hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

24/02/2025, 02:19

250224-cscjgayrdl 8

24/02/2025, 02:15

24/02/2025, 02:13

24/02/2025, 02:06

24/02/2025, 01:57

24/02/2025, 01:53

Analysis

max time kernel
324s
max time network
326s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2025, 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
28	2084	chrome.exe

Executes dropped EXE 3 IoCs

pid	Process
3108	FreeYoutubeDownloader.exe
772	Free YouTube Downloader.exe
4656	Box.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	FreeYoutubeDownloader.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
27	raw.githubusercontent.com
28	raw.githubusercontent.com

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	FreeYoutubeDownloader.exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	FreeYoutubeDownloader.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeYoutubeDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133848358894494008"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-501547156-4130638328-323075719-1000\{F299BE4D-8354-4162-8D13-1A0FFFD9B210}	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
772	Free YouTube Downloader.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
772	Free YouTube Downloader.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3108	FreeYoutubeDownloader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 3988	1400	chrome.exe	78
PID 1400 wrote to memory of 3988	1400	chrome.exe	78
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 4628	1400	chrome.exe	79
PID 1400 wrote to memory of 2084	1400	chrome.exe	80
PID 1400 wrote to memory of 2084	1400	chrome.exe	80
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81
PID 1400 wrote to memory of 3372	1400	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe111ccc40,0x7ffe111ccc4c,0x7ffe111ccc58
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5020,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5028,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5036,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5044,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4844,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4712,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5192,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5532,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5776,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5264,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4556,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5312,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,11511918745265910283,15970952248099559193,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3128

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004EC
1⤵
PID:4744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1496

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3108
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:772
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
141KB

MD5
7cf96b2249c22a7ee0a1a685eee2a751

SHA1
ddc8167dc6da3af1e8b476370208bd9bdd7913d8

SHA256
ac847d9c231edc6e7ff0d28196f39af1192e23222c4188cea6bd1e83d67e8d51

SHA512
3b332cb4db3b035c08e6902a16a372a1dc6f142b94605cf919f1d6ddf3a58948d112a01a1db1e7e35d58aa95b0ddd79a6f7ca788882560235091f4d4ebebc3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
90e9197afa34040a918db27ab54909e0

SHA1
b908b7f0c61694da7b28198274c0843cfa80eb8d

SHA256
56c1aa65948467da8c137ff91eda87fadcee3c24fdc1ceb0170fcda454316237

SHA512
a479f0cf9a29f80a23f5544f73fab00583477a74cba59fc0e13d4dd47c5ea6e0b5eab2173461803f6ab465ad1a2280f6f2c9d372c7c988071472404289334a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5e48f1b6df6b05ad3a09416d41e0bb01

SHA1
e53b1dd18031520367b19575315b55492460e92c

SHA256
609af65c403b4ba87c1e10341255cbf8848bbd3f76f29206419a57ff08f5bd8b

SHA512
a00e39bcbcd975a9f59bac8dde628a052feaab88969ff2a40447c3e3bc9434126eb6be5bf9cbd694da51675ba70afbe4a0bdf25aa4a28f212844c9fab866c8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
044334f2fe5adb13301bf62fe8bc314a

SHA1
7d7efefde78e5acbec16313b0161b1449807e1a8

SHA256
93c32b464dd8d3ef8a24f4f9898af5dd39d9894b2914d307542c215e7b18385a

SHA512
e063d5af5b05021974e89311d85ce79d09a1709cc7bd82e038a147b2ffbc089a37ea61ee74b6e93b3239c242a7f301d31f46f30fe56cd70e8d011c08d701f3bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a8c2168b175811b3e0ebed72af1c2122

SHA1
a4879d6f100d9cb46af317c8f6aad61652bfa7aa

SHA256
2a8348e7484c265375aae58084376f3d2f80a8fa090e69f6fc9819d536c1087a

SHA512
5b4d78479c768b3553e3865adfac1d6fbd11b63ff6c51af6d1877791ab15d0da04e03a5ce7db7e6596e1eab73b3e0616429b416363f17dd7ac67869ce1376be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
17007e80345c683df0e697e46f4fb9e4

SHA1
762e4a4f8990a334c405377d10061f536e9f78e7

SHA256
b68b76e777d469d2912a614212eac7a6d96ad523e2fe13d947c3679d4951f077

SHA512
8f006dc7b633e2e1fcfad5e3b202a969d36c72fc4bd3a5ca73357a96531c246870ac017613c5ce645534007003432705d7c5d443e9f16b289ee6e07379cdcafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
1e03f8c06f57685b9aeafbf29d95e8a2

SHA1
8d2cd75fe72bccb5d4d09b9adf46467e1adf4a2d

SHA256
f41db875a53ace04f5d916ff4c5a3777fe1147cd289971b53c79edf204f6aaf5

SHA512
6494a31d804e5249e6f879c17c0f2dbf137610cc5cf3966d9a209172b9eecce9d9ea79ed4914bd9928651985f12953db555e7f375f76d8fef57533128e28eaa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
317e5839d79e4299f65e97ef04743f67

SHA1
05d12326c9505ae5bb261ccee39f025b218071bd

SHA256
45cac1678a97d2d79c2b80eaa51de3aefb81caf2961363be27632255e208ad30

SHA512
eba221345b029a54b3817dfc30265029b9094ce706c04528e2485f70a3551309c0b607586dd76953b6f8afae5cd1a9e3d3e47eeec9a37718ac5efc4e0c5dab24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4e01b61423eb5621faa55749aec687ac

SHA1
8b197f0af74f2d4ec1e3e396249e819aaa589b21

SHA256
e35d0f679ca149602b4fd10f7c956497663b847f02b6d03a622265a388668e45

SHA512
a0bf2c0febbec757ff3dc7eb114354ec2479a728780bf93d84c92c98f4de89f0d431515a1ed715be6dc1e6100516bb418b59001f8ee0c1b8bbfab856fce40943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8f4f35d3ce4e147e398fd0434ab5cf2

SHA1
a79484472565c357d8d00663d7de354aa9c2fbfa

SHA256
04f998bd91400f3776a2d4fe1f06895da65109af3cd1394d523487497a65d6f8

SHA512
03e784fe3e637faca7b95d36fc83620add155e34b50863cf2e807fe87e5d23eeac895d4cc6c9af84841e2e89af0ca66a6689f2f5fc8bc4431acc1abc11689000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14797eb82893036b9bca2b4f90b9fe39

SHA1
4eeb25ed5f098fa56cdb1126b924b98344c8f0b9

SHA256
577f72b0102b2c8dc9cac8f5203a043bcb79321b78b13ab40edd9b0cc3718ea5

SHA512
d596ec33c60955396f83ce80793cb8a1fd1a61504438f6e49a389d7424c8fca4245fbd4986c8c8297b4cc53b5e5fa4f25512e90b018aedb7aaa51a4aca21a72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a476cf81315334bc30fc6fa97ce902b

SHA1
14d66d6ec408a927a1ec79b402ca46aa55ac6a5e

SHA256
427f38eb267dc0ac20c99a78893cbd829cc38b227820e043aed80b0c28e660f8

SHA512
6c58c85858b4c405848b489664b34ceb84c0abaf8dad36c8139c9e19924f60d23d53c7a94e7953d43acef93bc1b49ec3f77faa3465c82a238c6af1dbdb6fb1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e81e12ab449bab4d47ed82050a95426

SHA1
4038f20157e95c96b6c3a87bc8511c01a8941fe3

SHA256
41c7c5d61152e136f583dd09412dce7f1f778d0ee8b1d15d59e946c8a9b02292

SHA512
b67c9483ffe3ea3bafdf6ce6dc8ee70f3a5b1b7ee6844ebf01f52c4a6271fcfa47bce4814db6fb60612429504cff6cfe7b321bdb7b5631ac9913965f553eb9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dd1d5f75bc3aec2601aef7b52cd09a9

SHA1
95ef58492d243453cb7178f5adf68422db0af687

SHA256
60537d620642cd6b487fbad128bce5a7b91d79939508dfed2fd431992fd5c174

SHA512
39821fd771320b2d14b07abf96e2a8e5bb43485dab11c8692765bb18552a3dd84db861bb4d84436be0021591e6c6ac159cb3a27fac33c2d28647d13961cc0ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e05c1cc12cb1a709bf5d1b88e0e18a69

SHA1
229cef07f8d44163b8bb7ea560bdac33b6ff9ee8

SHA256
b7f6f251be185976d41c10e1c07c09bae9905bdb5f352c333409a2311b3591e3

SHA512
6b3aea4b8602570baa4259bef7531f8387865acf9ce316083758ac57b844bc8d0fdd53ee8929299cf6f94ba68e524e02064dcb3fd875726b55d3e283d8124fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fdea4c738fea0d5475cac3c2606f46c

SHA1
9713ed8d4266b6460a5636c6eb969d21f2e4e98a

SHA256
e03f34509af0c089e8ef489cbd2a8b786ba7e91a5261ac8450c178c90efbfe13

SHA512
72674a202b5f57147cb3a790f741be819d82356c23cac8c4e3fce619d6f93e76c8128dabc4de32c4728e6337269c059153b5f3372545fc6b556fd87e170fea43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6975c7aa83c9cd72c9189c8753549d5

SHA1
3d7ce53a78ebed53ddcc669b20529e675ba8ac82

SHA256
517d52d168763155375a034e76614ef39f506825d5735db1facaa0d0de05ef7c

SHA512
ff95bdca0950ebf705fbe637639e0d3f66ee236c547e9c374ec99b37fe4e399faea9a29d44ca6f25fadb17818ecfc30febed4fb3ef888374a97178510bbd8fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bed019310c5f99fda42a5defdc5fdc0f

SHA1
2ddf863ab3714cc0cdfdfbba7a6cb7df07c727da

SHA256
e531c9cc6469000233fe37d6e6d1d878ccd8980e7c5d8fe8436dcc0ea11a830a

SHA512
9842adaa06fd141c08eff7273bfbc67772af9a542fc6e79f1876fafb804923db1bc3d4d9738567277e8a06fe0a06525721135f0013538415192e9b462e1cc598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0999202e6850aa6b600729d12fbf15ed

SHA1
75725034a121663b609ae70b0c5d589add71ed7d

SHA256
fca79ff29a9aa16d6337a75a7c2f490cf72ec50322011d71c0c33ea93b51e73d

SHA512
f2d5a6e6c0707717f78f001e51bae0f74eb8db5d5e3f53cff4d8b9271a057b6e799aceaf97208f90115b48c0e6b1fc75881d70b6140529a94381ba446ed94d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e783b9701f5f0cbad93ed1c3892a04a2

SHA1
f05b32e76180f14249c6fbdd7046b89f8951ff88

SHA256
1fa1459a07828b75e71514a54a3c3247fc38616ae40e99e0dc40704042dbf15a

SHA512
7658bd0e47f31164319891d601f9f7de7ef37ef7c08af968ba353549d8e653b2f263d2f6910fa924ff61fbbce951b9990cef6c00f9e492c5624b4d3a05bf9b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8cfad4adce0d31c0e922603758bf117e

SHA1
fcbd594640c05dc588e46b9d62d7db276fa6706f

SHA256
0defab343e10cc272accb13672910c066511464a3af3a5a0a76223e87ad716fa

SHA512
1eb73e37db803ec6f4df0665171a33596dcf60c25c8f690365e47b96d0900e1a5accc634b0e576c8e902aca47b34a7975dfc911676a8cf83c3e29d3c9042981c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5d395f960cec572084198efe3419adf

SHA1
2b4b4240a56f0fbf533b8c7dd4cf5b04e07729da

SHA256
aec9c895946847198efbc5fbbd9d9e22184314899ade7ef107f9b0d2d15719f9

SHA512
d5ebc1e3c0142b3677f56d112ab62544c3fa19294167c686875ddd0b597b6d1e4bd489d3b4049d4053d0ced1190340846d0150a780060c5357f919602441ad8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22db207bdf15069b207844fcc4f412c5

SHA1
8f7e4a7243749617eff58bac078e1f9ad221fe78

SHA256
5f3c8858a4a4125e0421809be3476f2c0bc5b0f4c271268c05aeb99dd74ed41e

SHA512
5f7d9a193ae2317f47ab7768a7b675c0b29dd2301e4076e40cc711492c7e983742b9f1ab4c75af10fcd4c3f19682e7936f5b42f5fbc8d0cde0f6606ff3a7e091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff10f8d5956c07958e5f67393c9d3418

SHA1
161bd2ec2cbe52749e1aef469f1c75056e56ea82

SHA256
7a04f1c9527c9e3bbb40df3e16d7f9110a363e042797be0980678e3095a6353e

SHA512
209e3f88432ec689978d90f1e75d5e5a503f2769cc1069700cd5ac490d2c99f8a9d1bf18ea1880ced1984217c1ecc2e09102c71c5bd2bafa542b5dc7835f422c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5e37caa76f2598df0b9e750d4521d8ee

SHA1
f1acf995e510b560a8bfe47811e18a997bcc8772

SHA256
c8ae13f9bbc61b035d9bbdd33c47f83b980e1390384b31e8809ea8ca6cf81de4

SHA512
0db6f3cb841cbcad73180ec24bfe91555aa61cabccd5066a1f9f2a4ebc511d08464543dd8f8c63a157fb6981a3b64f4378b81ff430de4a63e79ea38e13d6215e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5bc45eb913c081c7cf7938b193d1df59

SHA1
16c529f418a4a1db89db746697cb3b7e02c6e3a1

SHA256
21b28b231f8c41a78829f86c93f931491def10c5696dfff73f964fd0befa4191

SHA512
b7453a1f6409ba75c420cbe3148eecf02158c230634b9dc0891f81cd49ff99c8b796ad6dbb04af614fa1b831fbccf64735d292547cec11a10dde9797fdce3d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
284cecd8022b2e80e2c002b0b5291597

SHA1
51740248a056548b0393845c652fa89ac8ef0b9a

SHA256
17aac8f33497c996ea6531484714b72c50f5ba05780c84573b49a482a07facc4

SHA512
cbc9433a1bd183cd8661ebb7966ca082c8296771aca2e7498c7435bad85728975424081dcf8dd2a4014056f7b46ff215743c29e839f7c8a27bbccf5d6efc96f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9b835b8d5226d45418897547145ae92d

SHA1
427c038335771c0fb5c1449b187585885686f1ca

SHA256
3709a6fe002065ea8d64226f176c4d8f3f328c219c8657f8385b038e2d662d71

SHA512
695b21423a03e288d8034320be13370647d532ae2c602806bafa21815a155b1d152355f88e3fc8d11c7208e0e2039f14007341a15721f6ee8205861549c9b336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
631f88cf0a5499a4746ec7d8c51f4272

SHA1
86e9237f0907ab223156768e08cbc626c0213253

SHA256
1c345ea7c99203894cba3935c63209a8333f5b9e02dd145247a0e49c9c2d770e

SHA512
eee264bbd4c71afc71399adbd2dd3b7de17aec8710fb01b9e6f1ae47b0dd55b124dffd34b58e076d3447bcf378eb03d8cec72ce36e2fc2715f2d8c5e797a2e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1166861b6fc92104b3b0eb0c61de9807

SHA1
71fe038247adab6feb5dc668375cdd39bc842d97

SHA256
8bdf16ef84d5278a89fa18ff650faa4785bfcefa6b67e14a9e57ae104e6e443a

SHA512
6a50c2957cb3f1b3586f8c586895e12e8b67830dbd591a58dbe5e217b5740ff1d10063cfdcaaf27ec7558ecfde0bfeff266c8eb870c2308a7b82f0e2c1935021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
33cb93ff86fb30700067465b4cbfe468

SHA1
63eb6b93274dab04d52bca8b0a8cddbb73c98e60

SHA256
671713553dca5a9b3ab6e5998af3090a98517b791dcf42ec55a8fac6a8cc4633

SHA512
4c0da971852da82feb3f6d2d7615d4d30c7c65593a93214d3b546f9b36c3b33b361bd224d5cb79ce3bb844a00721c6b613f40903ae9554a8100b55ce9aa29581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d1ed6fc5220089423807d25565e72720

SHA1
15d9dc9d81d8313967875f3360a09caa9ebe3a34

SHA256
baccdf0e3af8e34444d712487e18487cb9ce76a2141507519c0f0771b5760750

SHA512
ac37422b793ee27971d1f8aee203b6cb060a285ecca6d09c636269c20efde80081d3cf453e9925dd4e14ee7aed05ab3bf03ea0e33e4089a5bb777a538d087f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c856c3ea-2742-4e37-bb31-ee284407ccbb\index-dir\the-real-index

Filesize
2KB

MD5
89a6369d629ab8651c145c052a5af74a

SHA1
d2764186d0bb865e00c57f37d74eab6670a723be

SHA256
2dcfc6f0a8c5a49aeb22393ccbb7c4a507dd5b2ecc9b1d438e9cb9c5a47843b7

SHA512
21d5390d6e7b2a5276d34500fa62d6735daa102444caf4bad6a4983cb88c80e6f5494de29ce08689f68b8b5e48685d1a88674fc61e84d0f380bf16c9f42a7673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c856c3ea-2742-4e37-bb31-ee284407ccbb\index-dir\the-real-index~RFe5a36a2.TMP

Filesize
48B

MD5
2eb3e629f8079fee32e5986aff5e7c97

SHA1
aa7850b8a1e8a8fc19156607bfd5dc8784aacf6f

SHA256
ed45343824dd5e392b95832fa96ca5b3b041d845a66b4f3b8ca8acb7b19a7781

SHA512
1b058179aba4e3832f3c0d8cc8724153ffd1f29dbfc802edf8f3e041aca540ed0ac367aa7ef90fe4bec36c7a8307b476994ac050d18836f50d384ed69a75e33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
35c19cb398007e645d2df99ffe0f62f3

SHA1
82d0d8e61a1c45d542f61c792e08b921182762d9

SHA256
01d73746138314fad7ec7d3e593066b64f6fbe117970f84f23756fd1a89ebaf4

SHA512
4e73a1129fe526f81a205539bd89366d0cba4d86e3ab1b828d01873f4c92466d584fb71543bc15a03e6a930b72532c59fb51574db851845f763bd1182c558e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
d05b0898583fea7b93533196bf5e7db6

SHA1
578788bcbc89fa38dd492f3456bfaa7d9d0191e3

SHA256
ae329aaaf040bef9f1e2814d6616848eb9f7b15fa65fc7a931ea39bbd4fa8d38

SHA512
fcb1289b1ff596529ebd7dfc060a6ee8b69a20c48d880225c39700e3e6cc3d2c57c364d2a49f72fb3519a222dc1090c545e7fcadd73221ec4f613c335b419f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
95f17c82aae7e145d998832d453e02a9

SHA1
b82c53a635cbc1dc4739e6c8f2d6280a8c350fa4

SHA256
e5ffca658c7394bc3f083f8defb15ede00803825c2194ff9761b7411b5dbe802

SHA512
3e9e5f5eaf858ecaf89ec9d66c606aca2c4b04f05943e55c5f5c3b2de76c139944e74d074a7efeb35277af8ceaf7c811d9961260a415f751162aef41fd7782c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59bf6e.TMP

Filesize
119B

MD5
ada917b723a837931bf81b7d488f6e37

SHA1
6eb7fdc7159355be37669092bfe70992024c0123

SHA256
5a827bf2d1d434a6e834b5eb28874fe930e4277a3bb082ef8e9bd4593faa615a

SHA512
d7bb970a240e66c2cde6784de131130150809af2e7a723d6fcfc8936e9cbaf1b6624af620ca74b5e4b6d29d5a428425fa8a96869ae6a1aa2f7668b7424ab5dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4d1bf5055c81c76c9484c63d6210f77b

SHA1
96d21ae37d2abb249934718ba374c418aef14d69

SHA256
c9a1bb28bd6f2a43bd0884108a7b2f6c37e658225e25621e38cd3f446739e07a

SHA512
809984be81ad448c35fd62faa704cd18f0975fc36e66ab8fd76fda3c34fad557b47a7cf5aae87d4c593aba1b0a09dd61c5f0e2a7bfc7910996056c93ef547966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1400_103907436\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1400_103907436\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1400_1912777026\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
bdf0620dfcffc9ff71bd45d7a7fdf4d5

SHA1
de7535df906f2c247c4bcea63d10e8180f443e75

SHA256
6ed5cf414dcddfcac47305f897160723511bf3ce229c0acbaca6cda5e6d5d70f

SHA512
990a86d19feb9533dc5fd70f4fd0693bd8e15882bbcd10f53dfa4954d5f9c2f6c179b75b3a4501d59f61b412a5fe7fc36e9f034194057c60e647d6bfdcdcddcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
4482a2abee1e7aca59b9808857271089

SHA1
42637f23bd61dde4637bba890a4baab14c22bb92

SHA256
432996a9f6cc5c1d3169b54d6db55f96edc13d22b7523e3e37608aa9e89f98db

SHA512
2050b8111a63bf74a174fd768afe2f0c19b813a39ab8d20594554b8a8bf504d8f5952d8e8f8da9b69b3586b2ec4dd91293d0ae6992d59e290d44a2abbe45e2c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
23c09c7bee63d2bd5bb70917627a743a

SHA1
46a4b256aa1f3e8526a9771c4de93bff528aea71

SHA256
05c4c329bee0ef2348ccd183af0ededffc5867ba9ce94856bdaf07cdd3247952

SHA512
a8c42ff298b264630dc9d1dad98ff5558a1298ac936196e5073c3fa8063880a64591cd91e99881de71ad5101de9ba6bccf79225e437f2b08657f70d86f848937

Download Submit
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 541885.crdownload

Filesize
396KB

MD5
13f4b868603cf0dd6c32702d1bd858c9

SHA1
a595ab75e134f5616679be5f11deefdfaae1de15

SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
memory/772-770-0x000001AF0B680000-0x000001AF0B6AE000-memory.dmp

Filesize
184KB

Download
memory/3108-767-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4656-903-0x0000000005E30000-0x00000000063D6000-memory.dmp

Filesize
5.6MB

Download
memory/4656-904-0x0000000005880000-0x0000000005912000-memory.dmp

Filesize
584KB

Download
memory/4656-905-0x0000000005840000-0x000000000584A000-memory.dmp

Filesize
40KB

Download
memory/4656-902-0x0000000000D20000-0x0000000000D94000-memory.dmp

Filesize
464KB

Download