Malware Analysis Report

2024-08-06 16:14

Sample ID 240701-ryzcrawhrb
Target sample
SHA256 23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a
Tags
discovery persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a

Threat Level: Likely malicious

The file sample was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence upx

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in Windows directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies registry class

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-01 14:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 14:36

Reported

2024-07-01 14:39

Platform

win11-20240611-en

Max time kernel

179s

Max time network

180s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\HMBlocker.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\Downloads\\HMBlocker.exe\"" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\2503326475 = "C:\\Users\\Admin\\2503326475\\2503326475.exe" C:\Windows\SysWOW64\reg.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "35" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2198854727-3842442895-2838824242-1000\{78BF27AC-833D-4DA7-A2CF-EB01AB23ACE0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 185874.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\HMBlocker.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 115719.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\shutdown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
N/A N/A C:\Windows\System32\PickerHost.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3704 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3704 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb61623cb8,0x7ffb61623cc8,0x7ffb61623cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6496 /prefetch:2

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe

"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,16254091193691627969,6875035057567737783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8

C:\Users\Admin\Downloads\HMBlocker.exe

"C:\Users\Admin\Downloads\HMBlocker.exe"

C:\Windows\SysWOW64\shutdown.exe

"C:\Windows\System32\shutdown.exe" /r /t 6 /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Downloads\HMBlocker.exe\"" /f

C:\Windows\SysWOW64\reg.exe

REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f

C:\Windows\System32\PickerHost.exe

C:\Windows\System32\PickerHost.exe -Embedding

C:\Windows\SysWOW64\reg.exe

REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Downloads\HMBlocker.exe\"" /f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3a27855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
BE 66.102.1.95:445 fonts.googleapis.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
GB 216.58.204.74:139 fonts.googleapis.com tcp
N/A 224.0.0.251:5353 udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 173.194.191.200:443 rr3---sn-q4flrnez.googlevideo.com tcp
US 173.194.191.200:443 rr3---sn-q4flrnez.googlevideo.com tcp
US 173.194.191.200:443 rr3---sn-q4flrnez.googlevideo.com tcp
US 173.194.191.200:443 rr3---sn-q4flrnez.googlevideo.com tcp
US 173.194.191.200:443 rr3---sn-q4flrnez.googlevideo.com tcp
US 173.194.191.200:443 rr3---sn-q4flrnez.googlevideo.com tcp
GB 216.58.212.195:445 www.gstatic.com tcp
GB 142.250.200.46:443 youtube.com tcp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.113:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.113:443 th.bing.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
SE 23.201.43.66:443 aefd.nelreports.net tcp
SE 23.201.43.66:443 aefd.nelreports.net udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
NL 23.62.61.113:443 th.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
SE 23.201.43.66:443 aefd.nelreports.net udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
N/A 20.189.173.25:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c4605aed5013f25a162a5054965829c
SHA1 4cec67cbc5ec1139df172dbc7a51fe38943360cf
SHA256 5c16c584cda1f348a7030e9cab6e9db9e8e47a283dd19879f8bb6d75e170827f
SHA512 bf2a5602fde0de143f9df334249fef2e36af7abeda389376a20d7613e9ccad59f2ca0447576ac1ed60ecf6ab1526c37e68c4614d79ae15c53e1774d325b4036f

\??\pipe\LOCAL\crashpad_3704_MQIUMRTYQEMPWKAK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3066a8b5ee69aa68f709bdfbb468b242
SHA1 a591d71a96bf512bd2cfe17233f368e48790a401
SHA256 76f6f3fcef4b1d989542e7c742ff73810c24158ac4e086cbd54f13b430cc4434
SHA512 ad4d30c7be9466a797943230cb9f2ca98f76bf0f907728a0fa5526de1ed23cd5cf81b130ee402f7b3bb5de1e303b049d2867d98cf2039b5d8cb177d7a410b257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7a0acb0dbca85bd18d89d95771c4a80
SHA1 595d8e9e5d4f45fb38875e8f4282e59a1cd8c9e3
SHA256 d8e460749f8df174c013ecf18c9a2fa48513dbf30c1d5a234c3c9baad3dc9065
SHA512 c6f86bf6907488301729abb102f8cde48c3f56f46372e6bf200cec364dda38d687c51801f2be4885ffbcf95c7bc44aace551c1a090cf66df751e9c53219f21de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb979e4f0a3e13eb9aca6f131b74f54b
SHA1 ec375613f0e74fd3e53e3827f3538667db7eadc3
SHA256 ed7489f6077c05b1612b73b92c188677b1d3343f0e9bf1995eae3164fc525948
SHA512 a9af8a7b4bd28b7c348641e318e64852462c5e92d6379eaff36710cccbdb0d986dd872c8f9f10098a74e0e47f16d3af5d9c14c6837c704cc005e60e5269407ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9c27caab48c9ffda4f3cebdcbeea5b3
SHA1 62d52056886e4ece41597394dd4c0f316b67c9c6
SHA256 08b71a1e82a1f1931a2a50a07b042f70233cd5e61fb731830b086528aa169ae4
SHA512 53a6b41d856d9b5afd30800826de797717a59e87ec498bce98b2f0e43317aa15a8934ff1bc85596512b6d4f59f212546c9b372001ee658dcb7163ea36691857e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 3cb342c710a54adf869f4371168f1a6d
SHA1 363dde1036d0b93eae70e2ff2dcf3965ffdb0720
SHA256 b8a3cf8caaec88c3b3c6f220f4a6dd22a62a4188776ed9e42a4ef9e1906b9307
SHA512 525040bb7f20367a3d573d49c310504b09a56ae03957ce9f02f15047057c28af926799fec842bdf5386bda2e956c0774716136d0abf8f23dfc2212ee12ac03ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 6685c6962d4bc37eae8560718a5dcf45
SHA1 450561ae2775abf82f958d22b4c6473ec16fd769
SHA256 828fa2c333555aecfd1ec809e620b2d139df78d2e301cea5e188a297d9c0cd53
SHA512 cdaa91afd852f123cb73f57b1b32f8261d8d197654ebf702705258467b8cfe2ae0ef922adf66c70ad78b86c2e1dbc3a4fc65bcbaea1e6bd23d078b77c9c5690e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 c9ff197cfbc510baeedaee23e3323db9
SHA1 04b1f891f12b3f7f57cac5ac0e9cf93d74c8450f
SHA256 34dcb17d762a023a12c9bd3bbba987d857bdb6a33986ba92dd0d3c31a5e853ac
SHA512 07854cb97309bd3acdfe232ab27417549b322cf9aff137873d9efb7296e2cf3e417c8a883f8cf9ad36082293ae26f856d7e2740c3ce82c97aa8506993e1c4681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\382aeebf-59b6-49a8-bbce-49d175acb23a\index-dir\the-real-index

MD5 b15175e305c9de97f481fcda12af132c
SHA1 664b40efdd0fa91996ec76ce60587cc6fd563016
SHA256 190bb685e38142a5738ba8846b214104ba7cdf0e9406a2e5b3cdfafacd78195b
SHA512 9c45ecb86e5be85b832dd9a321591f50bd8d9dd37c5c37463abf93325bb8729c83cfe5c46b9b2021facc540d74fef0644131ceef0b24bbd34d52bd6894b2eced

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\382aeebf-59b6-49a8-bbce-49d175acb23a\index-dir\the-real-index~RFe57dd7f.TMP

MD5 f6e241b165e82a945d65eea807fcdc06
SHA1 264c408b09b9a2aaa135da306d7835b8bd20ceda
SHA256 48b16cc7ea0671de67354b98e37b65636ad10586d40f1cd6f3653eb23ea172c2
SHA512 6734d5df61a6f61a191545148bffb58a0adad1819ce0da2ba2b20794614b3f6c6f3a998c4f1e7a479d08cd660becdb44190a6878e1176a2e178562b42057142a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94ccb812384a003d3460c684333dc424
SHA1 76f87809758936490802a916816da13ec5ff7ef6
SHA256 62870d21eb73ee829d68ea47936ea38a57c91bcb0ef504166688b939a7fb6314
SHA512 379d0bf2e4968f12952853a07e5603bcf61d1c31372d754411fe26ee402bd71a020364130cd3f8f75dab062865f9f6fd94439f7966d276674715b6ed6225c766

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34fd3ebf10892ef819a4443e90660b30
SHA1 1d98bc41f351f09d1c0314d6f873198d481512e3
SHA256 8467585f702b5ed43a2ce36b6e2a305e89ab52c87bd06121a0cc2b602d821afe
SHA512 333b2065d595d3ca14223aa9d6b6e3107cca75904014b459f78f60f26a0f2fc76e92f79cb3f711b2676254af0e8152aa4d6c4f496331d0b87823a0fb51e1d5b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1040f30e2e0f3e6de38b12cead9a3aed
SHA1 5aa48ff89116ae54bd257096b81d7c3482544eec
SHA256 30fed7716d9594860af1bbb74e8fc80260876dd6707d176ae05b96c8f2ed1435
SHA512 681e1a716ced1479260fd9a8aa25827425e08f51202a93ad8c538de3580e4bafaff672e324b76c26330a7d02a4fd516cf2482175c6c4b9903ea6b7f8f8c31516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b75.TMP

MD5 72e0157e8ba1a836ec4050ac9b525761
SHA1 e6b415ffd63c00836d3baa7d740955377e3918e3
SHA256 8f92909d000e524e54c333ec8c93ec70bdb94e2a9f412d9ccca71f98feb216c8
SHA512 fc91c17726dea9ba7de01a325dc86d85a0bad82b52c989537aff3a949b493eecfc5ff6f5fa4a6f097df87db795911036e042caa809928a095d62331d67983815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 8be3679a5ab16fd86ef57412d8212d69
SHA1 41b902e164debabbeb96455fe74dda5f2e981899
SHA256 9f8f7bda1fec03121c21552221776d38014ebb1be4fc18b51540de4e73b356a8
SHA512 f22b93e14d783538a7e3f63dd664387c4f55e30c96d31416eaeb24ed9d66a4b5cdc3979f6ade1c571a88de0863ffe6465d8cf75903960f691de927b4a2210993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 db017f895f6edccb6b4fb37f7b41c9ff
SHA1 813fc0a101ac1444be29925b12886e5cba24f91a
SHA256 502ff981c025b86b293c4db5e45876f6fe0d7f0cba454888894b362ea2a7e726
SHA512 2bbff3f7a1847123953d0b285297c6814a17442d25d75fc88f2a8e0aff5827b591df89e656264c3c5c12862a086fb2a549e1df2155f4ea3ba82319df69b713c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 78b1d38aad5a157dfd74f08bc9f688bf
SHA1 fbad3aaa32cda30af0ccf7b1731807db6d9764cb
SHA256 2a9b01d0ba84faa4d4b0140820e9c8c1c54a9522223b78551c21925cf6776276
SHA512 e5514bde40c36618744ce1d4a236118ff551133109cbec3997b39524f63f3a67fb615522a9ec200671043b0984eea662ab45e2a44c4b8832b6371a5b855907b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e460f769fb020de5e50deef417c06251
SHA1 64594de25cde79e14a18e1e780807f1cdbfd21fc
SHA256 3616d60ee6ab0e2b07332d0028ac48c6a4ebca99e39efb1436c52091d7734cd7
SHA512 68fcc5dedd9440550b0d3731c91aceead2aff04d0217df0f7af0c511986cad0fa0c649be775e9d2a9c525e375e88c1fd79a4207236398144eab263e29c5a2161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c56e7af-4082-4e92-b6b8-17ed4d2dea1c.tmp

MD5 11187223b3f258cc1be9c3d4c2e705f1
SHA1 18acfbfbad8c0a5a49c87b5d3a3b7a341daf6aae
SHA256 e2738050eaf20db8a657e45889e6aff35e9af5c49af2b283dda682d9a3f66e9c
SHA512 a9215113461f26764383e3500a848252e1c2abbc139c5a298cd52ee34db8d46b4dea910c4376db56d22cb72a837a6ef194a9bc41ba28c9853469337d184653a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c993a9078ed8f2ef9974716968bf4c79
SHA1 a9b602547b43c004e76d6ac07fb8222d16df7146
SHA256 0e62e9e764cdef2ee16583476d3bfe2a523551d5c7d5876a569ed95c8862eca2
SHA512 b2c542a759bdd7536e922b0a5b842b78811cfb38be81d4177fedf62dfc112f2049fa0bb2be1262aef418b996a3a107538227e2a06120bf23d5f9822bb20cd7fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7624fe677d6e79b14c3e39ed01a69622
SHA1 33cd3f10de65174ba15f63177d92829e23359874
SHA256 2b6179a6e04fd83b9b69628d2ab55f6cd61c602199b758df8222ce580dec198d
SHA512 9ba48c5192826866726c3abcad4c1d1eabdea54f422920a6459ed52154d264ceaf8c3b528eb51044cea671d1e3c8e42ace970e6c9cec6cda0280f797ea1a66ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a584b25e55a9ca547e4917458796f5c
SHA1 5a11686fad8777d1a31fc0456f9e50f0b3609ed4
SHA256 2c2aa107be3a40cc9c33a494f5a906ca4c605b39bf7fec0c650b22510c966ca1
SHA512 9ef9657eaf25fb1646dbe93a10eaa8a1e45cf8608d997d9016d0bef3023aca3c65d28e7c19d975d640603d7d33c869d3d0563b59c1fa036f51ab908b1bdc317f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8f3f51305587d119f28e66b9f6c8cf5
SHA1 d6c836cfd2c97f0333479bef9fae2da2f81d06fe
SHA256 2b2cad6fda90f3aec98c1bf0f34d7df1ba45ddcde373ac8cf1bb85c06beeae45
SHA512 28e4a5137200033c51c47613a8ec622fb883daaa58cc6fb1323da873ebf75eb07717cd63e7d06dfe569cad7ab3ab879189acaa8f3c1d0ff2270df23accf52506

C:\Users\Admin\Downloads\Unconfirmed 115719.crdownload

MD5 13f4b868603cf0dd6c32702d1bd858c9
SHA1 a595ab75e134f5616679be5f11deefdfaae1de15
SHA256 cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
SHA512 e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c49833d0377e360e3aff79c0a2462ac3
SHA1 a410dc2960360b61ece200eeac7b6f9b9f183e2f
SHA256 d6343f46451a21f483e67692c309a951e93e5b04269d84e2c5c2f7a6f6f309b6
SHA512 12777dc8b02da90e0eee977494ea4ad507ce95f6402b534f8873ab025e97126b89e25a1c3ed954e29b49f2968669dfa878a7002f0d97d863e3268df466ca7c68

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5 f33a4e991a11baf336a2324f700d874d
SHA1 9da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256 a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512 edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

memory/2104-882-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2716-883-0x000002BDE53F0000-0x000002BDE541E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\89661e6c-d8fa-4ab3-ba3e-3fc5437c798d.tmp

MD5 d30e359d046d06b2c5f6444975b7dc5c
SHA1 280ae1f881b003f9dfc5552eb805a2cf993a835d
SHA256 53c27807438cca508eba9d2b7164492c34a1a8d6fec94d0b54f889999a08d61f
SHA512 a639c4191f21b3ac86835d9d2b2047a5356ad8643110e2e16caffc9a58e242050e2f5a9be0bc09e57bd6fcf8de75389ea134b1125047b6893f5dc54672a5b493

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f5569f522a24a9bf6e7a3326d0825808
SHA1 43f6efb146d397a21ab28629a1a516d207480bff
SHA256 2a4938ccea99d3aa22a88de3021624b6376b45ed3465a87869afaa138df09519
SHA512 3b01683f55c8f3bb5fcd8976f2e42138a2e5aa9e8950ef730217c5084d58f0ba0f4ca70e832eeff260fda95c298b7e6a098b3806065d50f29fdc8af93706db26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e84b90a44834e7be112640832d3c0517
SHA1 edbdfb3259895f81b1c97f3b27527fad7b6951a2
SHA256 33214c297edf536b734c602d86cd7bd54cb6b064ae03a90667242992faa95dd2
SHA512 33a0cd9df6b6c0eff3549fa65f9a17816ff3689ecbac34e945b2c269375eb46de583ce48f14eca6a9ddb2280f903bf6a0475e02f83a1c6be3211cf3cc1069fcd

C:\Users\Admin\Downloads\Unconfirmed 185874.crdownload

MD5 21943d72b0f4c2b42f242ac2d3de784c
SHA1 c887b9d92c026a69217ca550568909609eec1c39
SHA256 2d047b0a46be4da59d375f71cfbd578ce1fbf77955d0bb149f6be5b9e4552180
SHA512 04c9fa8358944d01b5fd0b6d5da2669df4c54fe79c58e7987c16bea56c114394173b6e8a6ac54cd4acd081fcbc66103ea6514c616363ba8d212db13b301034d8

C:\Users\Admin\Downloads\HMBlocker.exe:Zone.Identifier

MD5 bf9b492c91293e877c3b89d284aa3034
SHA1 2ecccfbe332901a4683dc93068fc73b3f88f81ce
SHA256 7adcd8245a0afdd72d94a165eb71f39d023ab92cb89eb2304fb5798fd5e9d4d6
SHA512 678dcfc0f94f1c710339aa95313f7a871be6e45de91f91f5a27953ba66509a7eea35b2fe1413e85aeb224fba54fe687c8c1b6d45d19f481a204a062948b1a7df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1c3419fcc1f76a6a6e6d1d1f148f221
SHA1 c4a7c09e018d2a08079793813c76276c3a85bf7a
SHA256 cd8e200add040663904f8c519334cbcad8ceba0b2cc1c6ea759d01d0988ceea8
SHA512 cd075301adc1f97ac3fc17599487fe1029fee5139bf11ea6c095f795d247e85f708c1121057bc2c8323590ec24d647a31779a54e56942f56849b49d4b9f4d950

memory/4628-973-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4628-972-0x0000000000750000-0x0000000000751000-memory.dmp

memory/4628-971-0x0000000000750000-0x0000000000751000-memory.dmp

memory/4628-970-0x0000000000750000-0x0000000000751000-memory.dmp

memory/4628-1002-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74ff353b49743e3931a0dd8cc5b8c881
SHA1 1af25a843c93167c5b11fa1591230e6303053280
SHA256 8fde29ad1dc97f181f2d4578514cae90fc2f8ba1922a446149fd62673f35b50e
SHA512 3b599f3298b3cefbb4316e1a77716686ae7e881127de94aded157a6f567cae8ebb2fdbb906e5df17a7bb7414a5dda31cb8a1ec74720a8208ee53eabc5bd9738a