2a487d89f5f3723c36536536d204390cf0dfa7e317bb1d8970a69ba9b18882c8

Analysis

max time kernel
236s
max time network
242s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24/04/2023, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4kvideodownloader_4.24.2_x64.msi
Size

93.4MB
MD5

c10b3253ead7e7605276592160578d8c
SHA1

927b3789a8d51275c90ea47268aedef02dc0e445
SHA256

2a487d89f5f3723c36536536d204390cf0dfa7e317bb1d8970a69ba9b18882c8
SHA512

24ec525fc96d2a5d94d02a1854cb5b4ace548044175619683cc27da3f64a0661bf16ad52d3144f73f703d9862fddf72f952aaebe1660d163be51dbcb4d546559
SSDEEP

1572864:TG++k5i9GCSSr9CCuq68Td3Y5cTQ0aiGM/boh772wfGHS46AbP1gqVY6Ej4kPkas:y++k5iL0Cux8ZoyoM/i/Fv4rbPCqEj4k

Score

8^/10

spyware stealer

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	4440	msiexec.exe
4	4440	msiexec.exe
8	4440	msiexec.exe
10	4440	msiexec.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	4kvideodownloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	4kvideodownloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	4kvideodownloader.exe

Executes dropped EXE 6 IoCs

pid	Process
4968	4kvideodownloader.exe
2248	crashpad_handler.exe
4280	4kvideodownloader.exe
2076	crashpad_handler.exe
5028	4kvideodownloader.exe
3288	crashpad_handler.exe

Loads dropped DLL 64 IoCs

pid	Process
2264	MsiExec.exe
4328	MsiExec.exe
3164	MsiExec.exe
4328	MsiExec.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
2248	crashpad_handler.exe
2248	crashpad_handler.exe
2248	crashpad_handler.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\TextField.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\am.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Desktop\RowItemSingleton.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Private\ModalPopupBehavior.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\ru.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Private\SourceProxy.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Window.2\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\images\spinner_medium.png	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\swscale-5.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\images\[email protected]	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\ApplicationWindow.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\ToolBar.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Flat\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Desktop\ScrollViewStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\DialStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\uk.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Desktop\FocusFrameStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick.2\qtquick2plugin.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQml\WorkerScript.2\workerscriptplugin.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\te.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\ScrollViewStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\concrt140.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\ProgressBar.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\Qt5WinExtras.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\fr.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\libcrypto-1_1-x64.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\fa.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\MenuBarStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\fil.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick.2\qmldir	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Layouts\qquicklayoutsplugin.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Private\TableViewItemDelegateLoader.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\lgpl-2.1.txt	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Calendar.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\TreeViewStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\vcruntime140.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\styles\qwindowsvistastyle.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\images\tab_selected.png	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\images\tab.png	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\ToggleButtonStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_devtools_resources.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\ApplicationWindowStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Private\ColumnMenuContent.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQml\StateMachine\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\libssl-1_1-x64.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\images\arrow-right.png	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\vcruntime140_1.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\Qt5WebEngineCore.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\StatusBarStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Private\Control.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQml\qmldir	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\qtwebengine_locales\sr.pak	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\msvcp140_1.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\DelayButtonStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\TableView.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\ButtonStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Desktop\TextFieldStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Styles\Base\CircularButtonStyle.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\imageformats\qgif.dll	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQuick\Controls\Private\ScrollBar.qml	msiexec.exe
File created	C:\Program Files\4KDownload\4kvideodownloader\QtQml\Models.2\modelsplugin.dll	msiexec.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e571bc5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e571bc5.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{3FD8B5A0-F783-421A-A0F2-4AA324B85DC4}	msiexec.exe
File created	C:\Windows\Installer\{3FD8B5A0-F783-421A-A0F2-4AA324B85DC4}\icon.ico	msiexec.exe
File created	C:\Windows\Installer\e571bc7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2309.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI24FE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F9E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{3FD8B5A0-F783-421A-A0F2-4AA324B85DC4}\icon.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4636.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 25 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\PackageCode = "A3012696714DE784798A4BD0F8536640"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\Media\2 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\Version = "68681730"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\ProductIcon = "C:\\Windows\\Installer\\{3FD8B5A0-F783-421A-A0F2-4AA324B85DC4}\\icon.ico"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41530C0C348E126459F16629A2205FDC\0A5B8DF3387FA1240A2FA43A428BD54C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\PackageName = "4kvideodownloader_4.24.2_x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0A5B8DF3387FA1240A2FA43A428BD54C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0A5B8DF3387FA1240A2FA43A428BD54C\Complete	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\ProductName = "4K Video Downloader"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41530C0C348E126459F16629A2205FDC	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A5B8DF3387FA1240A2FA43A428BD54C\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4968	4kvideodownloader.exe
4280	4kvideodownloader.exe
5028	4kvideodownloader.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4608	msiexec.exe
4608	msiexec.exe
4328	MsiExec.exe
4328	MsiExec.exe
4328	MsiExec.exe
4328	MsiExec.exe
3164	MsiExec.exe
3164	MsiExec.exe
2248	crashpad_handler.exe
2248	crashpad_handler.exe
2076	crashpad_handler.exe
2076	crashpad_handler.exe
3288	crashpad_handler.exe
3288	crashpad_handler.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4440	msiexec.exe
Token: SeSecurityPrivilege	4608	msiexec.exe
Token: SeCreateTokenPrivilege	4440	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4440	msiexec.exe
Token: SeLockMemoryPrivilege	4440	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4440	msiexec.exe
Token: SeMachineAccountPrivilege	4440	msiexec.exe
Token: SeTcbPrivilege	4440	msiexec.exe
Token: SeSecurityPrivilege	4440	msiexec.exe
Token: SeTakeOwnershipPrivilege	4440	msiexec.exe
Token: SeLoadDriverPrivilege	4440	msiexec.exe
Token: SeSystemProfilePrivilege	4440	msiexec.exe
Token: SeSystemtimePrivilege	4440	msiexec.exe
Token: SeProfSingleProcessPrivilege	4440	msiexec.exe
Token: SeIncBasePriorityPrivilege	4440	msiexec.exe
Token: SeCreatePagefilePrivilege	4440	msiexec.exe
Token: SeCreatePermanentPrivilege	4440	msiexec.exe
Token: SeBackupPrivilege	4440	msiexec.exe
Token: SeRestorePrivilege	4440	msiexec.exe
Token: SeShutdownPrivilege	4440	msiexec.exe
Token: SeDebugPrivilege	4440	msiexec.exe
Token: SeAuditPrivilege	4440	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4440	msiexec.exe
Token: SeChangeNotifyPrivilege	4440	msiexec.exe
Token: SeRemoteShutdownPrivilege	4440	msiexec.exe
Token: SeUndockPrivilege	4440	msiexec.exe
Token: SeSyncAgentPrivilege	4440	msiexec.exe
Token: SeEnableDelegationPrivilege	4440	msiexec.exe
Token: SeManageVolumePrivilege	4440	msiexec.exe
Token: SeImpersonatePrivilege	4440	msiexec.exe
Token: SeCreateGlobalPrivilege	4440	msiexec.exe
Token: SeCreateTokenPrivilege	4440	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4440	msiexec.exe
Token: SeLockMemoryPrivilege	4440	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4440	msiexec.exe
Token: SeMachineAccountPrivilege	4440	msiexec.exe
Token: SeTcbPrivilege	4440	msiexec.exe
Token: SeSecurityPrivilege	4440	msiexec.exe
Token: SeTakeOwnershipPrivilege	4440	msiexec.exe
Token: SeLoadDriverPrivilege	4440	msiexec.exe
Token: SeSystemProfilePrivilege	4440	msiexec.exe
Token: SeSystemtimePrivilege	4440	msiexec.exe
Token: SeProfSingleProcessPrivilege	4440	msiexec.exe
Token: SeIncBasePriorityPrivilege	4440	msiexec.exe
Token: SeCreatePagefilePrivilege	4440	msiexec.exe
Token: SeCreatePermanentPrivilege	4440	msiexec.exe
Token: SeBackupPrivilege	4440	msiexec.exe
Token: SeRestorePrivilege	4440	msiexec.exe
Token: SeShutdownPrivilege	4440	msiexec.exe
Token: SeDebugPrivilege	4440	msiexec.exe
Token: SeAuditPrivilege	4440	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4440	msiexec.exe
Token: SeChangeNotifyPrivilege	4440	msiexec.exe
Token: SeRemoteShutdownPrivilege	4440	msiexec.exe
Token: SeUndockPrivilege	4440	msiexec.exe
Token: SeSyncAgentPrivilege	4440	msiexec.exe
Token: SeEnableDelegationPrivilege	4440	msiexec.exe
Token: SeManageVolumePrivilege	4440	msiexec.exe
Token: SeImpersonatePrivilege	4440	msiexec.exe
Token: SeCreateGlobalPrivilege	4440	msiexec.exe
Token: SeCreateTokenPrivilege	4440	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4440	msiexec.exe
Token: SeLockMemoryPrivilege	4440	msiexec.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
4440	msiexec.exe
4440	msiexec.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4968	4kvideodownloader.exe
4968	4kvideodownloader.exe
4280	4kvideodownloader.exe
4280	4kvideodownloader.exe
3968	firefox.exe
5028	4kvideodownloader.exe
5028	4kvideodownloader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4144	4608	msiexec.exe	69
PID 4608 wrote to memory of 4144	4608	msiexec.exe	69
PID 4608 wrote to memory of 2264	4608	msiexec.exe	70
PID 4608 wrote to memory of 2264	4608	msiexec.exe	70
PID 4608 wrote to memory of 2264	4608	msiexec.exe	70
PID 4608 wrote to memory of 4672	4608	msiexec.exe	74
PID 4608 wrote to memory of 4672	4608	msiexec.exe	74
PID 4608 wrote to memory of 4328	4608	msiexec.exe	76
PID 4608 wrote to memory of 4328	4608	msiexec.exe	76
PID 4608 wrote to memory of 4328	4608	msiexec.exe	76
PID 4608 wrote to memory of 3164	4608	msiexec.exe	77
PID 4608 wrote to memory of 3164	4608	msiexec.exe	77
PID 4608 wrote to memory of 3164	4608	msiexec.exe	77
PID 4440 wrote to memory of 4968	4440	msiexec.exe	79
PID 4440 wrote to memory of 4968	4440	msiexec.exe	79
PID 4968 wrote to memory of 2248	4968	4kvideodownloader.exe	80
PID 4968 wrote to memory of 2248	4968	4kvideodownloader.exe	80
PID 4280 wrote to memory of 2076	4280	4kvideodownloader.exe	82
PID 4280 wrote to memory of 2076	4280	4kvideodownloader.exe	82
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3544 wrote to memory of 3968	3544	firefox.exe	84
PID 3968 wrote to memory of 3364	3968	firefox.exe	85
PID 3968 wrote to memory of 3364	3968	firefox.exe	85
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86
PID 3968 wrote to memory of 4936	3968	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.24.2_x64.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe
  "C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Program Files\4KDownload\4kvideodownloader\crashpad_handler.exe
    "C:/Program Files/4KDownload/4kvideodownloader/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader/4K Video Downloader/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader/4K Video Downloader/../crashdb" --url=https://sentry.io/api/2687296/minidump/?sentry_key=1d5b75bab8b04e9baa04c63b87a5ba2d --annotation=format=minidump --annotation=sentry[release]=4.24.2.5380 --initial-client-data=0x548,0x54c,0x550,0x544,0x554,0x7ff731f91950,0x7ff731f91968,0x7ff731f91980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2248

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 0EBED6E787A3943490D992FE73849550 C
  2⤵
  PID:4144
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4624538BAAB50D9C3D6A89D6E0BB8A5A C
  2⤵
  - Loads dropped DLL
  PID:2264
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4672
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4B390D4E89EE5DA9EAEDCDE7BBF4915E
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 147E29548467F8F13525B1618333F2C4 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3164

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3724

C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe
"C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files\4KDownload\4kvideodownloader\crashpad_handler.exe
  "C:/Program Files/4KDownload/4kvideodownloader/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader/4K Video Downloader/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader/4K Video Downloader/../crashdb" --url=https://sentry.io/api/2687296/minidump/?sentry_key=1d5b75bab8b04e9baa04c63b87a5ba2d --annotation=format=minidump --annotation=sentry[release]=4.24.2.5380 --initial-client-data=0x4f0,0x4f4,0x4f8,0x4ec,0x4fc,0x7ff731f91950,0x7ff731f91968,0x7ff731f91980
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.0.700363197\452755114" -parentBuildID 20221007134813 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0610a970-43de-4b3f-b960-e5e6434d70eb} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 1748 1b8f8916858 gpu
    3⤵
    PID:3364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.1.430020791\1008634618" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20891 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19593ffb-8709-44c6-b665-9c589f295576} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 2104 1b8f74f7a58 socket
    3⤵
    PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.2.985412515\1841288901" -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 2684 -prefsLen 21039 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f5091ea-5e7f-41e2-a842-21db7afbdf98} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 2900 1b8fb649258 tab
    3⤵
    PID:1148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.3.278623400\853617260" -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e83939-c875-43e4-92b7-7b7a8ffbe784} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 3708 1b8fc703858 tab
    3⤵
    PID:2196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.4.917524110\1906060452" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3844 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {916167e5-5edd-4f8f-a63a-0670100c04b5} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 3864 1b8f9f75558 tab
    3⤵
    PID:652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.6.1211038574\1609724181" -childID 5 -isForBrowser -prefsHandle 4788 -prefMapHandle 4792 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22376e93-1347-4356-9dc5-bc30f4aa5dc1} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 4780 1b8fda57058 tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.7.17898355\1859495617" -childID 6 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c450c274-57bc-495c-acb0-c56cb96b8bcc} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 4976 1b8fda70258 tab
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.5.1811330890\666290699" -childID 4 -isForBrowser -prefsHandle 4616 -prefMapHandle 3640 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {040b187a-d7d3-4a72-8f39-72f2d430279f} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 4624 1b8ec12d858 tab
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.8.697646341\829929079" -childID 7 -isForBrowser -prefsHandle 5324 -prefMapHandle 5020 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cb59402-d049-4d9c-a81e-e82093215d67} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 5248 1b8fdea1e58 tab
    3⤵
    PID:4980

C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe
"C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5028
- C:\Program Files\4KDownload\4kvideodownloader\crashpad_handler.exe
  "C:/Program Files/4KDownload/4kvideodownloader/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader/4K Video Downloader/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader/4K Video Downloader/../crashdb" --url=https://sentry.io/api/2687296/minidump/?sentry_key=1d5b75bab8b04e9baa04c63b87a5ba2d --annotation=format=minidump --annotation=sentry[release]=4.24.2.5380 --initial-client-data=0x530,0x534,0x538,0x52c,0x53c,0x7ff731f91950,0x7ff731f91968,0x7ff731f91980
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e571bc6.rbs

Filesize
85KB

MD5
a13f461c616e439006b5eab4e47590f1

SHA1
9a9e71c5e92c93ac36d3b492f8e15eba264262b5

SHA256
a6d8bbeac1a622419dcdeb21d8dcfcd97d4f6a8ca3e304641acfb1c804ea88a0

SHA512
3cb9555a93d21a4f1910e103f70289b216ffae88068a25382c7d6e0405b8c910f61dae5cddf88d4d797dfbb13b8f3e32e041b39b3528d7941e93f296ec3fb33f

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe

Filesize
69.0MB

MD5
93d3db1e74061a15eb1ddba9569adcce

SHA1
6bb3f11420ba2159c489ade5e495f3744a82b2cb

SHA256
c7faa4f5f85c65a81e163396a35b02332f102b2ac60a9a9f08ff44559b24c34d

SHA512
f0bcfba817795abbacb3a19dec7a2677ce418d6cc1df163904e3efe64ece7ab318f4dcb868412f87c8d2f47c10807ede82cd39646df7e0b036c13f6909cc8bce

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe

Filesize
69.0MB

MD5
93d3db1e74061a15eb1ddba9569adcce

SHA1
6bb3f11420ba2159c489ade5e495f3744a82b2cb

SHA256
c7faa4f5f85c65a81e163396a35b02332f102b2ac60a9a9f08ff44559b24c34d

SHA512
f0bcfba817795abbacb3a19dec7a2677ce418d6cc1df163904e3efe64ece7ab318f4dcb868412f87c8d2f47c10807ede82cd39646df7e0b036c13f6909cc8bce

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\MSVCP140.dll

Filesize
561KB

MD5
5d929922569ab6bd3b5fe86cb3b339ca

SHA1
05cd3eed9405026323cc2a88e659f9f839b5001a

SHA256
993727a9372f302dd30359bf059ef251a702ee38335b3b0cda0a9234a2690028

SHA512
f19e91ddeefb0ed8ea814cefd4b1dee90e11b9d2d12d26409484a7ee81e7f571d168be93ae011e4af837ab0c587a1f31be5d330fe990a9564b2413f7fee9d5dc

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\MSVCP140_1.dll

Filesize
32KB

MD5
3587b4dfe5f5fefc5384f2e60d5600ba

SHA1
b1bb7edbfa5b5093fe333dc358ba3d4cfe49f63e

SHA256
9159deccb9537e27b33af9974e85f71092f770b10f42c9a64c794a4fa97ce728

SHA512
b6df1fd846103881e6a5489b884cb35c2c827af6c1c8c050ec87bdc925e3d30d966ac70eecf6eac0db14fc4bd6146f57ca2ec0a750b1befee14be26b0f3234f6

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Core.dll

Filesize
5.8MB

MD5
c8db2c1a884949f36af5ba5d174912e0

SHA1
57c6cfe83b5e945d3c445958c469d4d8ea4dd26c

SHA256
51862c24796894c9093203eff390fa90b3e5ffed8457d691dfb1ee25ea4a1ecc

SHA512
b642091418664b9264e8686cfb50bfa4c972e3a7fb5240fc93f30e570af475999fd4aea8daf2199331bf7cb5f4a3c41cd11cba62f26347a8f7f967cb5e5bcf41

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Gui.dll

Filesize
6.5MB

MD5
367e460a72871d77884bb5c306ea665f

SHA1
1a0eaf4075b8ddede0592ccfefba9b9d34950895

SHA256
e59aae70ce4717c8946358d62cff24bcc7ec3c8871f815b89af554213b2ff328

SHA512
b446e07518df2f8f24166888627e9ec34b0066cddeb1f86fdefc921e595f11759f7b3f053672d33191fbc0e947dfed8a14d9bdba54e25033d0a8d03e9c8136bf

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Network.dll

Filesize
1.3MB

MD5
2f1cd4e24374bbc5b122d9fdae59d50a

SHA1
51e2f70809052b8dd79e00d1f33e6959c0756863

SHA256
c38eefba254bd30ffb9786e0edfec71737887d10a81f7d7f54568dc7760b2433

SHA512
d3172fc5dfe467e417dfaec069ef7f4655dc3e07c4c1a0ee7bbf54e875e4d1c751576e57730a25027a2d888441dcfddb14ec4b1f81d83b5bb62fa761fa3c8dd3

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Qml.dll

Filesize
3.5MB

MD5
f306f710f41b13825f94ec1c67a5c9ed

SHA1
8102360bd583121d4229a1208c18a589886d1b98

SHA256
2f9b1e469167fd78d0bb3f7ad3796e824392a1d0c2bb36f2bfa2cc412b6fe249

SHA512
1ce3fe6d12954ce39d3ddfc5cccf314c438b92a3ff648c89e42bc04c23e5fce4d24758b64bba438b1a47d181ecf0bf828c7164afbeda0c078b5085f4f9dbfdb0

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Quick.dll

Filesize
4.0MB

MD5
f876441e2b2c820c02f2e53f0030e89c

SHA1
5ea1949f12a273c066e063d5880baa6ab7e1f54b

SHA256
05472a0f249ddee3bc6dcdd20b71d795366bd55abbf263fe8b34f35e6bc38414

SHA512
e9cc554f2ebc7a5398a8b627286110d3171dd3fa37975ac5668f3dddd3ece113ca8df76963e4440eea1a410167e71ca1f4c19fe8f609a688f405b269fb9592d0

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5WebEngine.dll

Filesize
375KB

MD5
3c945923002dbb16b7a8c8324322307f

SHA1
75ffc8f993c96a73da79e3c02bf3eda89ecd2901

SHA256
20b5b74309d994fb5af116fadfc2271708122066d417256420cad539e34c3bbe

SHA512
89eeea17f9cb2ef2d131cc62b258364a6f48e7955d7f7e3a135f71c8201cad39288f6c2d5c518589d36dfa2fd4e245f64dbc125cfe66a749730fe6d4af5f710d

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5WebEngineCore.dll

Filesize
94.4MB

MD5
1dd423aae38ece33103e07ff250b70b5

SHA1
f827ee05484d116ef254ce3fecb967a08793dfa1

SHA256
659cd8013d60ccc3c264e19fdc74b4768d6088910f10830d057d6e92e75dbc12

SHA512
cea67522951fbfa5d3dade21550e8c8c9bec7bbee83072e753f61966bbbb960a59d763e1936efb7763d522287fbffbc8701705c678f8f28740614c79841af629

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5WebEngineWidgets.dll

Filesize
248KB

MD5
067b5bd97ec81c01698e1c8fe5d906a6

SHA1
de3ca7c7fb9765647c1f0d78e3d75f4ee503b06f

SHA256
1d5a5e75808441b818414684b45be266174d3ee4dd51cfc2c74c39e6cbddc392

SHA512
be53ccf00b1c2ecc0ae21a84093583204225b9f76cee6fa9c8c5ba7202ba4f6f54276122eb3db5cac25fc24c7a0f962306bcfe1f3e9fe95444811c522bfa7898

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Widgets.dll

Filesize
5.3MB

MD5
bbda180b8ab9f61722452dcd4b471776

SHA1
0937847e9bb194878ad77596e913238e055a7c79

SHA256
bbe7fdc75461d194bdbb7a64eec3f80be294ac6c0bafb10df6123f4eed1f507b

SHA512
ac5678aa794533f9ac776505dea0826f3293ea74d2b07604b4e4b2aeed8e247213df94ce03bebf9491ba96be16ac3ef2726b5a00430f848452b7cf75f2462e94

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5WinExtras.dll

Filesize
234KB

MD5
d7c99b36312c5f2305337c177e5c20a5

SHA1
7d83c02c84d5c2d6e156a8966082f718ef492864

SHA256
055b1348fb55833e5daed35119cec60fdb8926f18dcf17221f6646cf53fe6a0a

SHA512
e133397497a59d527f02cf9f1295364e619e583922ac47f7f0c3c14e91a9a80597029dac410744bc84f2ede7047e8d9a2d591eaf9224c8b67460a7a60ae3176b

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\Qt5Xml.dll

Filesize
213KB

MD5
a3145d93294e0d82323cf9ff42cf9726

SHA1
ecd107a596443b45fb1baf80845d999f4a0f4cd1

SHA256
650a28494e4b7bba73712fbd731dd90e8d8a6d30aa17ffdeb085b3859e282c44

SHA512
32dce97d4cc7705cd3c7d99ac474f624b0d394dfd3ef52e4a316a5067de02f4587aff03d80d89614515062670860561d18d0ca6ac95912f86943e91894d5e726

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\VCRUNTIME140.dll

Filesize
104KB

MD5
a320b9856535bdf4c049c0a194a7aad4

SHA1
c12d95269026b425727d3e6e2a66c9ef5cb30bdc

SHA256
d275f6e2e269dc453f1d24be3ef4b50c158b8d0215de18eec60abffa271c55a4

SHA512
4812852844c8b8c44a8d18c0a8ddf3610e1b5928de9539667ae294c1fab47b08f2950e78aadacd91442af4b5b8ce47bb7dfdcff01c021d8dc80eb5fb516fe7b1

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\VCRUNTIME140_1.dll

Filesize
45KB

MD5
e0e2b46853b73bc5a4b9bddc82573c9b

SHA1
c814a3590824866cf05a142aa8fb0c6e17a98735

SHA256
2a41c7b539c5bc684ee973cad3ca303afab181cb8aaf431c19cc608e747b6769

SHA512
fe6c0cbffafe155c5842a5c7ac23f8138b2925b9f6bd9d858a2a4f0d4279d55c82186697e1528c3ddb4bc3b0c878d2d8e4b044749c698418f8605d5f75f36cde

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\avcodec-58.dll

Filesize
25.1MB

MD5
4e950ec22d87a34897d2a77384a167a5

SHA1
1dd1cfd63ac512a1eedf411f5646aa5c93a2f29f

SHA256
8dd39f63a5ba9545094e1f08f7f096dc29226337c682ca593187346d16bcdac8

SHA512
6356a5ced1f4e55e826d774e5f65c84cddd473ea6d536475597905fc8c7d7b00f998de1ab0c2182bdd6e77c1a3acb5cbceaf0eafd2ba215166dac6dc5acc89d7

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\avformat-58.dll

Filesize
2.2MB

MD5
2828ef7e9912c40f6a84e4ca6b68aea6

SHA1
fe8852ed5501b82b10fadb04eef8053af7eda086

SHA256
70a40fe8dbf42159890915ac1097589e5b05ba581159608c6775b104d2e373d2

SHA512
ac1b0b18a2bf867f3fd467cc46d7b94f8c0259a2e3cd9342a06961969af4f8099a96b772674e71e9c894a85bf7fba6e36a6fc4de09300d210cd2094326b8ddaf

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\avutil-56.dll

Filesize
541KB

MD5
d8832af1ce10ec0cae9c62808aed211d

SHA1
71f07210bd7fd2e67cf4d49e82b8a08b8a902b3a

SHA256
ff194c990c69e33bb1fa611e8e5f5bd207425d085864e7442847cd30e11f874d

SHA512
995213ed5908b4606e88401cb155e36113ee63fb86483e7a46d852ab4b5daabda0a72d4519f3e11c543dd49e6690b10a8c6d7c5e8d00ef921edeb12c00dcb8bb

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\libcrypto-1_1-x64.dll

Filesize
3.1MB

MD5
d72832089a3ab26755d9a1290ca25644

SHA1
b7dfe4b63e375483dd0a7798ca7f9eb7d423095b

SHA256
92564219c30e24c03b4a7a892418fd4e2296d5d4570236c170d824555b2d837e

SHA512
d678e0db9a46ca1ea102748a154f0cb21bc7c8eac07f435e045f5fcaa1523fc91c21cc4846cda8d1b085489cd529e6ba55eeb384783d9f01548d043ade7d2df5

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\libmp3lame.DLL

Filesize
326KB

MD5
a85fc275f8bedec43cb1de4f98e33d1d

SHA1
ef5880296b6129b3863dcfc9cf560386aa815da0

SHA256
49440b09c961d73ace9827335c4d78f0cf0a9e9962edf1c8bae19e6e2521af1d

SHA512
99aadcb777215c8c111a7e2fab3ec1429dce80310e81d018c021fef3f4c11725f6d8624982c9a231a26bbd7ab0e1510717fd91530121c281e2ac35aa38aea7be

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\libssl-1_1-x64.dll

Filesize
639KB

MD5
0a0d474f526a31fe37680fb005ddf049

SHA1
d4b6e155e8ab7b431b7eb7fa3e9d3db1115949d8

SHA256
1c2fe2b424a1ae754601102c17df35568cbb634e4890b36b175ce7bf1a702658

SHA512
eaf4168f0266ba45f86a68454a0ef5195c4c56aa51e03951de558be76ded7596626beccf3b08f404ad809f74a8496edd1619a2b3c325abfc8130c7ff71f0e107

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\portaudio_x64.dll

Filesize
272KB

MD5
470ca3fb5ae0b05c9a9e0f59e9de9f7d

SHA1
7e34c4519553a03efc60b29ec332c3c4b142d431

SHA256
4730c6d34229c6c0d46280feddf54773609e0e9d9dbe5459e4bbae801df94736

SHA512
cfbc1bf3910283131a2dae0f5b13e49887622c186ca469363708802b515788e86a254139468cdd8e4839441e777efe45b0180980c8ab015cc368339658d92564

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\swresample-3.dll

Filesize
184KB

MD5
d48c7df076e06adfd30d737b0ee658be

SHA1
5d30f536150ece5236a859206cd48f9c9351d6c0

SHA256
a90c2d279278db405f6b8b8bc080ecaa04a63db84da78b46ceac255021a2d4e5

SHA512
2615e943964db5565193b34551dfff15abc551023710f0f4c15bfb648f60f28f8935226761349cf7baebebe95edcf529024fb004b7c7f9560d8d346e3df2d6d3

Download Submit
C:\Program Files\4KDownload\4kvideodownloader\swscale-5.dll

Filesize
669KB

MD5
e1f0bbb000ecd59fbbd23f2d86d4265f

SHA1
97f1a8847211556951f6668b935ad51ac4f32b07

SHA256
4ef7521ecb22356e0a8b141b228ad6d7f62c4cfb9b13009089f6c5ba35e9c0ee

SHA512
1608496f4c215da788a7c015d085a2d1d6359e3cc6176fc79610901e468d4da2cdb226a96302d6a357eae6bd97c7a780900efbee96704dfc3133d6e7efbc57f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_E5EB49858334DEE105651B5FB4B72743

Filesize
727B

MD5
065dc754ae3dc8332c9d96ae15b484d7

SHA1
77f211c84f456980b61e7a59bdc2367037489142

SHA256
687e081bfd2afbd81a623ac12c9a94444a04c1bc5d6803b6243e71defbef5c4b

SHA512
56ed3bc34a35bfe9bd120d5764fabbc53ac82b8efeba2ded5016a5744517d8fa407624eb5f5dd84632e162f44206c855173167cb9290bf745e3cf9133f9a4381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
05a540073de5aaf09fb378ca59e0bcd5

SHA1
6e4695dd63e0505b0db4465cfb0f91ec026302cb

SHA256
f7aec5a7220c64ec64fa4c03a98bc444d02147be87eb3c580e920c362a725da2

SHA512
48f9e4e34ae2bf357c7443c960f97e0dc64a521076a5f5372d41c23c373bb3b59a8bbb0a2bb5c29633bf803fcc5dfff8b2c233530f4c4ae4605c789f4efff094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_E5EB49858334DEE105651B5FB4B72743

Filesize
434B

MD5
57a5d79c967000455598bce4b208bb12

SHA1
12316ba49a8fa75b9a7ab6d10a2b988194060465

SHA256
afd839983ded5f387bbe4a8435383b79dbfd4c009cc996002897220ed5e1f057

SHA512
c865790071b1654150ddfbc91cae662fa6cf4c1368bf8130ba7a259400de84b59e042b0b975561200fbf894895c617b91d6431ae7ddbf615519e22c6ef47a778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
871a430c8819de3cf5d60830e027aa9c

SHA1
e72c8426347ade3af26296db6d5183ce152cd63c

SHA256
81a04fe8bda4166dade48ddd3a87807e0b148263c31c70e9ab58110de53a39bd

SHA512
1172a746a0ceef7d42f46de19f37c276ece9018d0f722f5263b1d992f959882a7ad5e162f1c9c5b2792aec94affb9232f56a74ca24d2ef42c32bea35449679c0

Download Submit
C:\Users\Admin\AppData\Local\4kdownload.com\4K Video Downloader\crashdb\reports\086b81a7-5865-46c8-8509-dd33dce0e692.dmp

Filesize
1001KB

MD5
303c6ef8dbda49fee79bc5eff0d6db98

SHA1
39ddee6df9111f651bfdfe833d1f238472e15027

SHA256
05fd78bf6dcc4bd1265a5118b3f8aa3618cf18e67ba19b82fdbc1141b9b4d719

SHA512
f5f88a8f270a8dcfc47b44b5218ca745e73c569b15a5fa9eb5f769ad54dbd8d1f94c6ed714cd122a691e98cb54a7868eb2dd2fb76dcd13a9bcbf135d39578c14

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp

Filesize
143KB

MD5
5403ce02f74f3ff48d992fa23749655e

SHA1
cf201fae6a6756cae2ce5adec1147aa20cf0505e

SHA256
41479e4c90d363dccd9a448e5db3670f646f9c5a38d9a06a7fa7277c0ab4e33f

SHA512
c2d42037499ab3c5f8a1bbc1b7a2f21b7144223be80714574ae6e2fe4f3c2ca7c9402b9dc0e1fab4a550b6672ece392caedc13e6137b17f959ab595b51ffe86d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA3E6.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js

Filesize
6KB

MD5
cdb5a91b7898f75f98e448e80b41dba6

SHA1
c749651f98e32a2320d2e52fd467fd6217660535

SHA256
ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc

SHA512
b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
27b0a96ead94e9b12b146ceec3f3f528

SHA1
63031367f037a5459c296d931e5c8d244021055f

SHA256
0413a54ac76c386d14f5e11f172d4140a52e8fc0b3fcc22eb019cc2806fdbfeb

SHA512
f77fd8e4b0c47a0333da49eb3fa28b6d3b730288f0738fe5f5c3bbfba938178b8131e95f946e630398d104ccbafdb5f1b716212130b313ffacac380b951fd034

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a2549e5966a48d32b7a719dd95feb54c

SHA1
a63163fcec0c237f3de27910ed9ea1d58b748d0e

SHA256
0e8c75f71277eee7b664959abe01124497c33d45f7ee109694b4ddd407fb2dfc

SHA512
8c44f58560f4a57ebd7c177706ad65be069ded3d995cc5b83fb8d601c3bcf8a5e64e3c19af84bb5e1078df69c05a2e422fe2318eaa9cf73be5036fe89db289df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
065d571a93681b2274cfc25cfacc2394

SHA1
774134cfb5c16bfc8328e7f512a6e3807abd5f3e

SHA256
e6f969d35a5fd638085b4e97fdb93a467bc3b82718bb63e76e92e14e07da4066

SHA512
711b61985c3d6f96b78127cbfec98a556b158047f8d418ac484c8ff033492e2250c7263f0233d22bef7006b475e214603ee02739409e130d07f87f0c686e712d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
2345e534e0d8c132f9b4a983d0e480db

SHA1
1077cc774097ac8076ef505f9b1d01c5fd9f7c1e

SHA256
7beae69b23b4f6026600aa69e3845266a4012e3bf4eac6318f1dfd5dade674b4

SHA512
5793abe32fe4241469dd1da9e0f8e627cf857c52f6169cc6c1ffd1625c2b718279b549189b56ea61c063f224e153b98b05161eac07952d8ee19ecc41b269a5ed

Download Submit
C:\Windows\Installer\MSI24FE.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI2F9E.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI4636.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI4636.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\e571bc5.msi

Filesize
93.4MB

MD5
c10b3253ead7e7605276592160578d8c

SHA1
927b3789a8d51275c90ea47268aedef02dc0e445

SHA256
2a487d89f5f3723c36536536d204390cf0dfa7e317bb1d8970a69ba9b18882c8

SHA512
24ec525fc96d2a5d94d02a1854cb5b4ace548044175619683cc27da3f64a0661bf16ad52d3144f73f703d9862fddf72f952aaebe1660d163be51dbcb4d546559

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
25.0MB

MD5
fa5e1fd3cd9d6a4de645d553e82c0fb1

SHA1
c07757bf3689990df195bec9eb4cb70bbc9eab40

SHA256
99b28f678a1477dd5d79b1a65b703be89451a226baf231882d4a008b0155198b

SHA512
bcc2ed43291f1a3d60c5d174030ab9b86163adf871ee4d7b750348f2c1805f50f938506749b65a0f5e415d5a54c2c1393af52041a09f2b53342d8fb04f07a764

Download Submit
\??\Volume{ce598122-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6304b964-33b1-4993-b24c-b1938142f5c9}_OnDiskSnapshotProp

Filesize
5KB

MD5
bb57612631a39b4beec7b8a8362db716

SHA1
f04a1eb0fa61fc93da3f8e61b9da931decb6063e

SHA256
265d526d889fb47d37a3ccb894df532776323553768f0166971cdb8094754101

SHA512
85606991fad71b3f395a16089333a8bebf656fa046775575edd13ccd481d82e58dd896ee7592e63b784b5b103f7850abbf7b497282d296591c8828ae0a968c9c

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Core.dll

Filesize
5.8MB

MD5
c8db2c1a884949f36af5ba5d174912e0

SHA1
57c6cfe83b5e945d3c445958c469d4d8ea4dd26c

SHA256
51862c24796894c9093203eff390fa90b3e5ffed8457d691dfb1ee25ea4a1ecc

SHA512
b642091418664b9264e8686cfb50bfa4c972e3a7fb5240fc93f30e570af475999fd4aea8daf2199331bf7cb5f4a3c41cd11cba62f26347a8f7f967cb5e5bcf41

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Gui.dll

Filesize
6.5MB

MD5
367e460a72871d77884bb5c306ea665f

SHA1
1a0eaf4075b8ddede0592ccfefba9b9d34950895

SHA256
e59aae70ce4717c8946358d62cff24bcc7ec3c8871f815b89af554213b2ff328

SHA512
b446e07518df2f8f24166888627e9ec34b0066cddeb1f86fdefc921e595f11759f7b3f053672d33191fbc0e947dfed8a14d9bdba54e25033d0a8d03e9c8136bf

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Network.dll

Filesize
1.3MB

MD5
2f1cd4e24374bbc5b122d9fdae59d50a

SHA1
51e2f70809052b8dd79e00d1f33e6959c0756863

SHA256
c38eefba254bd30ffb9786e0edfec71737887d10a81f7d7f54568dc7760b2433

SHA512
d3172fc5dfe467e417dfaec069ef7f4655dc3e07c4c1a0ee7bbf54e875e4d1c751576e57730a25027a2d888441dcfddb14ec4b1f81d83b5bb62fa761fa3c8dd3

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Qml.dll

Filesize
3.5MB

MD5
f306f710f41b13825f94ec1c67a5c9ed

SHA1
8102360bd583121d4229a1208c18a589886d1b98

SHA256
2f9b1e469167fd78d0bb3f7ad3796e824392a1d0c2bb36f2bfa2cc412b6fe249

SHA512
1ce3fe6d12954ce39d3ddfc5cccf314c438b92a3ff648c89e42bc04c23e5fce4d24758b64bba438b1a47d181ecf0bf828c7164afbeda0c078b5085f4f9dbfdb0

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Quick.dll

Filesize
4.0MB

MD5
f876441e2b2c820c02f2e53f0030e89c

SHA1
5ea1949f12a273c066e063d5880baa6ab7e1f54b

SHA256
05472a0f249ddee3bc6dcdd20b71d795366bd55abbf263fe8b34f35e6bc38414

SHA512
e9cc554f2ebc7a5398a8b627286110d3171dd3fa37975ac5668f3dddd3ece113ca8df76963e4440eea1a410167e71ca1f4c19fe8f609a688f405b269fb9592d0

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5WebEngine.dll

Filesize
375KB

MD5
3c945923002dbb16b7a8c8324322307f

SHA1
75ffc8f993c96a73da79e3c02bf3eda89ecd2901

SHA256
20b5b74309d994fb5af116fadfc2271708122066d417256420cad539e34c3bbe

SHA512
89eeea17f9cb2ef2d131cc62b258364a6f48e7955d7f7e3a135f71c8201cad39288f6c2d5c518589d36dfa2fd4e245f64dbc125cfe66a749730fe6d4af5f710d

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5WebEngineCore.dll

Filesize
94.4MB

MD5
1dd423aae38ece33103e07ff250b70b5

SHA1
f827ee05484d116ef254ce3fecb967a08793dfa1

SHA256
659cd8013d60ccc3c264e19fdc74b4768d6088910f10830d057d6e92e75dbc12

SHA512
cea67522951fbfa5d3dade21550e8c8c9bec7bbee83072e753f61966bbbb960a59d763e1936efb7763d522287fbffbc8701705c678f8f28740614c79841af629

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5WebEngineWidgets.dll

Filesize
248KB

MD5
067b5bd97ec81c01698e1c8fe5d906a6

SHA1
de3ca7c7fb9765647c1f0d78e3d75f4ee503b06f

SHA256
1d5a5e75808441b818414684b45be266174d3ee4dd51cfc2c74c39e6cbddc392

SHA512
be53ccf00b1c2ecc0ae21a84093583204225b9f76cee6fa9c8c5ba7202ba4f6f54276122eb3db5cac25fc24c7a0f962306bcfe1f3e9fe95444811c522bfa7898

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Widgets.dll

Filesize
5.3MB

MD5
bbda180b8ab9f61722452dcd4b471776

SHA1
0937847e9bb194878ad77596e913238e055a7c79

SHA256
bbe7fdc75461d194bdbb7a64eec3f80be294ac6c0bafb10df6123f4eed1f507b

SHA512
ac5678aa794533f9ac776505dea0826f3293ea74d2b07604b4e4b2aeed8e247213df94ce03bebf9491ba96be16ac3ef2726b5a00430f848452b7cf75f2462e94

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5WinExtras.dll

Filesize
234KB

MD5
d7c99b36312c5f2305337c177e5c20a5

SHA1
7d83c02c84d5c2d6e156a8966082f718ef492864

SHA256
055b1348fb55833e5daed35119cec60fdb8926f18dcf17221f6646cf53fe6a0a

SHA512
e133397497a59d527f02cf9f1295364e619e583922ac47f7f0c3c14e91a9a80597029dac410744bc84f2ede7047e8d9a2d591eaf9224c8b67460a7a60ae3176b

Download Submit
\Program Files\4KDownload\4kvideodownloader\Qt5Xml.dll

Filesize
213KB

MD5
a3145d93294e0d82323cf9ff42cf9726

SHA1
ecd107a596443b45fb1baf80845d999f4a0f4cd1

SHA256
650a28494e4b7bba73712fbd731dd90e8d8a6d30aa17ffdeb085b3859e282c44

SHA512
32dce97d4cc7705cd3c7d99ac474f624b0d394dfd3ef52e4a316a5067de02f4587aff03d80d89614515062670860561d18d0ca6ac95912f86943e91894d5e726

Download Submit
\Program Files\4KDownload\4kvideodownloader\avcodec-58.dll

Filesize
25.1MB

MD5
4e950ec22d87a34897d2a77384a167a5

SHA1
1dd1cfd63ac512a1eedf411f5646aa5c93a2f29f

SHA256
8dd39f63a5ba9545094e1f08f7f096dc29226337c682ca593187346d16bcdac8

SHA512
6356a5ced1f4e55e826d774e5f65c84cddd473ea6d536475597905fc8c7d7b00f998de1ab0c2182bdd6e77c1a3acb5cbceaf0eafd2ba215166dac6dc5acc89d7

Download Submit
\Program Files\4KDownload\4kvideodownloader\avformat-58.dll

Filesize
2.2MB

MD5
2828ef7e9912c40f6a84e4ca6b68aea6

SHA1
fe8852ed5501b82b10fadb04eef8053af7eda086

SHA256
70a40fe8dbf42159890915ac1097589e5b05ba581159608c6775b104d2e373d2

SHA512
ac1b0b18a2bf867f3fd467cc46d7b94f8c0259a2e3cd9342a06961969af4f8099a96b772674e71e9c894a85bf7fba6e36a6fc4de09300d210cd2094326b8ddaf

Download Submit
\Program Files\4KDownload\4kvideodownloader\avutil-56.dll

Filesize
541KB

MD5
d8832af1ce10ec0cae9c62808aed211d

SHA1
71f07210bd7fd2e67cf4d49e82b8a08b8a902b3a

SHA256
ff194c990c69e33bb1fa611e8e5f5bd207425d085864e7442847cd30e11f874d

SHA512
995213ed5908b4606e88401cb155e36113ee63fb86483e7a46d852ab4b5daabda0a72d4519f3e11c543dd49e6690b10a8c6d7c5e8d00ef921edeb12c00dcb8bb

Download Submit
\Program Files\4KDownload\4kvideodownloader\libcrypto-1_1-x64.dll

Filesize
3.1MB

MD5
d72832089a3ab26755d9a1290ca25644

SHA1
b7dfe4b63e375483dd0a7798ca7f9eb7d423095b

SHA256
92564219c30e24c03b4a7a892418fd4e2296d5d4570236c170d824555b2d837e

SHA512
d678e0db9a46ca1ea102748a154f0cb21bc7c8eac07f435e045f5fcaa1523fc91c21cc4846cda8d1b085489cd529e6ba55eeb384783d9f01548d043ade7d2df5

Download Submit
\Program Files\4KDownload\4kvideodownloader\libmp3lame.dll

Filesize
326KB

MD5
a85fc275f8bedec43cb1de4f98e33d1d

SHA1
ef5880296b6129b3863dcfc9cf560386aa815da0

SHA256
49440b09c961d73ace9827335c4d78f0cf0a9e9962edf1c8bae19e6e2521af1d

SHA512
99aadcb777215c8c111a7e2fab3ec1429dce80310e81d018c021fef3f4c11725f6d8624982c9a231a26bbd7ab0e1510717fd91530121c281e2ac35aa38aea7be

Download Submit
\Program Files\4KDownload\4kvideodownloader\libssl-1_1-x64.dll

Filesize
639KB

MD5
0a0d474f526a31fe37680fb005ddf049

SHA1
d4b6e155e8ab7b431b7eb7fa3e9d3db1115949d8

SHA256
1c2fe2b424a1ae754601102c17df35568cbb634e4890b36b175ce7bf1a702658

SHA512
eaf4168f0266ba45f86a68454a0ef5195c4c56aa51e03951de558be76ded7596626beccf3b08f404ad809f74a8496edd1619a2b3c325abfc8130c7ff71f0e107

Download Submit
\Program Files\4KDownload\4kvideodownloader\msvcp140.dll

Filesize
561KB

MD5
5d929922569ab6bd3b5fe86cb3b339ca

SHA1
05cd3eed9405026323cc2a88e659f9f839b5001a

SHA256
993727a9372f302dd30359bf059ef251a702ee38335b3b0cda0a9234a2690028

SHA512
f19e91ddeefb0ed8ea814cefd4b1dee90e11b9d2d12d26409484a7ee81e7f571d168be93ae011e4af837ab0c587a1f31be5d330fe990a9564b2413f7fee9d5dc

Download Submit
\Program Files\4KDownload\4kvideodownloader\msvcp140_1.dll

Filesize
32KB

MD5
3587b4dfe5f5fefc5384f2e60d5600ba

SHA1
b1bb7edbfa5b5093fe333dc358ba3d4cfe49f63e

SHA256
9159deccb9537e27b33af9974e85f71092f770b10f42c9a64c794a4fa97ce728

SHA512
b6df1fd846103881e6a5489b884cb35c2c827af6c1c8c050ec87bdc925e3d30d966ac70eecf6eac0db14fc4bd6146f57ca2ec0a750b1befee14be26b0f3234f6

Download Submit
\Program Files\4KDownload\4kvideodownloader\portaudio_x64.dll

Filesize
272KB

MD5
470ca3fb5ae0b05c9a9e0f59e9de9f7d

SHA1
7e34c4519553a03efc60b29ec332c3c4b142d431

SHA256
4730c6d34229c6c0d46280feddf54773609e0e9d9dbe5459e4bbae801df94736

SHA512
cfbc1bf3910283131a2dae0f5b13e49887622c186ca469363708802b515788e86a254139468cdd8e4839441e777efe45b0180980c8ab015cc368339658d92564

Download Submit
\Program Files\4KDownload\4kvideodownloader\swresample-3.dll

Filesize
184KB

MD5
d48c7df076e06adfd30d737b0ee658be

SHA1
5d30f536150ece5236a859206cd48f9c9351d6c0

SHA256
a90c2d279278db405f6b8b8bc080ecaa04a63db84da78b46ceac255021a2d4e5

SHA512
2615e943964db5565193b34551dfff15abc551023710f0f4c15bfb648f60f28f8935226761349cf7baebebe95edcf529024fb004b7c7f9560d8d346e3df2d6d3

Download Submit
\Program Files\4KDownload\4kvideodownloader\swscale-5.dll

Filesize
669KB

MD5
e1f0bbb000ecd59fbbd23f2d86d4265f

SHA1
97f1a8847211556951f6668b935ad51ac4f32b07

SHA256
4ef7521ecb22356e0a8b141b228ad6d7f62c4cfb9b13009089f6c5ba35e9c0ee

SHA512
1608496f4c215da788a7c015d085a2d1d6359e3cc6176fc79610901e468d4da2cdb226a96302d6a357eae6bd97c7a780900efbee96704dfc3133d6e7efbc57f7

Download Submit
\Program Files\4KDownload\4kvideodownloader\vcruntime140.dll

Filesize
104KB

MD5
a320b9856535bdf4c049c0a194a7aad4

SHA1
c12d95269026b425727d3e6e2a66c9ef5cb30bdc

SHA256
d275f6e2e269dc453f1d24be3ef4b50c158b8d0215de18eec60abffa271c55a4

SHA512
4812852844c8b8c44a8d18c0a8ddf3610e1b5928de9539667ae294c1fab47b08f2950e78aadacd91442af4b5b8ce47bb7dfdcff01c021d8dc80eb5fb516fe7b1

Download Submit
\Program Files\4KDownload\4kvideodownloader\vcruntime140_1.dll

Filesize
45KB

MD5
e0e2b46853b73bc5a4b9bddc82573c9b

SHA1
c814a3590824866cf05a142aa8fb0c6e17a98735

SHA256
2a41c7b539c5bc684ee973cad3ca303afab181cb8aaf431c19cc608e747b6769

SHA512
fe6c0cbffafe155c5842a5c7ac23f8138b2925b9f6bd9d858a2a4f0d4279d55c82186697e1528c3ddb4bc3b0c878d2d8e4b044749c698418f8605d5f75f36cde

Download Submit
\Users\Admin\AppData\Local\Temp\MSIA3E6.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
\Windows\Installer\MSI24FE.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Installer\MSI2F9E.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Installer\MSI4636.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
memory/4280-586-0x00007FFC33590000-0x00007FFC33ADA000-memory.dmp

Filesize
5.3MB

Download
memory/4280-587-0x00007FF72DDA0000-0x00007FF7322B9000-memory.dmp

Filesize
69.1MB

Download
memory/4280-588-0x000002A46BFE0000-0x000002A46BFF0000-memory.dmp

Filesize
64KB

Download
memory/4280-599-0x000002A46BFE0000-0x000002A46BFF0000-memory.dmp

Filesize
64KB

Download
memory/4280-585-0x00007FFC309F0000-0x00007FFC30DEB000-memory.dmp

Filesize
4.0MB

Download
memory/4968-551-0x00007FFC32320000-0x00007FFC3286A000-memory.dmp

Filesize
5.3MB

Download
memory/4968-552-0x00007FFC2E210000-0x00007FFC2E60B000-memory.dmp

Filesize
4.0MB

Download
memory/4968-562-0x0000014526660000-0x0000014526670000-memory.dmp

Filesize
64KB

Download
memory/4968-561-0x00000145262D0000-0x0000014526479000-memory.dmp

Filesize
1.7MB

Download
memory/4968-553-0x00007FF72DDA0000-0x00007FF7322B9000-memory.dmp

Filesize
69.1MB

Download
memory/5028-798-0x00007FFC2FD90000-0x00007FFC3018B000-memory.dmp

Filesize
4.0MB

Download
memory/5028-797-0x00007FFC32FC0000-0x00007FFC3350A000-memory.dmp

Filesize
5.3MB

Download
memory/5028-799-0x00007FF72DDA0000-0x00007FF7322B9000-memory.dmp

Filesize
69.1MB

Download
memory/5028-802-0x000002142D900000-0x000002142D910000-memory.dmp

Filesize
64KB

Download
memory/5028-827-0x0000021430FE0000-0x00000214310CB000-memory.dmp

Filesize
940KB

Download
memory/5028-828-0x0000021431C00000-0x0000021431CF4000-memory.dmp

Filesize
976KB

Download
memory/5028-829-0x000002142D900000-0x000002142D910000-memory.dmp

Filesize
64KB

Download