Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/FreeYoutubeDownloader.exe was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Downloads MZ/PE file
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Enumerates system info in registry
System policy modification
NTFS ADS
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 08:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 08:41
Reported
2024-08-25 08:46
Platform
win10v2004-20240802-en
Max time kernel
299s
Max time network
301s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\43F9.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44A5.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\43F9.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44A5.tmp\eulascr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{21DD617A-DB20-4DD8-BC48-48A582AE7618} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 864736.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 851189.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\43F9.tmp\eulascr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/FreeYoutubeDownloader.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb6b846f8,0x7ffbb6b84708,0x7ffbb6b84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\43F9.tmp\43FA.tmp\43FB.vbs //Nologo
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\44A5.tmp\44A6.tmp\44A7.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\43F9.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\43F9.tmp\eulascr.exe"
C:\Users\Admin\AppData\Local\Temp\44A5.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\44A5.tmp\eulascr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17078114717760723359,17140777054471726389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| FR | 142.250.201.174:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| FR | 216.58.214.161:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| GB | 92.123.142.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.80:443 | r.bing.com | tcp |
| GB | 92.123.142.72:443 | r.bing.com | tcp |
| GB | 92.123.142.72:443 | r.bing.com | tcp |
| GB | 92.123.142.80:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.64:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 80.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| GB | 92.123.142.72:443 | r.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_4868_SAVALVJMGMJMDXEV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16c2da02d2222084be47674c690345d0 |
| SHA1 | 1518d4bbaeadf4c32e88b53f503ecb2f02b827ac |
| SHA256 | 22d3179c36d29ce3039800b99a664edcc25db36500e9494e6a921c1a36d30834 |
| SHA512 | 915fbf128ef7e5d72631755030431fd0b56cfb47822a80d2230d93cda2af575eaaa74354d27688696cb720359b55193f22494df088e1588d146bd42afbc398ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93cc62fdfe035bb690b03b6b83a962b7 |
| SHA1 | 512fd2b6a824bc440d45a21f84af43eba2b7745e |
| SHA256 | 91db993967f2c05a6df1ed7a044190c88492936e453bf935afcd842b11536758 |
| SHA512 | 8e8ccb1d29ed7f107ca19de46066aca6b6e8073307050eb0cc8f64014ffff179df985576986f8221da1b1074cc5e2afd0e28f22513b9798c25cdd624b27570df |
C:\Users\Admin\Downloads\Unconfirmed 864736.crdownload
| MD5 | 13f4b868603cf0dd6c32702d1bd858c9 |
| SHA1 | a595ab75e134f5616679be5f11deefdfaae1de15 |
| SHA256 | cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7 |
| SHA512 | e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4bff728c672ae4e57fd94b0f31c9b8e |
| SHA1 | eb30ddfd57a8c8cbe16e98805bef7cfcd144a2ec |
| SHA256 | 3be376e2268f3300b28bf13baf23e903039e4ea1f9a8b4165742ea6b826e11aa |
| SHA512 | 02a87c611250fe6d39ab68b2bcbe3999d02353feaa3acf016e0650a2351ee5448580323ad3ff9c099140d252299e3790d385efcbdb76eccf0836911d25b5b069 |
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp
| MD5 | 8708699d2c73bed30a0a08d80f96d6d7 |
| SHA1 | 684cb9d317146553e8c5269c8afb1539565f4f78 |
| SHA256 | a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f |
| SHA512 | 38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264 |
C:\Users\Admin\AppData\Local\Temp\$inst\temp_0.tmp
| MD5 | bc82784f4aa47bcfed93e81a3b9950f2 |
| SHA1 | f5f2238d45733a6dde53c7b7dfe3645ee8ae3830 |
| SHA256 | dd47684334f0a2b716e96f142e8915266d5bc1725853fd0bdc6d06148db6167f |
| SHA512 | d2378f324d430f16ce7dcf1f656b504009b005cdb6df9d5215fe0786c112e8eba8c1650a83192b6a9afad5892a1a456714665233f6767765619ccb5ff28e2b8a |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/1264-225-0x0000000000400000-0x000000000043C000-memory.dmp
memory/5216-226-0x0000026E581D0000-0x0000026E581FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8f90f8b6498924f4fdb0ecdca69c4ff |
| SHA1 | e73fdf9cf8acc84fce31ab39c04f4cb0cb2e2852 |
| SHA256 | 67b6632774d995b795470c8b8323915e70025760478e17742e97240c2b2077a4 |
| SHA512 | e95a9fb540973056daf1d29da13776f675f5a1dc118a1875a5d50d31431a97b13aad4e94a6be5373e3f3321c442f8224fe77fdafc8959d733be1d9ac3f29c201 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4085ac3bf2aafdc26f47b5308b190290 |
| SHA1 | afb4acdb720dde9a3f376f095bda9f11f3851f3b |
| SHA256 | eaf603760569165dd6037f806cd77a88cfb4763d337c82c1a2fff94d7541767f |
| SHA512 | f03e676702ec2f66d4102567f6d76fabf37799c34b5bc2aa382e7d12ccf249e5dede80fe21e4edfe7bcc0890ad07bd9d6565aee63734b797321c649c992e7fb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ca93.TMP
| MD5 | 4efde9047883a4c29c5d6cf0a95efbe9 |
| SHA1 | 97646053b7242649642408453f300d109fd3bc3a |
| SHA256 | df761bfe4f7749fc8bdcc62a41ec4beceed520527a69ea2c2fa911905f50e104 |
| SHA512 | 84e9157667f6d433ba1d0180c1f6b3df610640b2afcb2fb778b3080784c1fa615ddd8247b0cf66b6e8945787960751111dee0039400c148c54db00b986c740b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dad0a50924f5c949d6d39b3d80cfe3bd |
| SHA1 | 4528eb3d905b96c24134e5e6101ce5bd6490d1bb |
| SHA256 | ac433496a10b06a916637a3ded3b95bdee4abbba054ae96ca70166ea12bf674c |
| SHA512 | bd2d712d4c368c85e0d8a8f3cdae1af0a3af458c03ca9ca4649bd9a624944e599602375a5ba1ea5ce1b6859fa82a921c2cffc47ae58167e817ed30cb099c340d |
memory/4804-265-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
| MD5 | 1bb4dd43a8aebc8f3b53acd05e31d5b5 |
| SHA1 | 54cd1a4a505b301df636903b2293d995d560887e |
| SHA256 | a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02 |
| SHA512 | 94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe
| MD5 | ab648a0df4fe7a47fe9d980c545b065d |
| SHA1 | ce28ea7dd117289daf467467a592bc304c72d4e6 |
| SHA256 | 905a849721ec95ab08754aeee9a60b3ed435d36962466fcbe5cfca63dfc455cd |
| SHA512 | 7ae99da55fbf1c31c5281e5f4e10ab2bc33b89effeee82b574eb4b60541c5ea2913d5d99836608873da372c78e75436ae7e535568f48d81cb9dd26d2cc1b3a8c |
C:\Users\Admin\Desktop\Free Youtube Downloader.lnk
| MD5 | 1059e044180d5a5e37653a770fb30d7f |
| SHA1 | 0c3f776055893d3ccc55f3e370d42e9229931603 |
| SHA256 | 6b52d917b5518cbc50332f2415a1d7aed36b8d3f40f25fbc9f4708b0dfd80b91 |
| SHA512 | e7f3a35dcbb8344f567bac47fca884cb0e19e0159f09f8b4320ac7fd7720bb4e904759816c886a1c7abd609315d308b5d563553b5db797b23e5823a8934c38e1 |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini
| MD5 | c92a1d4d0755c886dd137c6cab43c35e |
| SHA1 | fc16175e58ad1f67c57e7fdf55333fdd0e01d936 |
| SHA256 | 6ab1ee65e6c9c5e31fe3680fc92a2a0ae73f216e966f5582a2d9c265357238d4 |
| SHA512 | 0525880a1f4cc7dd912ca4006fe4bd02bf1218931fcb56489a0ec728a682fdf1ecd35e8797c665c63dc19d8236942d9b832a6a8c46e00df02afa2c65327dd9de |
memory/4804-280-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4382bb27de569b8325c44b46cbc69400 |
| SHA1 | 6a088bbeb47c48026ed9270715cc1acdf3ce7a58 |
| SHA256 | 37d3dfc3ddfcfc2bdfb41244b67db32b43189e26bfb132f1095a9aeac99a0cf3 |
| SHA512 | e1a48d2965378b062a28cff52b27293823bfb4dad494f5877044b7c5c69f3bcc2ac43ed8a07ac9930601c99d02e634df31a96e16dae903409f7aaca60462a268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5abd09c3c4d61f5eb21142ef06f844b |
| SHA1 | 516a3ae96ab5fa79388355c33839074e8b96f4e0 |
| SHA256 | 48f4f3198aa0588140197856a772eab978e7aa3e4a886cdf77b2c566248d2dbc |
| SHA512 | 0bf98cae9e40cf5cb48b29ebd2f6fd296d3c9a636f6b7f480433c470a99b213865d80b1c19262a159859c8ccb27681e538e0eff62998679a3d8bf0532050e919 |
C:\Users\Admin\Downloads\Unconfirmed 851189.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Temp\43F9.tmp\43FA.tmp\43FB.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\43F9.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/5168-368-0x0000000000190000-0x00000000001BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/5168-376-0x00007FFB9FD90000-0x00007FFB9FEDE000-memory.dmp
memory/5144-380-0x00007FFB9FD90000-0x00007FFB9FEDE000-memory.dmp
memory/5144-381-0x000000001DEE0000-0x000000001E0A2000-memory.dmp
memory/5144-382-0x000000001E5E0000-0x000000001EB08000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6dda5e42-fd65-43ff-91b4-e15d6ba84026.tmp
| MD5 | 3b236c518dc077bcf776b78e846fac0e |
| SHA1 | 8f869b347d95cb4003cfce62968e5d2f8e3aaaef |
| SHA256 | bf5da3ea55cd4b3684a2f919e15b6f26b89a5fd5d57cb94d2ed801ba04f66a5d |
| SHA512 | c191527efeee060baa80380a30f922ad98c480dd99e518e55f5cdc82cb506878d1f2a51da2577c4725831bd5582dfcfec2db8c3c0aa6a54d1075d190651b67e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 811f54d916b2ca8ee641e2b473fccbad |
| SHA1 | bbff457bb7cdef84c0e328e49ae29f8ddce860f4 |
| SHA256 | 583fa2faec448607ac4309d9e25e68a73921df156e63d3b9590cd2caea975d73 |
| SHA512 | 1e33574c86618019d15a05b1a185789e302514bddc2498244e23c95421c4e3d9a8b1c1796520093555b2d97c1773322058e78029a2cd3371f94c51b9ee5c4eed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cffef1e6-06f7-4ad1-a4e9-c1a07dbe88ac.tmp
| MD5 | ed5f4213c17629776cd75510648fc019 |
| SHA1 | ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9 |
| SHA256 | e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87 |
| SHA512 | 71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log
| MD5 | 8b325485d0cc4762f87c0857e27c0e35 |
| SHA1 | 1514778327d7c7b705dbf14f22ff9d8bdfdca581 |
| SHA256 | c18709d3ab63bebbbeba0791cd188db4121be8007c896a655d7f68535026cadf |
| SHA512 | 9bf9da14e50301d68246dc9f3a21319a8fbfc866d5b57ee44cd9ed96c1a6dfecabcec06b66be5ec5625ff708d460e23d00849c581957ab84c4f2941cee07ff33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06e2f82549e414ecc0a63350854d2891 |
| SHA1 | 7bddbbc853391ae515182cf0fdc450872715f1cf |
| SHA256 | 0554ee1ead1e6e98534adf45c343e7a834e13bfb4cc69ad33c2291de5a7a82c7 |
| SHA512 | ee78649807e9ed06255b425561976c9ea2b03648c3bfc104977b3c4c2f5e3b2475ecdc9772e6d43af0aa849aa1c2db2abc0280c87143d0ff9e1de5305d98d781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c0d6b4e22771c9f7197c2bf5f347ef3 |
| SHA1 | 7d3f6cac0249488e5fcbf1927db1b63e927e2cd1 |
| SHA256 | 9ab795d2b7302ca378a401ff1e12b65e5d7e1d4f08cb336d1d2c0825d418f91d |
| SHA512 | 0e71b9f63961fdefc8e77bc82ce3c7ccc10d4fe7ab1b1e79ef3921af332e66f42aa203739244bddd532f6165d08e3d6396956c1df2de1f9ca00ad38cd59010de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2a9a6e6c23f810699944984e876b3cd |
| SHA1 | d2c32d559f5aa68efc5283da15a34f68343bb611 |
| SHA256 | 956516c945fc9eb66ef9446d4e5ae560c3839ba8cb379f6d2c680be8c9d9f41d |
| SHA512 | efb76540ff4921060d81bd7759fa50da953e8cf9dae9df520be72e8d47c7572afab306720db24fe2267c7a486cff4f1693bc6fa697177e30521f5062ce33db08 |
memory/5704-614-0x00000000006F0000-0x0000000000764000-memory.dmp
memory/5704-615-0x0000000005770000-0x0000000005D14000-memory.dmp
memory/5704-616-0x00000000051C0000-0x0000000005252000-memory.dmp
memory/5704-617-0x0000000005150000-0x000000000515A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c4415d8cd3e238e55e3ae73cbbc4b339 |
| SHA1 | 25af5dddfcfdaffd533c4352eb5ba696475afad6 |
| SHA256 | 3937c36881a6f9049cdb3e528659e3e51c84d4baf082a11046e01afa3be15710 |
| SHA512 | ea29648f1e8a82a97f59af5a37ff0f1cf34aaff332c6cf5b2405c9f7e8a70a33a4a9d8d3171dfefd3b2e4a0ec7b432ad9bea9db72cec4e81cb051ce3fbec6b0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ede928875a9a97b4a9b7fd2d551fc09d |
| SHA1 | 2e6a03e2ac0d85ed18eb8758475c005aa3ce4c8a |
| SHA256 | 78ee7747840bd891b1005b42d561895c5559529322db48f7eb6e7d18b08e0871 |
| SHA512 | ba13a6c77f8afcdddb1589152f015feee2806b7eda9a02487c2f7e0338805b04bf8b68d81775941f5e5169730b15ddc1723cbd77f13e197264938ddbe391ca74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d3322636f59a2e7b90b527ed8840adaa |
| SHA1 | 1352cbe829ecc143462ca3be0b4c041a147ddd27 |
| SHA256 | ac9d6969080faa3da8864e226e4107746d0afafc31f06968b5d2cca47f6d164c |
| SHA512 | 3c9bfe82b67cacf5482a4b66bba60e29dd3273d2daf9e4f65a8b613db33ca744408fb0f621a678a21de3b79f6b2f86c0f18593acf5e71ce5ad5b60e19f27fa6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69f3bac1a453394337a26fa66c53cddf |
| SHA1 | 6cc987dec4cda5b2c388d8db85e1aa2c2d0b108d |
| SHA256 | cdacc3f979d6ba50b767137d872c95df0be80a728ccef4242eefbe20426b4fd5 |
| SHA512 | bdfbd6e3b313a535e1c9abd85a9c1435fffa4f20b6d89687cdd427700f9501446f97da0894c0bd3079c4f1c2889d83d7afa6e78fb992796fe36100cd45eb2dfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 08f498433b527158664a674101d2818c |
| SHA1 | 7ef748837b3c93560e9f80153662b43932d82195 |
| SHA256 | 35e701b8564e3c5a4c79185c10f9315524492ae4b2dc4b8bd4a0ad936f879732 |
| SHA512 | b66467cdfd6cbf5745c0ffbd792b5f7bb26c596ad873020d98509e89f090b61f84726c0f63b2d386add5e255d3786787e0710d9db01a3f0b5d8c6088a4ede260 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc9ec31fc4c1447a96a01b71bf7fd835 |
| SHA1 | 8f1ec31cd385a32dc549322f5322c8a8404fb633 |
| SHA256 | 2c70638c2909875611c4b20bf4da2713b1059d4dfe247edd3e06f40da2c89eb8 |
| SHA512 | 3e37db7ff5bceac17423bfd7d61a21d9e4ee89ab343f1a6bc8e25160d89a9bd498766b1a694bc2092f5a710d3049947c33e9e003d137f5cac45d82e254c56d5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 76dd9c87500e63990ff3def1646ac8a6 |
| SHA1 | 96617a995fc49c891adfb4b820ef9b5e5c1edcc0 |
| SHA256 | bad1183f73db7c5ba2066bfb97eec5227db4c9546adce7db37626fe29a2877bb |
| SHA512 | 25832663d32fee6cf71c0362a241d204bb289a7af2b69f3f1e6c5fb83d0b163e95a72586c684b5cd3e712050ef14cb2033015b6591854e23112555da63e9159e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0460809cd727404f27c5268770290e5 |
| SHA1 | 104170405b11f30c55bdc1f587be7d4adcf8b46f |
| SHA256 | 3df5148f683d35ded5ce6b90fa3d71aaecdb443d73de0b12f96aba3aaa5ac1d7 |
| SHA512 | 6ad31ed34c76d19e33dc3cb631ae90c75a9e5bd10ee7690782daa9fb96b13970b0496f43c2c494b87f37a69f6469f8d942d05dfdc30d9dcc304296e1107a0630 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0f150a5acf70f5167792e377cb9e9c9b |
| SHA1 | bb534071bd437b906187b78c662100a577cbf547 |
| SHA256 | 9dd9e8324444b669f88feb60f02f9b9c38af035335688c17253b874db3062ef2 |
| SHA512 | ea57db5a1edd94c9dcd2ab81f377c038bb10e54a1dffbf548ab6378863e4d2d88f9f89b8d8c419ba392260293609eb9d33c4eb6913b403d0203e48c11a5d3f38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b0655f02f20616d7b230ee56e0b1e318 |
| SHA1 | a1267eda2572f61594d65dd32552c986d199e9bc |
| SHA256 | 3e489605927794f7b2373e427fb0489730a6709a238bf47edd7de45054402387 |
| SHA512 | 1fd26e3f51302d5ed5112f68f79612a44ca303092504fdf1c74ec22f5455a8bf113dc16c8878dc809143d66f2533b04df1aeda27f6040a5916d03fbefc4cb3b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ffbba1f491f0879e40060f4640fe768c |
| SHA1 | 3658050e7c57eaa001a142ce3286d8bb058c82df |
| SHA256 | e2dd9ca7be0953a5b177a4879bb848fcb8f871d8bd23b49303fa86d46dfa3e56 |
| SHA512 | 8e6be7540e28daf4cde40f80dd06eb8c5f476726d48e211af011ff4fa14e323e8563157185674da6d8b8b2fb0bd475a2edc6ccb905e8806c6eb5ecb3be3f0468 |