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\sqlceme40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\WpfAnimatedGif.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\DMSkin.WPF.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlceca40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlcecompact40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlcese40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\Microsoft.VC90.CRT\msvcr90.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\sqlcese40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlceme40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\Microsoft.VC90.CRT\README_ENU.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Activatar.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\sqlcecompact40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\sqlceqp40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\System.Net.Http.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\UrlBase64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\sqlceer40EN.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Syncfusion.Shared.WPF.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\System.Data.SqlServerCe.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\runtimes\win-arm64\native\WebView2Loader.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\Microsoft.VC90.CRT\README_ENU.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\x86\sqlceca40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Microsoft.Web.WebView2.Wpf.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Syncfusion.SfInput.WPF.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Microsoft.Web.WebView2.WinForms.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\System.Net.Http.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\icon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\runtimes\win-x64\native\WebView2Loader.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\Microsoft.VC90.CRT\msvcr90.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlceqp40.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Microsoft.Web.WebView2.Core.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{626452F4-B8AA-45B8-8EEA-5254120C9460} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI858E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{626452F4-B8AA-45B8-8EEA-5254120C9460}\icon.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8414.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e578359.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI84D2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e578359.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{626452F4-B8AA-45B8-8EEA-5254120C9460}\icon.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57835b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI84B2.tmp C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000019be7eb961b76eb40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000019be7eb90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090019be7eb9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d19be7eb9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000019be7eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4F254626AA8B8B54E8AE254521C04906\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\ProductName = "Ultimate YT Downloader Cutter" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\ProductIcon = "C:\\Windows\\Installer\\{626452F4-B8AA-45B8-8EEA-5254120C9460}\\icon.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\PackageName = "Ultimate YT Downloader Cutter.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4F254626AA8B8B54E8AE254521C04906 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7E05039D0D2AF634A975179193B7FBE4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7E05039D0D2AF634A975179193B7FBE4\4F254626AA8B8B54E8AE254521C04906 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\PackageCode = "D68CC0C487EC9194E984EC1B3D0B989F" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F254626AA8B8B54E8AE254521C04906\Version = "33619968" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Windows\system32\osk.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3392 wrote to memory of 1292 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3392 wrote to memory of 1292 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3392 wrote to memory of 1292 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3392 wrote to memory of 336 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3392 wrote to memory of 336 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3392 wrote to memory of 5000 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3392 wrote to memory of 5000 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3392 wrote to memory of 5000 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1292 wrote to memory of 2556 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe
PID 1292 wrote to memory of 2556 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe
PID 2556 wrote to memory of 2920 N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2556 wrote to memory of 2920 N/A C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 4928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 4928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Ultimate YT Downloader Cutter.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 29CCA8796FC6E379DDD2C9636BD03531 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D05BD1B4150B708C1648D9E190B47BF2

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe

"C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe"

C:\Windows\system32\osk.exe

"C:\Windows\system32\osk.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4a0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://free-yt-downloader.com/pricing

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb03b346f8,0x7ffb03b34708,0x7ffb03b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9265446959450311741,3967353190602073975,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe" -f 22/18/mp4/bestvideo -s -q --no-playlist --skip-download --dump-json --no-call-home https://youtube.com/watch?v=AaOIJ1-3GLE

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe" -f 22/18/mp4/bestvideo -s -q --no-playlist --skip-download --dump-json --no-call-home https://youtube.com/watch?v=AaOIJ1-3GLE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe" -f "bv*[height<=1080]+ba[ext=m4a]/b[height<=1080] / wv*+ba/w" --merge-output-format mp4 --verbose --no-mtime --progress --live-from-start --newline --no-playlist --ppa "ExtractAudio+ffmpeg:-stats" --concurrent-fragments 10 --fixup never --ffmpeg-location "C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffmpeg.exe" -o "C:\Users\Admin\AppData\Local\Temp\fd97a8e0-5a08-46d8-8a78-9bf693312d17.%(ext)s" -v -i "https://youtube.com/watch?v=AaOIJ1-3GLE"

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\youtube-dl.exe" -f "bv*[height<=1080]+ba[ext=m4a]/b[height<=1080] / wv*+ba/w" --merge-output-format mp4 --verbose --no-mtime --progress --live-from-start --newline --no-playlist --ppa "ExtractAudio+ffmpeg:-stats" --concurrent-fragments 10 --fixup never --ffmpeg-location "C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffmpeg.exe" -o "C:\Users\Admin\AppData\Local\Temp\fd97a8e0-5a08-46d8-8a78-9bf693312d17.%(ext)s" -v -i "https://youtube.com/watch?v=AaOIJ1-3GLE"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffmpeg.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffmpeg.exe" -bsfs

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffprobe.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffprobe.exe" -bsfs

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffmpeg.exe

"C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\ffmpeg.exe" -y -loglevel repeat+info -i file:C:\Users\Admin\AppData\Local\Temp\fd97a8e0-5a08-46d8-8a78-9bf693312d17.f248.webm -i file:C:\Users\Admin\AppData\Local\Temp\fd97a8e0-5a08-46d8-8a78-9bf693312d17.f140.m4a -c copy -map 0:v:0 -map 1:a:0 -movflags +faststart file:C:\Users\Admin\AppData\Local\Temp\fd97a8e0-5a08-46d8-8a78-9bf693312d17.temp.mp4

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\Cest le Capitaine Gros Cheh .mp4"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:80 www.microsoft.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
BE 88.221.83.226:443 www.bing.com tcp
US 8.8.8.8:53 226.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.226:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 free-yt-downloader.com udp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 8.8.8.8:53 mirrors.standaloneinstaller.com udp
CA 149.56.22.97:80 mirrors.standaloneinstaller.com tcp
US 8.8.8.8:53 174.112.155.107.in-addr.arpa udp
US 8.8.8.8:53 97.22.56.149.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
CA 149.56.22.97:80 mirrors.standaloneinstaller.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 installwise.com udp
US 52.24.134.58:443 installwise.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.134.24.52.in-addr.arpa udp
US 8.8.8.8:53 free-yt-downloader.com udp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 107.155.112.174:443 free-yt-downloader.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 maps.gstatic.com udp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.200.35:443 maps.gstatic.com tcp
GB 142.250.179.234:443 maps.googleapis.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 142.250.179.234:443 maps.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 manifest.googlevideo.com udp
GB 142.250.180.14:443 manifest.googlevideo.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 142.250.180.14:443 manifest.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 102.183.194.173.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\MSI3DE4.tmp

MD5 ecc2ea125c88d370cfbf7e9b3e8da730
SHA1 5be848f91b706c1c8dc3c0a0a068b8b1373b6769
SHA256 1afddd9333f9d503690449b0bb1079f9e1e6328bba133466a2a91469834ad518
SHA512 9495eaafab088a6c86d8ab6b7999ff1e4a4230b9400509920608284ee5e927e14e1d41ea56e4ae2481d1499254a44ca7236079eb046b5b697c2c1bf1200eff23

C:\Users\Admin\AppData\Local\Temp\MSI3F3F.tmp

MD5 4b173b8e79fb7e9c2982b1ef01aa8e1e
SHA1 91bcc926825f8385d818d5b54065d44335f3ad11
SHA256 47479dea827aad287543ecd996564dccd73eff7b1d9bf8b683357a80696edd0a
SHA512 fb5ad1c117537511fe8d54029515508d8bb4f535c8077a502c914d1d8ee66c143c1f787f3a377f2198d1f2e79bd97a53bcb6c7b3da18504320afabab13e12357

\??\Volume{b97ebe19-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a89adcf2-5b4c-4fcf-bf79-8178cd11dffe}_OnDiskSnapshotProp

MD5 b1c86a9c0204a0b6bf6d4a8600363e8f
SHA1 e67ba67b262c3566eb4a2a26afa382d5eb265107
SHA256 45790cacf2910a7dcb8abf11a676becfd98c0fbc3bde6cc6d421118d2134a1ee
SHA512 eaf8a4640d459fde6491787e379f387413a02763e59850db30b9ca57d3a0c24eeab16ef85ec1c459bf35e1cadcbba25bb1c68cd47d970c4c9bfd02e456421412

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 ae29d0ff24a75b8b64b6525a75d2907a
SHA1 a0e9533c5e17f3c14fbafe754befb33c938917e7
SHA256 8419af3ce3b5259a9ba1096896e58012f7a9db56c9b55577e740f86826b70b9a
SHA512 d8e26045ac039f28ec7ce608b7cd9eb0ca512f90316f8192535a5fc8f63a399ce4a0ea63b6fa65944596abf59168cab43ded9c19e78876175682d077581d901e

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe

MD5 918729104bb4b5ce3fec09b32bb2cdf8
SHA1 b6020ac4267cbe23e434e85df9fb6979bc7f1a7f
SHA256 62797f3751b81349bd4c27c8c19ff1ae3d059ed967a8caf350f9c4ce09118a34
SHA512 3fddf5066049002bec61131290202c789393de6c4d830c868f0951ce2d217a6f2abf1f923f47694e8aa79219d944a30a55c796e3e68bc63c8281876cf93aa67f

C:\Config.Msi\e57835a.rbs

MD5 8405d0f8945375408951e4f7ecd52b47
SHA1 fec1f32a44f06fc5635430c6cf4599adcafc0961
SHA256 5f380c3863c14891097483bb0b5291911200fd30107fba7021692021a605ff5e
SHA512 8cee064b65980a5ebc6a1acca5049f730cf860c7946ad01d11d120aa012c5b6c654798837385ed4accfcc71b3d5ca513dcec9a6b3cd4d571cb9e1ad0ee9fef77

C:\Windows\Installer\e578359.msi

MD5 c258f77dfbbb6580b38fbf744ff238e4
SHA1 33af74b935e5f48af1ffcbd893f2451a9cf1ec5f
SHA256 bc4d7fbcab5275cd4f3459fab23a8bfff4e6abe9f3b5d407ceb7742049f42fbc
SHA512 6c0eac4e36dc12c0266bf40d2ceb10972f9abecf5e80564301facb1a53623a2bd66728dd5aacbf4c87d356e5f2a6af3e9aec3d4c7cc35fa98aec1e7dfd2744c1

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\FYD.exe.config

MD5 bef761d10ce6b0717da0416195ed6c68
SHA1 51c18b6f7a6f701050dbddcc6713a14a66136e2c
SHA256 88a4d86b76638763151e4afda9d32bc3c0af065eb8f005ad825d11a8f6238737
SHA512 1c902addf0aeac5cdfdda7f3fe0a2c0cff8e3a5e00d3189889b60dea9b2fab3487db1771ff229d15a762d77ac1582de6b63dfbcee138b9e279978e3a2740f943

memory/2556-120-0x0000021C32440000-0x0000021C325C8000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\DMSkin.WPF.dll

MD5 53ea91001038cb440ac3bc9952b3497d
SHA1 2ec20d220c160b854ff0fd582002ed5853745dcf
SHA256 56f8fec98e2ac889cbdc57fdd103111f71fdfbdf952b7e449a48f0a4f3f0f572
SHA512 4b4440ae5a0d83ea8f82b4f9bff92babb7d3cea0847492e48465d8c928f6e09f0e3f7263697a4bed1055fa0f1a393cb6406f2b3a6924048c9c7efb24a734247d

memory/2556-122-0x0000021C341A0000-0x0000021C341CA000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\System.Data.SqlServerCe.dll

MD5 de710d68f76e076e161226836792c025
SHA1 e428220184ec752b7e1318481877139c3713e4be
SHA256 7f30232a69c65bb389ded22bdff2d19ecf6624561b9470757acde80b14e2fe4d
SHA512 66c09bfaf55d69195b5807bb148b5b7199926edfe13eb342a0943545c48c529302a7d56328319db4ca49645bebf64707e6a6cabe3aeeae975ba9206063245fac

memory/2556-124-0x0000021C4CEC0000-0x0000021C4CF38000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\AMD64\sqlceme40.dll

MD5 2463b0154dac9ebb5792be48dd9da715
SHA1 111e26d3741d7d6bb7c13186c99e859f65374e86
SHA256 9e4c6c6fc7eee4e1ce25aae114de3434b931202491c50498ab9847e57cc01d80
SHA512 dbe4aafd2bb03986792fb569a8eb5ba2101a9161c20612b455412dfa8d5507d3fdb2b0f5becc4f7874bd4ec8867e5da5ed674f22ec80db66778442a73f0232d7

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\AMD64\Microsoft.VC90.CRT\msvcr90.dll

MD5 e4c2344e31d3c577fb2723c961069858
SHA1 572f0281081bbb7a87e491d32b4a29e2447cd75e
SHA256 4546eb9106e86e471caf0870acdd4d1fe34c2ad293f596fd55b82215b922ae14
SHA512 7f35d0f0bf6dcfb44a1cd7e07f95536010690722fd28d587450f158f87be0913f210b06efceb87d63bdaf4dad4ecc09a4cf7397f64c5284a36579a133cfd5ba1

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\AMD64\sqlceer40en.DLL

MD5 5b95f2033a574e491952daf40f19cdb2
SHA1 b824549e9cd1aaff10cadcc45e7a5ea289c42f8b
SHA256 b55993cd7098a4b107ba75b701dc90596ec2b30c4bee78c6a9bbb48f34ce62ab
SHA512 e68b8f77a3f8c5cb06735543029371d1d4712c2260748c2b219869ba1bad11c3a4538a2b088ce056be621808c499b1023fae05c6add876c0d55d84e7ff7543cd

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Syncfusion.SfInput.Wpf.dll

MD5 37e4673baa12bf32f05cd41f23fc65ab
SHA1 e656b6170eb4e2b4b18390c6cba00407a128460e
SHA256 5fb4854d31b4f7a182732adcdfa5c0e1e7421746af7c1419c221882ad143a77c
SHA512 f164f39d052f915d3e96d2f9f19ca88e178ff42213d07bef71c9b7dfa8561fa31fd0342da56ff9f4b6294dd7c7aaf5cee37f0d353cf7df0ecceca645f8c08c15

memory/2556-132-0x0000021C4D2E0000-0x0000021C4D376000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Syncfusion.Shared.Wpf.dll

MD5 0852032c746f147f3ffa1d2edca71168
SHA1 46727b799c0262741b6e1579d9e6eb591b1f4b3e
SHA256 a13b5dc35ee2aeea8d6cfc55a0f6ad65ca83a21133ccf9b9b3b26cb7bd97e1f9
SHA512 679b28a73ba397d3ead87fe1cbb6b5a17a893446478034db68ec8a2c614df6f222c79ff2f0fc32e9c42299404169d5b7a4bd2a17def990fee7cbc99ab58c02c8

memory/2556-134-0x0000021C4D6F0000-0x0000021C4DA32000-memory.dmp

memory/2556-135-0x0000021C4D1E0000-0x0000021C4D226000-memory.dmp

memory/2556-137-0x0000021C343B0000-0x0000021C343C0000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\WpfAnimatedGif.dll

MD5 47d729b6841f1e0e510bbc7d74454b73
SHA1 bb7a519a2bf2dbfa8aef238241d6dd5c62aeed77
SHA256 b4c69be213ba3dd40e6bc819b7bfc13ab03d06d5f3efa0e4643b1b55e5a529f9
SHA512 f5ecd0cca56306273685c12ccb5af8f540161e2cffe3f639a2fa1f9de29cfebb2f6d8f8ba4ad43e02a721da30dd8e3cc911e46e4237578e026a5ba8c059429af

memory/2556-138-0x0000021C4D550000-0x0000021C4D5F8000-memory.dmp

memory/2556-140-0x0000021C4CC20000-0x0000021C4CC2A000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Activatar.dll

MD5 cc7163d2b152b4fa799186c9f7101a90
SHA1 06fd59c23a06371c4a92e566592c58cec0d7f233
SHA256 0521fd3680925df577a634dd4970e17bc46ef3a37a07172ec09b77b0cc3d4eea
SHA512 28a68e7f68b22541e6327a0b806e6c21e14196a5a883958c04b530e8000d4048e43c1571947b5d765d44e61b67a409a032e5c6309ee6eda1986cd2137f0448cf

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 c30537533e8a2f2f4e188547fe340f3b
SHA1 299fb567b5d66338e2546d6d0ff66e75140fbd74
SHA256 3cd53b10030bc137d27c0a06253bd4918136af6b56331312e85ada8b714f80c5
SHA512 3d1b076f24bff0f348311e41346697f8314c7a8cf2d37b921ec3a29d7d27cc22afa15880afbc9e374c5b1365ac65f4a0e0a8bd2bb0cc71be249f23c4224c8c6f

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 243fdc9cb8dad2d83e80e641f9922493
SHA1 73b124a63d66f243fb865fdf6d2f2f756e706512
SHA256 8dfa912b7741e117998098fe236eea8ad39942cb4be285fb886fcf81be8c8ced
SHA512 0087a3a0d4b87eaeaab101b730218eb05f23b27c89aef1efded5387218591ff0b913ef35868d0704993e5bcb4ad0a970c9ed15d4870ea62a913c9051d14301d2

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\es0yu0la.newcfg

MD5 4ba4555b77c7eb66c018f4aacac9db0c
SHA1 7013feb981debc8068ff3e209a1f10137c7c9cb2
SHA256 43cc1790035d4e9d41daf84d344918bca15af153baf807296daf19a5c9e10c1c
SHA512 ad102c33b8a8a84223bbd6b50a5dde0ab1946c2155d03dadb2a0b8f72bea4ef19a29fc461276ccfcad29ef542a61a5b6ccc38e8c31f1ee8722215c3b1ce7fb65

memory/2556-167-0x0000021C4D4C0000-0x0000021C4D4E0000-memory.dmp

memory/2556-168-0x0000021C4D640000-0x0000021C4D678000-memory.dmp

memory/2556-169-0x0000021C4D540000-0x0000021C4D54E000-memory.dmp

memory/2556-178-0x0000021C50E10000-0x0000021C50F12000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpC9B.tmp

MD5 cd11b52cb5f41654b4665337f58a5731
SHA1 9b112b4d8f335f66f098f4c3488892e3a48b34d5
SHA256 e85a5fd5bc173054b93f84edb3cc01fe3595d9151e0f3088b2851cafc626b9ab
SHA512 205b40554b2b5cdcb2ab360f36d9a28f1adb230ef1dfd3e1fb2e7c1f3e40aedceca4d3d2fc84445952b9012b11a041f068b04a231b6270144d93d3eb1af0223f

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\airyv1ab.newcfg

MD5 173b48096855a9da74e0c2ef66885258
SHA1 b55aa1f9d7858241efc41bdad6fd58fef5c5656f
SHA256 6e31e66cdb7a9fd7558146bf25995733b68c9205ae7238a66d39fd82100d55d9
SHA512 deccecf08fcc0fee294d6cf85a9425b69afa95ee58b87d7fa374a9e36c8f214d709e727d8b8e6ef24c8d050d5b4741a1b5ac9e86912955c463ed07e74e689c1b

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\hdpvte0e.newcfg

MD5 7c1ad268a2c1841581b246d3f84cf84c
SHA1 53c4bf699ef20e6ae88d8fa16cca04ea1fb3df74
SHA256 782acc403b2eef337c703f9a9bd0e134f3a23c4c66e4fd537b6c6e02107ad125
SHA512 26bbb5e693357fbf64533dc5e64887d21ee98d9fa1d9374b5325789612014577b6e48364685a07c624f3c4b429235b8a07895aa42487559659eb46453f3e0e2c

memory/2556-210-0x0000021C4D4E0000-0x0000021C4D4E8000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Microsoft.Web.WebView2.Wpf.dll

MD5 611c83edc9a644a30a09b0dff410908f
SHA1 b6abb1b2bb2bb13d887a7f7ff03f815772f98818
SHA256 f66bba17bae3df35d2330bc3ca252419207dd61f5a4f726151d577adc2ddb8a8
SHA512 fc819fbe97adba5b12cec93aa6e15e1921f7ab36a492d6e4f796e242bbed4dfe30135e8b05e96cb49c29a07644ec8243fc97b0bcc60102d3f7e49866877065f5

memory/2556-225-0x0000021C4D4F0000-0x0000021C4D4FE000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Microsoft.Web.WebView2.Core.dll

MD5 0901d7f2f8b621433f3eaee6a63cb8d1
SHA1 12bf14a2ad26f568f78e4a9304234a6a990757ba
SHA256 c6feb73ec1cb9271f2004d2586fe1833621a0fcd3d04a6fc1dcf08557d634ac0
SHA512 e428770009468c5e48e843031758d2ec2af3ceb3c0614248b17e90105415d7ddbf9783e5cfa77738731cf3aceaca788afa7405944dea0af3247ac5f0a4638b40

memory/2556-227-0x0000021C50D80000-0x0000021C50DF8000-memory.dmp

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 41311dc8cb2b2f400c5c8e18c57f3168
SHA1 5fef5e115f6bbff8ea7f8ff728b7450ee5a67d4f
SHA256 c1c940035297c7a0f270160554ab8dcf29fdafcdf3c5455d8e07af5dd508dcce
SHA512 730dbe6beda3446f459a20c7c9a47bc0832c7314bd8697ae7f555ce2c03458f1eb9b7fbf6ce8bf1eb6e9aae0f9038b1c54df86dcb769fe41f9a7c5b089fd8203

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 0e27c946a8bf4b35a9598c3711e16744
SHA1 c3869a927a699a554d99f05c34af340d11e527b1
SHA256 b73ab911650a5151fdc213021b9e0ebcd2e5c987f8336ea445310eed22f5fabd
SHA512 32373fb296ae745ab96091637313a36f9bc3b19a67586ade557bc5ed18edd4fee65e9df2a4f7e9c1e040a628e01bb5a9933378acd847f7e1499d81653788c112

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\u13ro5hc.newcfg

MD5 7a5b38804dbbc3eb57bfa0535c883dbe
SHA1 609bb7218f0b3db2692b632d7d0d817e9a341c1c
SHA256 fa3b5a15bc9493718ffdedb8287b751405451b3139aa158ecaf3d7f55d9b4658
SHA512 c3942c12bf67f55241e990a21ea92f3a71a404083efedbd46af1e196f4e93823fbf0cc54c5ca195988c2dfcec85d110349de7e43e0faa7960c54920874a2f588

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 cd75b19095c07b5b7f219106a888c5b2
SHA1 809c5aea20135e7230e1453ef5a52fc7de8f841e
SHA256 20ec5038015849de507c4159e67422620efa60059b37b2f9cac3df74b983efbd
SHA512 cc8139f696882725660fc94a9df2ebc13f3a134a86b13a9ae04e94af38213d731209ae4aa47f210a2aca706c48a5b7ab728b40a570c24dcbbef30cd954bf2905

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 f3d2ffedff31c8f6abbab961420c5b71
SHA1 bc1703e53b192fc37590eab7124f627936279748
SHA256 723d2fc5e89cb6b88d263b68caec0fb316b7829fb5973186b6f859ff70b9dff5
SHA512 9df9dec63d8e8732c775e55c37996ccd100b13b77e2b9ebca3360920e1113528979d251e20e7dfd3d665d4bce3ac3aef7e14c7db70080b5a5137bdaf3507b236

memory/2556-285-0x0000021C4D500000-0x0000021C4D508000-memory.dmp

memory/2556-286-0x0000021C4FC10000-0x0000021C4FC32000-memory.dmp

memory/2556-287-0x0000021C4FB70000-0x0000021C4FB78000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\AMD64\sqlcese40.dll

MD5 b9855b76ef9cef229fcd56293e80efa4
SHA1 b605f3351cf7672e060bdf33e3a4519d2cd9c935
SHA256 69902ffb63494cfdea72192073a00755f3afd17be1b5512347a8ca05f16dfdf0
SHA512 4b629173919b3e1e865ff8a8cc9bb57ff746c90be458f5806d8fb55abbaee2fbae9c45463a4a88355f8719c0906b422951533d8f1c67cd3d2bc9370aaf41db2f

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\library.sdf

MD5 02f3994103c4c9e122960854e68ea2ad
SHA1 74f732b436cdcd505881af7697b883ec775eddb1
SHA256 2f650a5951c7e9b41b0e01924823e116ea581fa7a27c2a0ae9a2eb928b485ba9
SHA512 a0e79a389879cded612badfe7a910c39561a39769b3cd5e83f585c52f1f01f8b1ffe963a0e69df151d75f9af690b92390ce806827b318c4b285d0f49db95f1e4

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\amd64\sqlceqp40.dll

MD5 af4e172abb526fa60d76f63bb8c6ed8b
SHA1 18f517803b1aea798813cadac07d2838b6345525
SHA256 7017da640e48baaca2b7fe60081437edbdade883327445633513d4eb6dc0208d
SHA512 ed6e6192dc91fe67a7245273642aede7f1b590271baa5acc7c1333ca1985f910bec31f664d19d02d6f1ee0360ee9f2cdad548bcc27a68fad4fff7e884a62b8c9

memory/2556-293-0x0000021C50D40000-0x0000021C50D7A000-memory.dmp

memory/2556-294-0x0000021C50C70000-0x0000021C50C96000-memory.dmp

memory/2556-295-0x0000021C510D0000-0x0000021C5113A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\library.sdf

MD5 faa0865f5c29045ba6bfc2fcb66431ea
SHA1 6d70ca6ed62d2af1a3c7549d306a5b5370991649
SHA256 800252d866e8a6e1ea4c3bdda7a6a361acfdac7b4ad8e0c88234410443ee223d
SHA512 3d97585d180f5a6fe90b5995d165258b52de6b1a7a7c9c234b761a40a7062955400718605ae6fa8928de020e7792d4c4baa5def94be0539d57079d3b857894c9

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\icon.ico

MD5 46024f1baec5b1177a841a22dfce8c6c
SHA1 2faf68d6cf5324f4505f9582f82873f71344f3fb
SHA256 aa0a0219bda4b37fdb394de6cbbbebac2a7f2c777c2f57458c27777e2fbefbeb
SHA512 90e868973529a3322894cb9d0249b26b6bc0f49d3be3dd91e680091ea711425a12e18f736095280034fbe1cdb14f450f6591e909e2288ed8842b22d480391a71

memory/2556-316-0x0000021C4FBA0000-0x0000021C4FBBA000-memory.dmp

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\AutoUpdater.NET.dll

MD5 146a6629826ffaa5cebf97fe5d797198
SHA1 1f79582cb40b2b7534437b6e0e2415a15c51ca57
SHA256 81dcab16aab930ed0c83a5896cf952e663a3c3d9c3e07b35492917362868c456
SHA512 4fa616104e16207eb9421f7dd11a49009b8d6ccdd0fd45e6b7a4760f4a94beaec0d2d3741d0a47218bf9314a0ede1f14f6c3c101b25bcc608d74328283a867c2

memory/2556-318-0x0000021C539F0000-0x0000021C53A66000-memory.dmp

memory/2556-319-0x0000021C53A70000-0x0000021C53AB2000-memory.dmp

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\dzsz0h1y.newcfg

MD5 d95ad9238174999531fed9e8c8446354
SHA1 f7e75f95a925e7a58a00b0ab145b38f1592a3fb6
SHA256 f3ea498dfec59a53cffc070e78a2276dc4cf7dcec6eb32dbfd5601471a7fc2fa
SHA512 7be4b9b5b64ee283e59c8d314c8a2529b61b7d385c519fe022a4576824bb9f1a913de6d1ca9a4a237ff131245ef6ff50b039fda15069bae2713756bb5400db43

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 822087af142f9af7744f119a27f07da8
SHA1 a594cca7cc2dc51114e5862d633e351d13d34155
SHA256 458145b821b6f02faa86c8e90937c2ccd1c24949db838f84606b2fa401a34a59
SHA512 e7249f301d5115eafd1155b5a446b57f8c49d32f55f8876abd967782cc7029fa8ba59245e096780a498ac4977f6360c655f44eb4a024811c4c14d62f69491951

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\bjbrygng.newcfg

MD5 407e31abaa716d8bdb10de888d5259fb
SHA1 7517d2e25174bb37741ae20e8ca1db0cb83a270b
SHA256 b468a1752161a390b9b082e8117e7b48f15caaf1cbdfe4cb0a7705ed5ac455bd
SHA512 e93b57ce13d42013369fbebbc13e7fa30d0581eb89312c7982704cfcbffa1fb5591d642d57be9efa04c6aae8747285cd61dafdd16b5f02b41e59192f4e2027ce

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 3e734450fc85440917a32fca63a40478
SHA1 f0f410e56c6b71f77d3f1d8fba2e22ea4beb9e38
SHA256 5fcb18c3ec890de092be1b8ad3139a5a8651df4caf8d36e00d2d5f3fef63ee06
SHA512 ef0e6317f9c37a1e4248861d8fbe08cd2958da416630fdfa0062ee1794edc472f62b35b6ed117fabdba67549356bf738404f598039c6007795ad52852d3f64a1

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\v00guc13.newcfg

MD5 ac10472552716fbbc057a3cdb5d88e56
SHA1 a5681c576071459238b06f7ab401218ddf1a1f43
SHA256 5a16ef59f2fc112aec2d067d2c361d259d745e810518770ca67092ad25b9e4f6
SHA512 46dd34dc469e73551ce6da61d62010a6a2ce2d278926cb98992bb2235959644e7f9041b8b7d76bb507e04b545a852589d28ae9896de607bc59f0eb53dd995921

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\n50vimhd.newcfg

MD5 90749a9477675b2f5917408cce860e3d
SHA1 00252a935cba3e083a8eb19625ad3614b28ec8bf
SHA256 04ea0c1ad4646633a565dd053cf34e2570170fc9c10057d640af74853d22b372
SHA512 266a6d4c8c45fc13da63361b74f8f81f98f486843c45a06434a76d4bacf54a960161cc73b44c67ec565b077840cf5328a9719e6c55c379a0728dc5f7aa2cc687

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 c68d31d2e83e2359b6d4ae82beb79274
SHA1 a969d0c3cf2f2da9c52fe0183f9bf3bf0b9e9d2f
SHA256 be4d47e3c356f9eacace77c20f416052712420fb7b4fec7b5887065bbe4303c1
SHA512 6fe251cc195d604f8b13b2dc3dfac3ee5d7d436396f5f90417638faf1e5b901a95786fff2888e34275f9261ecb6aabb62e7f4306f835069abf7f5790b10db622

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\user.config

MD5 e8db397178b1731af34e92ede91628f3
SHA1 2b3e3b731fcde9c7f767b4ca4410791af8cce2ce
SHA256 ee7d4ea2790f0d6a5d056cea04064a4803842c9f32122be3a6c0ae98f981551d
SHA512 f833d3d6c7b92454fecf51117410fdd5ca54f27f74825eaa1ba3f471ee27054dc71dc4ad63c74bc37be092530fde626f23a236d49b55ae0694091a8722c4e0e2

memory/2556-553-0x0000021C51D90000-0x0000021C51D98000-memory.dmp

memory/2556-554-0x0000021C51E20000-0x0000021C51E46000-memory.dmp

memory/2556-655-0x0000021C51E50000-0x0000021C51E62000-memory.dmp

memory/2556-656-0x0000021C53D10000-0x0000021C53D4C000-memory.dmp

memory/2556-657-0x0000021C53C30000-0x0000021C53C58000-memory.dmp

memory/2556-658-0x0000021C54160000-0x0000021C541B0000-memory.dmp

memory/2556-659-0x0000021C542C0000-0x0000021C543CA000-memory.dmp

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\5h2ps0m1.newcfg

MD5 6e033d58da6581dc35be88ff3179ebbf
SHA1 c4be39144ad4290dcb47db7db6aeb3266a11b25d
SHA256 3a4181ba81f911e288acf40f93c2d72711f2b1a96023ab410c8cfe911752defd
SHA512 d89065e48cce7616853f86545e03dd7043584cf6ec62f32afbf091ff0e87d08bc045a9914d9aa17abb831ec792ff9a81129de4b9902bb69025d49e639f69ebe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_2920_HSTGQYSIOTPZDMTV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4acd942-6ec6-4e8a-8eda-05f4e928a396.tmp

MD5 f0b8e497dee5df57375bd9539dcac2fd
SHA1 a636950606b177bfccbf109a509cdc5bc8e630c3
SHA256 26601d17de06da01d91294ab52366cc1ec0df591983d18c6c9f187149a9497b0
SHA512 5fd9f98d86894ffeb96341ed05949c93052126b80e5fe8b2c71691e34965dea096f8ec51e93c70373fe3ce81753bebd5927a517f0af3e66518cabe489851c32e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa2c63372379d515db542b6ef50b9b5d
SHA1 1a9f42827ce044dcecedde22a07ad9ccecb5fe17
SHA256 844ba521b18c0bd05a91f158bb49626c2b739a4fd86730cd36933f1baaf73649
SHA512 5eed9431809aea316da5b303a97059a60a09aae3047c153dd39fc18953200e6e68416c8b018ac1aa958bc493b518b385805d6eaaea3fde458b1c1dd5ac4e3d63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f745a6f63ab576ec92ab0a890dbf3fcb
SHA1 c392981b72b20b4df0e2421824eb678ead2e30aa
SHA256 3a9fe75a8668337ee8f7f6af042cc28a2aa525d4ecbbd85338346952c7f32205
SHA512 2d9b30230a05e0dd6cfae3e706c5b0b84cc42dae42bd3a7d14118a34a7aa1175cf122ab83b2f0ffe0a7c6cf07d4f1f4ea554e2c2a348e318ab1f0dd5bfd469a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89e6369e47054bb1452a596ffe30ad7d
SHA1 e4cce3e5ce4b4b04cdc1f0c7b201aaa2c0115d31
SHA256 75cd8f5f18453223210dfffc8ef78cbb4cbcdaa20358ed108ac2e929cf0db76d
SHA512 65550ddc10702646e29988c128c989e67aab1d4225b77fd4707e75d11c0ea0c976369f6888fcb09da6a4c78b1d0a2bf0f7ffa3f871e275b3a1b45b4473a74323

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9b6b9c1efd9e8917f74f972d4451117f
SHA1 4f65f727002ab37489e6d200c5970e70f6b8e2d5
SHA256 910c05a6c5f564b635ed7a95b73b9116b72ed8b0e831c71e481b2e0d0fbc5e63
SHA512 71bb5241fb5912c13ca24c58c707f5842dad8785a6749bab0ca8ac9149bab40c30e5c65ab97c34ddd895660af30b5f231bb80222c4ce631fe0ac90c2556d6f4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f062a85fabe0ef9a42a1112fe0963137
SHA1 1476d4501293229c756918127373f6d06210379c
SHA256 2a6e5bf3547ef0d6ccf14e66e47a3779202e07c658ac5512d9582c1b16c72fab
SHA512 792106a05525543ba866ed98f6e0fbf204009b0088a909b1ba0e8bf9ea290ae9539e9f071d0ace56cfb4300cd40be68f8ff60ba691f95a7b7516d685da86d302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eeffe30930fe31dcf90d49863e79040b
SHA1 4657b1988953a9f6de2f1872ed22e52c468dc0fd
SHA256 515b36bc98d7837f730c1c2ae418436ee0ffbbf79ad551ac5d9086ba099f3cf4
SHA512 2b47ab2ef7df46cf12bd0f2d7414b6f90172b9ebcbd9e16305e48cd2f018802ce5880a6481dc7f07ee631b0776840448c39b785106bdeec4e7de84231381bca5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b7855591b495759c677ded3b47b8952
SHA1 65d21e503ca6807019cb984d2aad088672088ced
SHA256 74acfd0931e043ab3e3adefc39889190dff837e545dd22c39a8730718c78c64b
SHA512 10d878b08195ebc5156010f4dafa01e274c8df4defe67c29e05c22f4162dfbad8cffc0fcf2b2fdc75cfb18dc93db98c95ba44357eeff1652dea26a0265fc0f40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ae365e1f5588a0a151b5be690c2e3ed1
SHA1 6f1d2f59acc044fcf208fa1fb063c5e6ab4255ea
SHA256 13c14abdd55e32891c531e3b4de272647808e47b63a9d8bf6dfd4b830357bbd9
SHA512 039e34ce9cf69e3d1fa9466196b042893c9436ad966e56e619bdf99d2001516e865a8b35ed5113121ae080a0a3d638a3b96579b007d0460a68d439f8ffb55800

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\xgannsun.newcfg

MD5 b8560d6a9dad50d95c5c706a917a74af
SHA1 175e35acdfe98c427b5344e6c54905ed82263f02
SHA256 810dd6ca6012a310afffa5086e267ea0254d4c7336455438b9db5150d0041dee
SHA512 cf6d104d329f478183b1c70441656bd092cfbe409b61017ac298094177f4628b8a68232b9c7f050be4a231bd4aeac1e591bc13ed1697c15ed97eede589844891

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\kvrllupq.newcfg

MD5 e3a21bb3d8ed59199498fec6a7da99ab
SHA1 942e857e1d0bec8ff4fbd54540dfdd828fdac649
SHA256 ee1c398a9c8b548cda7d10c2742616c751e1e3faa52f47ac10b1c51f3d4eb9c3
SHA512 5234df44aa7fb89b8795582d99b803534f18c371196a9e5aef75663bd3b095bb593a13bc5c1792d6c67e5e8d3afb08a6b0f6758e0546ddf6ede811d9dbb1ca38

C:\Program Files (x86)\Abro\Ultimate YT Downloader Cutter\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/2556-962-0x0000021C543D0000-0x0000021C54482000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44882\python38.dll

MD5 9f8e0de6e7d4b165b4a49600daacc3b1
SHA1 8cf37d69fdaf65c49f7f5e048c0085b207f7287b
SHA256 a9675a91d767095c9d4a2ae1df6e17bdb59102dbd2b4504c3493b0bcbed5ef55
SHA512 3201b7adf94d3f4510e0b39b4766d1314da66662819fd6de5f5f71956750bb4fdf4228b6e1ad9d4d3bc1fdeb99b7414ed2eff0374aaa3216b67eeedfb8673b48

C:\Users\Admin\AppData\Local\Temp\_MEI44882\VCRUNTIME140.dll

MD5 5f9d90d666620944943b0d6d1cca1945
SHA1 08ead2b72a4701349430d18d4a06d9343f777fa6
SHA256 9ec4afad505e0a3dad760fa5b59c66606ae54dd043c16914cf56d7006e46d375
SHA512 be7a2c9dae85e425a280af552dbd7efd84373f780fa8472bab9a5ff29376c3a82d9dfa1fef32c6cf7f45ba6e389de90e090cb579eebff12dcfe12e6f3e7764d1

C:\Users\Admin\AppData\Local\Temp\_MEI44882\base_library.zip

MD5 bad19691accf6461b703dd17243979fe
SHA1 6e33291313d4f197925df52cad3d9c4351d43661
SHA256 863686897fd26931e5d8ba5c9ec8149f1675340e324e4c9060522ae937705783
SHA512 1bd0f2884e57cbd17fbec401d7848f0335743682e541e257232c56c054c122ba8001d1e35a319d71fa77dec992042b12f131f71933d312f12485f2d7d0c40f47

C:\Users\Admin\AppData\Local\Temp\_MEI44882\_ctypes.pyd

MD5 76816a27c925f301f9776ffd76e6f6d4
SHA1 f9d3992c2ec5998436c24b8ef1dbd50072b7b89d
SHA256 3a94a3525b0531524aabc7f8fc9f1253894cd612a9823d9cdd5070ab81b9d329
SHA512 f79fb8513a786c59f1b6dabbe9cfddb930b7def19316451cf75efa5aa5fe0d46f6ee04870c7dcc2d64818c34f7abe5662a8ad8c3ee4490b02c7182051deed3c8

C:\Users\Admin\AppData\Local\FYD\FYD.exe_Url_5t0xub23sazmmuxc5dxxumghbmmlc2yy\2.1.0.0\xsqyknn1.newcfg

MD5 2b20b3f97fa66ac75c4bd593f6113c80
SHA1 fab2c3e64308fe567c1ba61a85942def337b51e5
SHA256 832d0f961c745cd23be780a76a1fb27d0712f8e9f77ea1221205c3d0e58defaa
SHA512 5d7e4d7e84a5510dd25f36c2ec76785e85d439ea2666e2f550a6721281625a186dfffa2c3a7aae65bdecbf969437aded3df4d4b4f29228e93b8282256545a884

memory/3400-1068-0x00000000006F0000-0x0000000000730000-memory.dmp

memory/4488-1097-0x00000000006F0000-0x0000000000730000-memory.dmp

memory/1624-1175-0x00007FF6B2A60000-0x00007FF6B8D70000-memory.dmp

memory/4500-1176-0x00007FF67FCE0000-0x00007FF685FD6000-memory.dmp

memory/2968-1190-0x00000000006F0000-0x0000000000730000-memory.dmp

memory/4416-1219-0x00000000006F0000-0x0000000000730000-memory.dmp

memory/2800-1189-0x00007FF6B2A60000-0x00007FF6B8D70000-memory.dmp

C:\Users\Admin\AppData\Roaming\Ultimate YT Downloader Cutter\core\library.sdf

MD5 8091661ab1d9fb997d704146abf6bfcf
SHA1 080c5306a35fe350ef0c356df358c6ac4493418d
SHA256 72bf7c656bdb3684af72fc485322b36615f758a1e371e6542d1cd6fd136a4573
SHA512 259a514238cdcb304bb87213f973b6dc016266c43f50695abd6611e937e78ba5c23a678b1b23ff36027d9f24d99189115b66a84198e416b5122c71ab28e37257

memory/4360-1248-0x00007FF752790000-0x00007FF752888000-memory.dmp

memory/4360-1249-0x00007FFB136E0000-0x00007FFB13714000-memory.dmp

memory/4360-1257-0x00007FFB12290000-0x00007FFB122A1000-memory.dmp

memory/4360-1258-0x00007FFAFB070000-0x00007FFAFB27B000-memory.dmp

memory/4360-1256-0x00007FFB13380000-0x00007FFB1339D000-memory.dmp

memory/4360-1255-0x00007FFB13550000-0x00007FFB13561000-memory.dmp

memory/4360-1250-0x00007FFB02F30000-0x00007FFB031E6000-memory.dmp

memory/4360-1254-0x00007FFB13570000-0x00007FFB13587000-memory.dmp

memory/4360-1253-0x00007FFB13E20000-0x00007FFB13E31000-memory.dmp

memory/4360-1252-0x00007FFB15120000-0x00007FFB15137000-memory.dmp

memory/4360-1251-0x00007FFB18AF0000-0x00007FFB18B08000-memory.dmp

memory/4360-1264-0x00007FFB0BDE0000-0x00007FFB0BDF1000-memory.dmp

memory/4360-1263-0x00007FFB0F420000-0x00007FFB0F431000-memory.dmp

memory/4360-1262-0x00007FFB109D0000-0x00007FFB109E8000-memory.dmp

memory/4360-1261-0x00007FFB11840000-0x00007FFB11861000-memory.dmp

memory/4360-1260-0x00007FFB03920000-0x00007FFB03961000-memory.dmp

memory/4360-1259-0x00007FFAF1390000-0x00007FFAF2440000-memory.dmp

memory/4360-1276-0x00007FF752790000-0x00007FF752888000-memory.dmp

memory/4360-1278-0x00007FFB02F30000-0x00007FFB031E6000-memory.dmp

memory/4360-1277-0x00007FFB136E0000-0x00007FFB13714000-memory.dmp

memory/4360-1279-0x00007FFAF1390000-0x00007FFAF2440000-memory.dmp