61c11fd68de2448e1c396b811052766d4dbaf1812079b0b5278478eda367efb0

Analysis

max time kernel
75s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-02-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aTube_Catcher_FREE_9991.exe
Size

24.1MB
MD5

eec82d625010a7a177035dc6d7540824
SHA1

3ff6ef5202a0b2d35d7509f703e3ae6d79305acd
SHA256

61c11fd68de2448e1c396b811052766d4dbaf1812079b0b5278478eda367efb0
SHA512

0ceabe9034c87149148d47e5302a1ee2a33b0739c897d6c51a7ea865db7fdbcf23ce0599f7155820a92948f7522e2c4a7acff0a9b4e7fe48d4e0eeeda427ef94
SSDEEP

393216:AdrXnY1guAEElI9BUfibFyqpYCD8apON5AtWPm/v7xltQ/UiZdmuSngSLcGKrRi:iygx4UypVxpQAtKmHrtPBnRLcGKrRi

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

aTube_Catcher_FREE_9991.tmpeWorker.exeyct.exe

pid process

2272 aTube_Catcher_FREE_9991.tmp
1476 eWorker.exe
752 yct.exe

Loads dropped DLL 46 IoCs

Processes:

aTube_Catcher_FREE_9991.exeaTube_Catcher_FREE_9991.tmpregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeyct.exe

pid	process
2244	aTube_Catcher_FREE_9991.exe
2272	aTube_Catcher_FREE_9991.tmp
2272	aTube_Catcher_FREE_9991.tmp
2272	aTube_Catcher_FREE_9991.tmp
1568	regsvr32.exe
2756	regsvr32.exe
2732	regsvr32.exe
2284	regsvr32.exe
2112	regsvr32.exe
1752	regsvr32.exe
2784	regsvr32.exe
1636	regsvr32.exe
2008	regsvr32.exe
2096	regsvr32.exe
2188	regsvr32.exe
2188	regsvr32.exe
2436	regsvr32.exe
2432	regsvr32.exe
2576	regsvr32.exe
2616	regsvr32.exe
2612	regsvr32.exe
2500	regsvr32.exe
2560	regsvr32.exe
2560	regsvr32.exe
2468	regsvr32.exe
2128	regsvr32.exe
2624	regsvr32.exe
2624	regsvr32.exe
2488	regsvr32.exe
2636	regsvr32.exe
2352	regsvr32.exe
2368	regsvr32.exe
2416	regsvr32.exe
2252	regsvr32.exe
2272	aTube_Catcher_FREE_9991.tmp
2272	aTube_Catcher_FREE_9991.tmp
2272	aTube_Catcher_FREE_9991.tmp
752	yct.exe
752	yct.exe
752	yct.exe
752	yct.exe
752	yct.exe
752	yct.exe
752	yct.exe
752	yct.exe
752	yct.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

rundll32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 10 IoCs

Processes:

aTube_Catcher_FREE_9991.tmpregsvr32.exerundll32.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\DartSock.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Windows\SysWOW64\is-T2D3T.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Windows\SysWOW64\is-NNG18.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Windows\SysWOW64\ScrRecX.log	regsvr32.exe
File opened for modification	C:\Windows\SysWOW64\DartSecure2.dll	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Windows\SysWOW64\DartCertificate.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Windows\SysWOW64\is-JRR5M.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Windows\SysWOW64\SET752.tmp	rundll32.exe
File created	C:\Windows\SysWOW64\SET752.tmp	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\fmcodec.DLL	rundll32.exe

Drops file in Program Files directory 64 IoCs

Processes:

aTube_Catcher_FREE_9991.tmpyct.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\unins000.dat	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-M06TM.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-F47GJ.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\MPG1.apf	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-2NEVP.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\BDR\is-ECR3J.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-UPBRH.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\MP3_192.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudiodata.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-UPG66.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-6NQTL.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-9DBGU.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-1B0UE.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\english.txt	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudio.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-4ACJI.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-T6O5B.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-1GU9V.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-6BMSV.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\is-IC0NV.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\SVCDNTSC.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ExButton.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-BI51O.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\is-Q90F0.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\3G2352X288.apf	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-5R8FF.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\is-RF24D.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-KO0IE.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\DVDNTSC.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\FLV.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\SWF.apf	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-C320J.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\DVDPAL.apf	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-ECVMI.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-UTLH0.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\is-NQJG8.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\IPHONE320x240.apf	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-4EEK8.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-9P0RU.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\is-1PG59.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\catala.txt	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\french.txt	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\PVCD.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ExGrid.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-K5VJO.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-5VKPD.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\polish.txt	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-FNVT8.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Language\is-GMGN6.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\BBCELLH320x240.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\MP3_320.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\aTubeRec.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-IQ2JM.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-M937H.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\Profiles\is-J4RFF.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\AVIDIVX.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\MOV.apf	yct.exe
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomwaveform.dll	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-VI90I.tmp	aTube_Catcher_FREE_9991.tmp
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-0RERI.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\PROGRAM FILES (X86)\DSNET CORP\ATUBE CATCHER 2.0\LANGUAGE\ENGLISH.TXT	yct.exe
File created	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\is-93UVV.tmp	aTube_Catcher_FREE_9991.tmp
File opened for modification	C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\profiles\IPAD.apf	yct.exe

Drops file in Windows directory 4 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.app.log	rundll32.exe
File opened for modification	C:\Windows\INF\SET751.tmp	rundll32.exe
File created	C:\Windows\INF\SET751.tmp	rundll32.exe
File opened for modification	C:\Windows\INF\fmcodec.INF	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

runonce.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

2372 taskkill.exe
2160 taskkill.exe
1960 taskkill.exe

pid	process
2372	taskkill.exe
2160	taskkill.exe
1960	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\AlternateCLSID = "{9A948063-66C3-4F63-AB46-582EDAA35047}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\AlternateCLSID = "{9A948063-66C3-4F63-AB46-582EDAA35047}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\AlternateCLSID = "{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\AlternateCLSID = "{556C2772-F1AD-4DE1-8456-BD6E8F66113B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\AlternateCLSID = "{556C2772-F1AD-4DE1-8456-BD6E8F66113B}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\AlternateCLSID = "{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\AlternateCLSID = "{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\AlternateCLSID = "{0B314611-2C19-4AB4-8513-A6EEA569D3C4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{95F0B3BE-E8AC-4995-9DCA-419849E06410}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\AlternateCLSID = "{95F0B3BE-E8AC-4995-9DCA-419849E06410}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{A0E7BF67-8D30-4620-8825-7111714C7CAB}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeeWorker.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.StringBuilder\CLSID\ = "{92B5CBD6-68B3-4C17-A717-696CC27D893E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E54CDB98-DD19-4155-841C-6DBA6618D5D8}\TypeLib\ = "{004CB902-F437-4D01-BD85-9E18836DA5C2}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{623BCB7F-A659-48E0-8310-630137759D2B}\TypeLib\ = "{004CB902-F437-4D01-BD85-9E18836DA5C2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{828419C6-59EA-4D7C-BD63-745531EC5540}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{907F3EC0-A455-4B36-8FDC-F3A2B22F1BD2}\MiscStatus\1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F0B3BE-E8AC-4995-9DCA-419849E06410}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.Dsa.1\CLSID\ = "{628C899B-7559-4062-9E65-A47386343965}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{5C7DE3E1-ACE7-4A83-9F0F-DEA49EA9BFF4}\1.0\ = "ExGrid 1.0 Control Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{188354F0-DC78-49C2-8390-5FCA2D6B3876}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\MiscStatus\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9FC63E-73D2-4952-BB8B-9C37A7ADE1E6}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.SuperVideoCdBurner\CurVer\ = "StarBurnX.SuperVideoCdBurner.12"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32\ = "C:\\Windows\\SysWow64\\DartSock.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA1083B2-D377-4650-8688-B7972CD5B570}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{345A5644-4F8E-4BCC-8E65-389B3C9D52B6}\MiscStatus\1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{22027F3F-6455-4656-930E-6AD3A184EF91}\ProxyStubClsid	eWorker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1BB04F7-7CA9-4BD7-AE19-EA936D611F91}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A034EA-ACEB-4D48-8A00-2E7662A41154}\MiscStatus	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B70D813F-5CE3-4C93-A793-B21CD8CE133A}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{473FA820-DC78-4E38-9F13-7AAB9B26092F}\InprocServer32\ = "C:\\Program Files (x86)\\DsNET Corp\\aTube Catcher 2.0\\viscomwaveform.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5166F3D0-8F3B-4150-BC23-A5E5DE1CB1A2}\ = "IPktXFactory"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ExGrid.VisualDesign.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCCB2C08-8305-11D3-B327-00C04F79563A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.XmlDSigGen.1\CLSID\ = "{88958592-6B2D-4CF1-9652-B9803F41990A}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C931B7DB-71FB-45CE-BA70-36BEF6CEAF1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{93CBA48A-1C58-4648-B22D-8F3588CB8D95}\c.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Dart.SecureServer.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.Url.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.Rsa\CLSID\ = "{28309D42-1299-4797-AED4-64FD33B47923}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5968F990-ECED-40C1-B461-C0C8540BF607}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.JsonArray\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62E25622-219C-4569-97FA-89594674076A}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79E2D3F4-BB89-4240-8A6E-E412C119D9F9}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.DriveInfo.12\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{51F4EC6B-68D6-4D56-90F9-B8D72421F5DE}\ = "AudioTrack Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar.2\ = "Microsoft Toolbar Control 6.0 (SP6)"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EB275110-73AF-4A94-B7AD-9762731C9CB0}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{647EC4D1-B7EE-494D-9AE8-823C7FF683D9}\MiscStatus\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01A80A1C-F3CB-4837-B577-2C67E275D441}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3EDACCBC-87DE-45C5-8885-94B6820BE11A}\MiscStatus\1\ = "132497"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C374E6D6-2B8E-4030-89EC-3DE7FC67257F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{270A27B7-1D62-490D-82E4-A35269722E23}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4FAF7CC2-0139-40B9-8AE1-7BC0624E5AD4}\ProgID\ = "StarBurnX.DataBurner.12"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2AA3D60-500A-4725-8430-3A5F16D97D58}\TypeLib\ = "{004CB902-F437-4D01-BD85-9E18836DA5C2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{380B144D-5AF4-4DC3-BBDF-AD8E25F16188}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86768E57-3BA7-4E97-856C-8189BF3BD05E}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BB79517E-28C4-4224-914D-3C62760EF839}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF6CA005-E9AA-418C-9555-3842B8BD54BB}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.FileAccess\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.SshTunnel\ = "SshTunnel v9.5.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.Zip\ = "Zip v9.5.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Chilkat_9_5_0.Csr.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{345A5644-4F8E-4BCC-8E65-389B3C9D52B6}\MiscStatus	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDAB5180-01A8-4D6C-AD56-CFD444EA4C07}\TypeLib\ = "{004CB902-F437-4D01-BD85-9E18836DA5C2}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2910CACC-BF0E-4E28-99EF-185CC0DDF96C}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\TypeLib	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

aTube_Catcher_FREE_9991.tmpchrome.exe

pid process

2272 aTube_Catcher_FREE_9991.tmp
2272 aTube_Catcher_FREE_9991.tmp
1928 chrome.exe
1928 chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exerundll32.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1960	taskkill.exe
Token: SeDebugPrivilege	2372	taskkill.exe
Token: SeDebugPrivilege	2160	taskkill.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeRestorePrivilege	2768	rundll32.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

aTube_Catcher_FREE_9991.tmpchrome.exe

pid	process
2272	aTube_Catcher_FREE_9991.tmp
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

yct.exe

pid process

752 yct.exe
752 yct.exe
752 yct.exe

pid	process
752	yct.exe
752	yct.exe
752	yct.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

aTube_Catcher_FREE_9991.exeaTube_Catcher_FREE_9991.tmp

description	pid	process	target process
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2244 wrote to memory of 2272	2244	aTube_Catcher_FREE_9991.exe	aTube_Catcher_FREE_9991.tmp
PID 2272 wrote to memory of 1960	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 1960	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 1960	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 1960	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2372	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2372	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2372	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2372	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2160	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2160	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2160	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 2160	2272	aTube_Catcher_FREE_9991.tmp	taskkill.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1568	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2756	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2732	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2284	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2112	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 1752	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2784	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2784	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe
PID 2272 wrote to memory of 2784	2272	aTube_Catcher_FREE_9991.tmp	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\aTube_Catcher_FREE_9991.exe
"C:\Users\Admin\AppData\Local\Temp\aTube_Catcher_FREE_9991.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\is-5UC0V.tmp\aTube_Catcher_FREE_9991.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5UC0V.tmp\aTube_Catcher_FREE_9991.tmp" /SL5="$7011E,24704281,141824,C:\Users\Admin\AppData\Local\Temp\aTube_Catcher_FREE_9991.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2272

C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /f /im "yct.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1960

C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /f /im "ffmpeg.dll"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2372

C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /f /im "eworker.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2160

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\aTubeRawSocket.dll"
3⤵
- Loads dropped DLL
PID:1568

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\aTubeRec.dll"
3⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
PID:2756

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\mscomctl.OCX"
3⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
PID:2732

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\msscript.OCX"
3⤵
- Loads dropped DLL
PID:2284

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\PacketX.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2112

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\dsnaic.ocx"
3⤵
- Loads dropped DLL
PID:1752

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\DSNTabCtrl.ocx"
3⤵
- Loads dropped DLL
PID:2784

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ExGrid.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:1636

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ExButton.dll"
3⤵
- Loads dropped DLL
PID:2008

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\DSNCLiteTimer.dll"
3⤵
- Loads dropped DLL
PID:2096

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\dvdauthor.ocx"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2188

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ImageThumbnailCP.ocx"
3⤵
- Loads dropped DLL
PID:2436

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\cshtpax9.ocx"
3⤵
- Loads dropped DLL
PID:2432

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DartSock.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2576

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DartCertificate.dll"
3⤵
- Loads dropped DLL
PID:2616

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DartSecure2.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2612

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ChilkatAx-9.5.0-win32.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2500

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2560

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\lame_enc.dll"
3⤵
- Loads dropped DLL
PID:2468

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudio.dll"
3⤵
- Loads dropped DLL
PID:2128

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudiodata.dll"
3⤵
- Loads dropped DLL
PID:2624

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudioencoder.dll"
3⤵
- Loads dropped DLL
PID:2488

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudioprocess.dll"
3⤵
- Loads dropped DLL
PID:2636

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomspeaker.dll"
3⤵
- Loads dropped DLL
PID:2352

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomwave.dll"
3⤵
- Loads dropped DLL
PID:2368

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomwaveform.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2416

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\AudioCapture.ocx"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2252

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" setupapi,InstallHinfSection DefaultInstall 132 C:\Users\Admin\AppData\Local\Temp\is-8L54O.tmp\codecstp9376\fmcodec.inf
3⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2768

C:\Windows\SysWOW64\runonce.exe
"C:\Windows\system32\runonce.exe" -r
4⤵
- Checks processor information in registry
PID:364

C:\Windows\SysWOW64\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
5⤵
PID:1088

C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\eWorker.exe
"C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\eWorker.exe" /RegServer
3⤵
- Executes dropped EXE
- Modifies registry class
PID:1476

C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
"C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60d9758,0x7fef60d9768,0x7fef60d9778
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:2
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:8
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:8
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:1
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:1
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3244 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:2
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1436 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:1
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:8
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f5a7688,0x13f5a7698,0x13f5a76a8
3⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3944 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:1
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=928 --field-trial-handle=1360,i,17135261970461980690,13036399308273656795,131072 /prefetch:1
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1604

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\AudioCapture.ocx
Filesize
164KB

MD5
9e547d542c334f0aa201f917f58c451f

SHA1
703c64efee37f2d6d7d0627384f9caa9aacd6e90

SHA256
b9ebb9caf9130276bb560e47c47fd97529cc81c9c601ba9b0f8cabf896c90080

SHA512
ebce8562f3b97a20e52c377099b90fd51970440911b04e3c8be34db142ce465a4de62bb0cbaabbdbb4e22f0a8a745626a4d610c710d390078f080e480fa0bda5

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ChilkatAx-9.5.0-win32.dll
Filesize
5.5MB

MD5
a49672b3b29def51941b4d561f3b8854

SHA1
ac5e4fbd22dcbcdcd3c6193ef018428e70f0b30d

SHA256
5f60007be52969caa0cf015bc3b2f35e23f591ed653f659bc4be2a7ae39beaa2

SHA512
c7d020fac33bc227042f34b2a59ba6f0244dc04f4d0087ed4741caad67ddcb8db729f2b994cf59c96bd9bed89c55b15f675bb4cc6a752f3152246ceada4d42d4

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\DSNCLiteTimer.dll
Filesize
28KB

MD5
72ec4057191f8ba5e9b6204d2f939642

SHA1
2f56e8a912253d95021394eace3f11d385ac9bd2

SHA256
5399e7cf6efa190657e6cffd5cd53b007afc1b452575dee6f4d64e90b73e97ba

SHA512
be4b0d94a20dbbe3e23cfef36f1e06380e76f24374999a39f21839186af6320bc88b65aa2424360e59fc79639d7872ec1ccd54af3da313301c3ce5213c544730

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\DSNTabCtrl.ocx
Filesize
64KB

MD5
6143a121c9269a101aac6e5bb7cdb1d8

SHA1
080a91577eb9ecfc5cea63f2c855279963273a96

SHA256
489a42f032c57e9939a4d44e1fe1fa215ed5dc6382d947724d84ef3102365128

SHA512
2df4df73e14e128f22aae7c599bf975a3f42151507d439e2d91bd4d44fe82a486ba98eea35ad0065bd860372f313a14eee10a7f793be43872b1f7a6c10c3407a

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ExButton.dll
Filesize
1004KB

MD5
0be6d3393ac857acecfaaf964c81515d

SHA1
6229a6bcec185ecb8fe2740e90710f700baa5e29

SHA256
c5464549d420879c2467401f0488a8406623a79008d3492ffdb33e131cf61864

SHA512
07295de0a1f4785dcce606648e187d1bb7d12831040a0cbdb23a5598c342bbde7db24653f1b2dbae1b98fa333900c1cfe44cbc8ea5076947f9177a8434f815db

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ImageThumbnailCP.ocx
Filesize
1.7MB

MD5
1fa5e6b4f2f80d3fe17bfd21e045c146

SHA1
d4cdd4fd3a68d863cc8f23e4e995c63ccb5ab0ae

SHA256
15c8a8ee89e2f09565798204d39e4bcf2c5c73fa86b39e44577b5ec8c0ad7dd9

SHA512
ca1ebce8004fda036eb9d25bdcf0f6c425fb69d7c6468d0db47202f7247a3cb479d8216ff67d8dfd0bf6bc974f7ec6edc7e1bd28451b4aab5f24086379c9220e

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\StarBurn.dll
Filesize
2.3MB

MD5
8e4445adecd910dba71a8931eb3b08ef

SHA1
1accc3e35be89baaf9c20a5331476d845a867067

SHA256
177e75f814c159685bd24178921271624da20a61b6e20d066e511e6a64feb086

SHA512
319b844514e7ce1b5bf82000b689dc2c639ee4b0b194d8766931cf345902ce3eb1f683c6f5a35f3570073bf70be799aecb4b2f5fc5e419b6023ff48beec8d5e3

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll
Filesize
1.7MB

MD5
e7b108f6deb7ab8f01d81aa9777866e1

SHA1
20db8ca3db1157506ade714cd565abe9223a5d2c

SHA256
c26f2e3113de4516591ee99fc2f3937a0eca1855fbe4f3105c654999ef496d0a

SHA512
9d17c48bded1ef75768ca565c4d57fe1bc4918836a3d594323bfeefe9e15a7b7c265c549bac66d2895313f734217615632b7840a6052c87b9a08ce546ccccc6b

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\aTubeRawSocket.dll
Filesize
68KB

MD5
469801780d43c76c35b087b18541764e

SHA1
7771cd32bdd4da7c77c49aa94d8e56fb02c7cedb

SHA256
e6c6a4c894da9232ace480d015e3b52250622bfb5a6a97d1a41908400b531137

SHA512
47eaca40b404774515cd167f5fb8fc0a63c5d0d5b1041951508cbbbc17de92ad2ef93fcc397b508634fa4e50707175b39f62a9d14d7941636cce756b80f0fbe0

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\aTubeRec.dll
Filesize
780KB

MD5
354c32f891ba99c32359ea74b168bb59

SHA1
83168fdba507c59664cf57c08e8775a84363302f

SHA256
83828e4f59b6aa28706b1c05ee41ac6bd6f0922913398595db65575c0f01c632

SHA512
5285095c0155c7e2257a36b727c7e8de098300ffad34f1e784185d6e6a12a0a61835c39e75bce211f9a02cbc63c9ac908d329a15110aad9f6c3000775a0d1269

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\cshtpax9.ocx
Filesize
441KB

MD5
c1768153c6b8bb4d390db4fea45c5077

SHA1
2e3f471bffe1147c2cc6e94e4e5700796758a035

SHA256
cd25107b5fd9ccc92a286252b256af521090c07b072835abb304ee5f9803639f

SHA512
c64cccc32599268fcfa4673ed4ac51d148e0c47d4482b2f33a573997d1438aaa4691b755dc22db5b84b8a6781d6c7f5d01238e53677234dde623f79a79c6ab2d

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\dsnaic.ocx
Filesize
344KB

MD5
a6a46feb22f998fa35e0e6158be00569

SHA1
5b559328d37d44224a17b30537391a0f135bc136

SHA256
0a19a9491f60b82080ec3cde1f820ae57575efddfa790f23c6548d53b3165b2b

SHA512
66feb8abf67fbcdd7e6bd999302ab5e013176e4c6003d42227160e26284a2f8dcf68fc630f22a132703beb5fc5e3d5efbb7c8ccdc2eabaa2c9056d9adf93ca37

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\eWorker.exe
Filesize
209KB

MD5
4e54c91396734e1a0e69ce8cc566d51d

SHA1
9f1d2d2461b305b61d81b13beb92c621a7c75aea

SHA256
cd50c4b661980ff693cf30f8c32c9d8cd0b0888dd079092294dbd39ed7f27a17

SHA512
b87a956a66103063162266faf1cd751215766173721d51b11c0981f83ed9f060e022044903be7e122595e558d088f41bde055316987684585505ffec4dbd65d0

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\mscomctl.OCX
Filesize
1.0MB

MD5
e52859fcb7a827cacfce7963184c7d24

SHA1
35c4ae05d90f610c0520933faaca2a8d39e1b2a1

SHA256
45b6eef5bbf223cf8ff78f5014b68a72f0bc2cceaed030dece0a1abacf88f1f8

SHA512
013e6bf4762b1f90650ee6a1cb275607d1cad9df481362f42606a37f3a6f63de5cd0cdb0e9739df141b58f67ac079cf27be4ffe4937371972dd14eae18c58a94

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudio.dll
Filesize
100KB

MD5
77a4ca4de85629a0f3c64a632fac3c32

SHA1
9dab43ac031a82c60ad0d32fad2ee303dfae0023

SHA256
8fde2a88cc426ead96867ca7a38af6a25475609a7ac7a2917023032b80a620e9

SHA512
06f4571a737aaa8d93ddb7b6a23c074c589f8981919c3a3131cdfac6d13de00956cd9d9573ccfefec37876b3a773ba4863efef394d4a7e0df0bdb7e031421729

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudiodata.dll
Filesize
92KB

MD5
ed60fb3b0a0ae5ce21300a927a06b131

SHA1
ce5d2f71f8a1770afbf4d3d35d4f355f629d36db

SHA256
4831f6ffdeb612cc1b928098d63a819f4c48848521d827e238eeeb66222cf57a

SHA512
01c13cfb0eb8a890180252b733cb99ef9b4647115258f3444bcd178eb81184cbdec50771157ce554d5a3c696ce1a690fb857a7a2e174f4bb92e66ea6cea56a09

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudioencoder.dll
Filesize
108KB

MD5
849aaf23d5932cc8c3585309aeb8a3a4

SHA1
4c14d6a6ec10d060a862a18147e589fe35886666

SHA256
f54e53ed208acc509d4bb9f5b58ab136b4c45f8b7e08818d28e986e089249049

SHA512
c1cc5f9f22d179e5ff8008cde568504873a1ca6ff1dc4f01d57052c16f5d5407f5b6051b00da6a624a0edd2a1a7717dc8bfe0ee16919c116526f11cc30773994

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomaudioprocess.dll
Filesize
68KB

MD5
632bb782309d2a09cad7b35ac8dc98fc

SHA1
6c4581f984d5dbba09f959ac6cdfd12eb3e235b1

SHA256
851240c7d42ab8cd5a27211d2198158c4086ddf2346b818c01d8503a32a80b75

SHA512
9a0b1acbe8c3ac2121ca5267d3b6aa12feac0a1baadad17b49a372ba8a83bed53071b0a260916a5999d67e24867dff35d991330b0d1613e65b8d66f0c84e5f24

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomspeaker.dll
Filesize
116KB

MD5
b94c6085c37d15a559538593f106f5f9

SHA1
4f1964f7f72c0f11edfa7bdea40e9b2c583ebc7b

SHA256
cbc9fe0fa98c54e54350c4d8ac73aeda25e4f5c7de12d35e6b9da14b41fb1177

SHA512
aa3739cf24c82be378f81a123fdabe466095c8772f5d5dc773149e88f901dc7406d986cfe3648fa9084f9a5e81290dcc584df31b6a6477982b779addf93823f1

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomwave.dll
Filesize
80KB

MD5
29fb91549d3e63b279ab09124275ae64

SHA1
c96d9098074d401540be945fdbb96f0a7d9fd6af

SHA256
d9fbd7b3263c914d153e5be1652550612d16dadc16c212abc446f6cd41441589

SHA512
21d3ca8ebbad40b68cc6a76e86be006f010ffad05a4694b6d69ed177ab22d12e46d79196e9e337f0ee50dd8563c7ef8d554d79646a68abe59974b605c9cf3c2d

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomwaveform.dll
Filesize
152KB

MD5
6c03c1cb5d90e620299009b942855f7e

SHA1
b3b26f783dd3f4e8ff92a6d3ba5b4f4fa897d083

SHA256
8c230b0ae294729728e3a4853feb56f13bd86f9aa2d072e4cfb288a314072000

SHA512
b13b28699c562bfc99f8ab86eeefda92ea4f730950928c01e6d5ad221510b569efd4b6e3bbc87be04b816e4f665f9d620402212c5b04a9e29956183a611a53f1

Download Submit
C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
Filesize
1.3MB

MD5
5fbc0b34fbad78cb6518d431e34366e5

SHA1
c427307720d7dbc5a487ee8c41e74fd976f3fa01

SHA256
f17e90406c3c4f63263882cd3ad9bb8c176c51810e3b86c5193e29104f566dfd

SHA512
0bf1054a429be7071dfeec3eedcb3d6da8b49d434dea7ad06fd238cc87394ec12bb8340408ffe73b45e14df0ba1707fb4a4ba1fa89fa5d2ec9643b9f6e9b8357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
08b1ca88d40601bd3c7f2b102ab57d90

SHA1
5b406c9dec93ee6913e7248d403f11a1c2d1c96c

SHA256
b0afe343c1bbdc76d33d58e98fc40bb0b4b88e7531ef551a4d06b3e2b50c8b5d

SHA512
27a42724a12a9a59a6f9584d4f0d44930c54efd4811a06565e2589f234c077a4e7be7d18b73a5b83304ab153f8cf63d2ed3e08c5ab680ac7970d535bb92dbdb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
3aefd0d82878057e406eca3fb79e9629

SHA1
e6c65b62fc51c02e7635cc287b73cb002c0fe1b9

SHA256
85f11e6c65201a93b6e376fb78301c1e31d8ef8d1a0124f73ec0d7e6306198cd

SHA512
41c4c1bbeaf12c164f3f8bd0c78bfdeba2dfd1314ca97da1e75822c65bd365ca42f1b0481314006247ffa39d5422ba8692b1120bbd4ebc3f03be198528bd4aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
947ef54c8bcc50b1b6536b485cc47197

SHA1
8eba99bb67295bb47ccf8b15d069c5759bd68515

SHA256
95409e058c2525029192eae0494da27b64d6b960415e62ffe53020dfd6d115d7

SHA512
6aa78b1897df25a8d03ed78943ffe2027b30647072cb067fece84855a232b3ce8908d199189bb8db0264719101682336bf009e4c9368d79d9ae33846a3f844be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
e783ed3781bd332f562180496f81530b

SHA1
71e19c7517fdb4dd3c320605f84f0ea08c893d30

SHA256
9296e4e1e744dd2facaa214fe0c47fb4633f128d349fe11e6b65e35cca40942c

SHA512
97364e399745328958852686065a568192626e981514c66a8d83d0306e90cd4ad58d59023901482cb01597c3d74eb0de32ca0029a0635aeb66ce89f32a8b02db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5UC0V.tmp\aTube_Catcher_FREE_9991.tmp
Filesize
1.2MB

MD5
db1676059e94b886c062a4fe2ed6e194

SHA1
2d6fd279c1eea4438638aab11bc286aea3b8aaba

SHA256
955a7b3d2a8416084550ff6f8918c148b071613ff9391fd6be6f9e7b5f2acf1a

SHA512
0cbbac993100f1c4cd022e4fe5d2eb50ae7a5eb3afcc2dcb984252029f04b0d05f549b999603cce3acd7a234b51d5f1c8a49bdd425f1e635c1c1c9450ca5e205

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5UC0V.tmp\aTube_Catcher_FREE_9991.tmp
Filesize
314KB

MD5
f635ec3fdc14a4b27aef57697edffefa

SHA1
835579960bc9372b9774c964277c0be7375fa339

SHA256
eb59223e5a12647b02b1f2577f5fa7171f83dc49f45935a2c05932ec2742d2d4

SHA512
b554d7e0f184d75959ef9dc8471996dcbc821175b7eca14c158c34df1ab9f3c2b9342e217a3f39e97bf32274ee1158a70fe495621d61cacf2635e1ff2e7d0248

Download Submit
C:\Windows\SysWOW64\DartCertificate.dll
Filesize
244KB

MD5
cded5c5ef0b224fe8e696b66426bc2c3

SHA1
e7190ce965882c68da5ee3678db0a26c9a882c7a

SHA256
33d9547e861ef85c66ce5afb325a0b8d31cc8a674c9f184b98e6ae907c84a89e

SHA512
90e8d5b89f5d6bffd76c1988073285eeed3926588a0d7e11417a9c912e9100655f21c74f377809be1f287cc488a4b1231ca0d3916f00ca51260ba752f7b3690d

Download Submit
C:\Windows\SysWOW64\DartSecure2.dll
Filesize
392KB

MD5
82709dca75e8ead5574ffad16e65c4b9

SHA1
5d2fb7708dbb4499ba0f8b3f73301bd5685037fd

SHA256
b10ac240a1184bb0bc3f674799b2555b6c32a2f60807927893b948a552953eb8

SHA512
502d12c04eafe25a1883122cf80bc915a70d6ffc5ba17768ce0c429e27054d7c04128824644f05761376bef331a2bb824c62a134ab62607fa638d1db5587b73b

Download Submit
C:\Windows\SysWOW64\DartSock.dll
Filesize
430KB

MD5
855c04bdeade5ea0be6892419568b13b

SHA1
8eb18fa861f22b0f7b48fa1f3bb3a98dcaeedebd

SHA256
1125a92cb1af37340cb1b0fd54c38aa058a3e67bc4f5c7f09e09d90337f27970

SHA512
0a44e54b410e06afa4029dac8428336197255f0f7bbf16ff135b5652e3aeca1d19175eab580d5dfaae8d4f9a2bae455a16ae548ff7ea182249b80b617fbee718

Download Submit
C:\Windows\SysWOW64\fmcodec.DLL
Filesize
76KB

MD5
5c8874ee321f4623fff7a1315039ddbc

SHA1
d6931f0240d577dd439a0d92095f1c7609f584bc

SHA256
03a1426ddda7e9187e52ad5def652e9201fc6829bff09ff99b34032b14778f28

SHA512
60bff4ed9da714985a4382c714c785bdb324a0301fad2a8a3d0c4b9f0fbacc2cf9c7c53b1b12ab6fd2ed24f33ca9f5df64061cd5cd418e2ce01a4e91c4b289e1

Download Submit
C:\Windows\inf\fmcodec.INF
Filesize
1KB

MD5
5070f76c2a37abcc32625328a5536c5f

SHA1
eacbe1153c115e8acbe1052bd74918d39278f440

SHA256
a0a515ca7ecca5c9b7534d0c3ba7711f8d9fd821f1a5d3ceecae9af372681a8d

SHA512
fcaa758274531e327786eda2635f18213cd1857ffce50ca1ec679baaf295f7ddbe346bcb39f2bf6e40ee8a6517f9b667877ab3491e7553b8262d59147d28c2e5

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ChilkatAx-9.5.0-win32.dll
Filesize
6.2MB

MD5
8294cc5f404613d857fe1bc868bb0aa2

SHA1
7860bec3e1d341704d3513cf3df14bc0bc5f5abf

SHA256
aa698eac0cca465829c8720218f542c6f11f972565126d8cd32278b912966784

SHA512
7a920eef7d9a0997a20782ed861a37c33407fa727a454d17026ec10fb7a19d19b594f209c44e64f4b4f0ad551099758a1f2965f269874b873b6ba5fbc96ad788

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\ExGrid.dll
Filesize
2.8MB

MD5
62fda32453e109681380d44e4e7d14b8

SHA1
df4f1dad2a8c59a2634530235c9d97023281bd3c

SHA256
9d76c1a03541a035bd0ec54f5338ef800dc828054c0a767da3c82be2b3d37192

SHA512
82613d22ea713e3dadef6c73499dfa6e064c843b6db8b3c4a700271494283cf8956704e39b31a8ace2752b636c73497868d10341c9f485c796d5f14e333ecc96

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\PacketX.dll
Filesize
384KB

MD5
bf2de16e19f971efb99799a6f771761a

SHA1
3f0908e0a38512d2a4fb05a824aa0f6cf3ba3b71

SHA256
9f755c46d30e8c9627fc4bf6fd55212bb58b1077fc3d47d8bbff7b92cbce7bc8

SHA512
8376a566bcd182856fb10a9a970b4feb71e6c976550c23d884bc0d64a0be72e61790f207d16ce4309a471dc3b344fe65084e893b9d9245e794dd462c851d1acc

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\StarBurn.dll
Filesize
2.5MB

MD5
01ce2cee52ab466134fec072f7528044

SHA1
cd3dadbcdbda92e7ed11f767561e5e4c2a91d62a

SHA256
6817b8263199b812ea4da7c0cab5eacc5d079df8b06c140c8e19a92a1e0a9216

SHA512
3f43707c3850025592afbb478e4ff2d0cccdaf65eb1ba156c7109ca7557f70faa68fafedeb14562f11197bce232cf5eb8a46c187808b4e2eab50dc000851f5d8

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\dvdauthor.ocx
Filesize
328KB

MD5
6f7f62505e12ef84ba141aed1b188d5b

SHA1
a8e54e9deaa7d0d2aa728f93a2315283bc01f47f

SHA256
45b5f2db8bdb0790651c81833fa42e45787feac3bc7a856198f42e414ecaab47

SHA512
60821ab12fcfa120b7b65d37a5ad58e822f73f52253a01f70b26a06571cc7cd34a4a2f61586153e741c35a72962ed0c482542f7b93189a52155a1a13c22329d6

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\lame_enc.dll
Filesize
256KB

MD5
2ad765c76147369070e712b4bb3f5c14

SHA1
baf543dd3722a0b13f35c8d4b4446fa15d6439cb

SHA256
dd81ff58adc8994aff0eccb0f43c9eaad9d1b106069928b0a6b5c0a466c885ef

SHA512
a1bb5cdd99990bcac7a9714449db56a1f680b69482358f64e81373bde41618e3c0fd3839ac4e4985895d05e6b60724247539d3e0d04d8604fc6db2a86c76ead1

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\msscript.OCX
Filesize
101KB

MD5
bacce4e044212e8e57bd8946abca9072

SHA1
d91aeed0c9f2e97ce61c24698b7029c8275e8e59

SHA256
a647c88171f5051f8ecec4d65c2cb57f96e378cbd562b08758b6273b27758791

SHA512
f91851f4ac592487691a915e553c2c60f6c4231180722aa4ccb9463acdd1b141551f175a05a8332c96e9c60bacd0adb02860ed2b07fc4a9e9dcc03e584c92bc2

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\viscomdvdimg.dll
Filesize
228KB

MD5
6c5e7b0ce88c91f31eece36ddc001f35

SHA1
f128ada2e7d8831561c8bde71e04dc18fdb5a737

SHA256
5f563497a38c931cad637cf1a86f008c82f0257df90bb731261e147c2b0f539c

SHA512
b85507d3f0e8951a98f36701d8dddaa8ff10e24c50658a92ca7c4da57df32b251e676d38cfb8a317ea5a801376b63d3fc821c74b41d10ef726c7111438ce9e5f

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
Filesize
2.7MB

MD5
bd7552baa139328cad18618ed42e8087

SHA1
a0793d176fd8e933d07d496c3cd11a2e0c336039

SHA256
f8d7b145bbcbdb6edebd1610e69930c64f537f6d992e57cc6cfbee2f87de7c31

SHA512
0ba23ba42e062932ceb292846a06db63e63302e28c89bbf6ae944495be54d75a232035d9b46adf0b98e6f19e40b471ecc8ddd14c6b70c766997ac93276db7035

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
Filesize
1.3MB

MD5
f925a34f0d91c5d1f84b30bb046cf130

SHA1
9c9c3248798a8f8a0f27c5f242b3d7284f2c9300

SHA256
21369c72354d66533ddd1e7dd9453cd0522a50308ce488ae40dfa73114474fb6

SHA512
bbbd08379e9725a2d4da865e147f070eb8f4e9af9dada067b415ced43954d666bd95769bee89f08aa545ffbb17a505f098bcbb38cb909478f43970b7f22d81d2

Download Submit
\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
Filesize
977KB

MD5
016d4ce89f2e9d871ba73eea5b08f612

SHA1
977c73a38f509fde54c8ee67237bde8a8340c1d9

SHA256
808a90dc4f189c9c9f1f3d9de7d4aff6280016a3603052dd1e6a5cb5824b3659

SHA512
1b25416a1f7520a9cbf5ee2b22a7abab1f02a2be9b4f4503fb6797a69fa5c3e9ca3eaf7798109825732c66e115d48f8d25326eae04e24dad885ec4c7b0842c6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-5UC0V.tmp\aTube_Catcher_FREE_9991.tmp
Filesize
448KB

MD5
12f08db4ade9b3da8226e03b638b7f44

SHA1
2736fbc3d89d4cf72f73f0e53fc66129bc5184e6

SHA256
863eda94e31f12046b95e5f57abc695a0402417b61369dce1b6039761aa5d3a4

SHA512
15e0190490e44cc019322a7ced9af734ea669f274b286672a9495beecb776055313fc5813de85e4e16b756e0d7e70a7ea64c3d7dce5570744c114f46ec9d0da5

Download Submit
memory/752-368-0x00000000074F0000-0x0000000007513000-memory.dmp

Filesize
140KB

Download
memory/752-373-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/752-359-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/752-360-0x0000000004180000-0x0000000004280000-memory.dmp

Filesize
1024KB

Download
memory/752-430-0x0000000004B70000-0x0000000004B77000-memory.dmp

Filesize
28KB

Download
memory/752-374-0x00000000074F0000-0x0000000007513000-memory.dmp

Filesize
140KB

Download
memory/752-367-0x00000000074F0000-0x0000000007513000-memory.dmp

Filesize
140KB

Download
memory/752-372-0x000000000A460000-0x000000000A461000-memory.dmp

Filesize
4KB

Download
memory/752-369-0x0000000008CF0000-0x0000000009690000-memory.dmp

Filesize
9.6MB

Download
memory/752-371-0x0000000004B70000-0x0000000004B77000-memory.dmp

Filesize
28KB

Download
memory/2188-300-0x0000000000150000-0x000000000018D000-memory.dmp

Filesize
244KB

Download
memory/2244-366-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2244-19-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2244-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2272-353-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2272-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2272-315-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2272-365-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2272-304-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2272-22-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2624-327-0x0000000000170000-0x00000000001E2000-memory.dmp

Filesize
456KB

Download