Malware Analysis Report

2025-01-02 07:47

Sample ID 240509-svwm5agh3s
Target 4kvideodownloaderplus_1.6.0_x64_online.exe
SHA256 ba2f708bc5082466e5e10adf429ab25594934f9210ba7688acfb3eff713bdd7a
Tags
privateloader discovery loader persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba2f708bc5082466e5e10adf429ab25594934f9210ba7688acfb3eff713bdd7a

Threat Level: Known bad

The file 4kvideodownloaderplus_1.6.0_x64_online.exe was found to be: Known bad.

Malicious Activity Summary

privateloader discovery loader persistence

PrivateLoader

Blocklisted process makes network request

Enumerates connected drives

Adds Run key to start application

Checks computer location settings

Drops file in System32 directory

Drops file in Program Files directory

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Windows directory

Enumerates physical storage devices

Checks SCSI registry key(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 15:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 15:27

Reported

2024-05-09 15:31

Platform

win11-20240508-en

Max time kernel

166s

Max time network

171s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe"

Signatures

PrivateLoader

loader privateloader

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{74d94734-b00d-406c-9262-8e6539e22f60} = "\"C:\\ProgramData\\Package Cache\\{74d94734-b00d-406c-9262-8e6539e22f60}\\4kvideodownloaderplus_1.6.0_x64_online.exe\" /burn.runonce" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Control Panel\International\Geo\Nation C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\images\progress-indeterminate.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtWebEngine\qtwebengineplugin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Desktop\ToolBarStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\ScrollBar.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\te.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5WebChannel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\Button.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\qmldir C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Calendar.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\CheckDelegate.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQml\qmldir C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\conanmanifest.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtGraphicalEffects\OpacityMask.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\ro.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\MenuBarItem.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Private\AbstractCheckable.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\imageformats\qwebp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtWebEngine\Controls1Delegates\ToolTip.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\zh-CN.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\eula.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\SliderStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Private\TextSingleton.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick.2\qtquick2plugin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\images\rightanglearrow.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtGraphicalEffects\InnerShadow.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Desktop\ProgressBarStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtGraphicalEffects\ColorOverlay.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\ApplicationWindowStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Window.2\windowplugin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\RoundButton.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\pl.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\Dial.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\es.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Private\FocusFrame.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\imageformats\qico.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\StatusBar.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtWebEngine\Controls2Delegates\ConfirmDialog.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtGraphicalEffects\RadialBlur.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtGraphicalEffects\Glow.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\Qt\labs\platform\plugins.qmltypes C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\SwitchDelegate.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\Tumbler.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\StackView.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\en-GB.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\ScrollView.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\swscale-5.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Gui.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\plugins.qmltypes C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\qmldir C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\readme.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\TableViewStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtGraphicalEffects\RectangularGlow.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\CheckBoxStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\CircularButtonStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Private\MenuItemSubControls.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls.2\ApplicationWindow.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\d3dcompiler_47.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Desktop\FocusFrameStyle.qml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\QtQuick\Controls\Styles\Base\images\arrow-up.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\4KDownload\4kvideodownloaderplus\qtwebengine_locales\he.pak C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIE2B2.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\SystemTemp\~DF47F8199B999B2911.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_extension.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\~DF7FA6135F93D7FD1C.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_sslaccel.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\icon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\e57c14c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fshsm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsundelete.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rawsilo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Installer\SourceHash{416E7D6B-459B-4BE9-B927-82D0E92092B2} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57c150.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_nvmedisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_apo.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\MSICE9B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\dc1-controller.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\MSICD52.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\icon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\PerceptionSimulationSixDof.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\MSID35F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF912AF7D2B4CAFC85.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
N/A N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
N/A N/A C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe N/A
N/A N/A C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A
N/A N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000c993a456edcb2280000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000c993a450000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000c993a45000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0c993a45000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000c993a4500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "250" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{416E7D6B-459B-4BE9-B927-82D0E92092B2} C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B6D7E614B9549EB49B72280D9E02292B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\Dependents C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Windows\system32\control.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{74d94734-b00d-406c-9262-8e6539e22f60}\Version = "1.6.0.85" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\PackageCode = "C941730D2549CE64EAA17A05F53DBA88" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\Media\2 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{416E7D6B-459B-4BE9-B927-82D0E92092B2}v1.6.0.0085\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\Version = "1.6.0.0085" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\DisplayName = "4K Video Downloader+" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B6D7E614B9549EB49B72280D9E02292B\Complete C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{416E7D6B-459B-4BE9-B927-82D0E92092B2}v1.6.0.0085\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{74d94734-b00d-406c-9262-8e6539e22f60}\Dependents C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\Version = "17170432" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5A0DD6B5535352E4082B644C603BE688 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{74d94734-b00d-406c-9262-8e6539e22f60} C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{74d94734-b00d-406c-9262-8e6539e22f60}\ = "{74d94734-b00d-406c-9262-8e6539e22f60}" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\ = "{416E7D6B-459B-4BE9-B927-82D0E92092B2}" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\ProductName = "4K Video Downloader+" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{74d94734-b00d-406c-9262-8e6539e22f60}\DisplayName = "4K Video Downloader+" C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\Dependents\{74d94734-b00d-406c-9262-8e6539e22f60} C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{74d94734-b00d-406c-9262-8e6539e22f60}\Dependents\{74d94734-b00d-406c-9262-8e6539e22f60} C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\ProductIcon = "C:\\Windows\\Installer\\{416E7D6B-459B-4BE9-B927-82D0E92092B2}\\icon.ico" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5A0DD6B5535352E4082B644C603BE688\B6D7E614B9549EB49B72280D9E02292B C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B6D7E614B9549EB49B72280D9E02292B\SourceList\PackageName = "4kvideodownloaderplus_1.6.0_x64.msi" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2224 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe
PID 2224 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe
PID 2224 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe
PID 3564 wrote to memory of 3936 N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe
PID 3564 wrote to memory of 3936 N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe
PID 3564 wrote to memory of 3936 N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe
PID 3936 wrote to memory of 392 N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe
PID 3936 wrote to memory of 392 N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe
PID 1428 wrote to memory of 1936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1428 wrote to memory of 1936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1428 wrote to memory of 1936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1428 wrote to memory of 3152 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1428 wrote to memory of 3152 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1428 wrote to memory of 3152 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3936 wrote to memory of 1528 N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe
PID 3936 wrote to memory of 1528 N/A C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe
PID 1056 wrote to memory of 4964 N/A C:\Windows\system32\control.exe C:\Windows\system32\mmc.exe
PID 1056 wrote to memory of 4964 N/A C:\Windows\system32\control.exe C:\Windows\system32\mmc.exe
PID 3564 wrote to memory of 952 N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe
PID 3564 wrote to memory of 952 N/A C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe
PID 952 wrote to memory of 4276 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 952 wrote to memory of 4276 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 1748 wrote to memory of 2984 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 1748 wrote to memory of 2984 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 2072 wrote to memory of 1856 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 2072 wrote to memory of 1856 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 2352 wrote to memory of 2000 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 2352 wrote to memory of 2000 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 3576 wrote to memory of 2520 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 3576 wrote to memory of 2520 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 3084 wrote to memory of 3308 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 3084 wrote to memory of 3308 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 3916 wrote to memory of 4896 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 3916 wrote to memory of 4896 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 332 wrote to memory of 1536 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe
PID 332 wrote to memory of 1536 N/A C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe

"C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe"

C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe

"C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\4kvideodownloaderplus_1.6.0_x64_online.exe" -burn.filehandle.attached=564 -burn.filehandle.self=572

C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe

"C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.be\4kvideodownloaderplus_1.6.0_x64_online.exe" -q -burn.elevated BurnPipe.{BFB9235A-6368-4D6A-B8EC-EF3392B4E0F2} {44550D4D-9C54-4605-B331-A0F181B7DCF2} 3564

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe

"C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe" --regkey "Software\4kdownload.com\4K Video Downloader+\Analytics" --an Wix --av 2 --ec "4K Video Downloader+" --ea "before-install" --el "x64" --af ""

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C5F0F15781616F7EB35E06857A337922

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 93CE78ECA33F6C46C248450BAB83B028 E Global\MSI0000

C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe

"C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe" --regkey "Software\4kdownload.com\4K Video Downloader+\Analytics" --an Wix --av 2 --ec "4K Video Downloader+" --ea "after-install" --el "x64" --af ""

C:\Windows\system32\control.exe

"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5d4,0x5d8,0x5dc,0x5d0,0x5e0,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5d8,0x5dc,0x5e0,0x5d4,0x5e4,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5bc,0x5c0,0x5c4,0x5b8,0x5c8,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5c0,0x5c4,0x5c8,0x5bc,0x5cc,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5b8,0x5bc,0x5c0,0x5b4,0x5c8,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5b8,0x5bc,0x5c0,0x5b4,0x5c4,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5ac,0x5b0,0x5b4,0x5a8,0x5b8,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe

"C:\Program Files\4KDownload\4kvideodownloaderplus\4kvideodownloaderplus.exe"

C:\Program Files\4KDownload\4kvideodownloaderplus\crashpad_handler.exe

"C:/Program Files/4KDownload/4kvideodownloaderplus/crashpad_handler.exe" "--database=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" "--metrics-dir=C:/Users/Admin/AppData/Local/4kdownload.com/4K Video Downloader+/4K Video Downloader+/../crashdb" --url=https://o354938.ingest.sentry.io/api/4505076032667648/minidump/?sentry_key=1a7e5dd848a445bd99b93ea2e155896c --annotation=format=minidump --annotation=sentry[release]=1.6.0.0085 --initial-client-data=0x5bc,0x5c0,0x5c4,0x5b8,0x5c8,0x7ff7a7f4a3c8,0x7ff7a7f4a3e0,0x7ff7a7f4a3f8

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39fb855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl.4kdownload.com udp
GB 93.123.11.62:443 dl.4kdownload.com tcp
US 34.213.215.111:8018 sa.openmedia.co tcp
US 8.8.8.8:53 62.11.123.93.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 111.215.213.34.in-addr.arpa udp
US 8.8.8.8:53 29.17.21.2.in-addr.arpa udp
BE 2.17.196.80:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
US 34.213.215.111:8018 sa.openmedia.co tcp
GB 93.123.11.62:443 dl.4kdownload.com tcp
GB 184.25.204.32:443 tcp
US 20.189.173.23:443 browser.pipe.aria.microsoft.com tcp
BE 2.17.196.83:443 r.bing.com tcp
BE 2.17.196.83:443 r.bing.com tcp
BE 2.17.196.83:443 r.bing.com tcp
BE 2.17.196.83:443 r.bing.com tcp
BE 2.17.196.72:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
GB 93.123.11.62:443 dl.4kdownload.com tcp

Files

C:\Windows\Temp\{F8F9A28F-4705-4D68-A0C3-8DF50EFDA3BB}\.cr\4kvideodownloaderplus_1.6.0_x64_online.exe

MD5 ebb3c5829c877ced903518e6c2f187bf
SHA1 552314fcdb9a83d10e0ad8253cb7e16de9fcf732
SHA256 520657b60b87e2b8fee6d9af9305d18cac22317bfcf18146361e0e8cf9246dd1
SHA512 9e4b21a69bebedf25ebbd6f9cd6ed8f65e54cd6877309da558ca4d81757e1a2ea98038124ada015bbe99bbede7a3eb3e8e5a58889a4b555ab61043dd797fe5fd

C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.ba\wixstdba.dll

MD5 fe7e0bd53f52e6630473c31299a49fdd
SHA1 f706f45768bfb95f4c96dfa0be36df57aa863898
SHA256 2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80
SHA512 feed48286b1e182996a3664f0facdf42aae3692d3d938ea004350c85764db7a0bea996dfddf7a77149c0d4b8b776fb544e8b1ce5e9944086a5b1ed6a8a239a3c

C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\.ba\logo.png

MD5 20986fecad1c10339e192993e72bbc4e
SHA1 ca627fc0a6e96c2021da63e71d5d05d45b9894b9
SHA256 2fab77079c0e9e6bae57c3f783936243a6f43550d08cab690c09b4409d4ea669
SHA512 4cbe6c6cfef20a770e6cb9303ceddf1f0b53a5c1a8a26a9c769fe72735a36a9646f6937c6f8af26d42b0bf9860638af80cb201e6551d41fd2c813bbda39d5990

C:\Windows\Temp\{C7F8E4C2-5C4C-4CB7-96AA-BBFF452E10D7}\msi_analytics_begin

MD5 34fd9432d20b5a04c5cd57bc0c8abfa2
SHA1 1b9f1cbfdb480dcc694c23fb063a4cd527e73a4d
SHA256 6869d5df0b0c0b6ea7923efe19885f4c2b6e523f32a637e78abb27f931c4de3c
SHA512 2d9340ac60dc2cf7f7594c51eb1f3a3d27c24250158d95ff62991457305251599a6e235f480b467947a5070c68a83a0ddb81e73f104aa3036bb3183c966b86dc

C:\Users\Admin\AppData\Local\Temp\4K_Video_Downloader+_20240509152814_001_application_msi.log

MD5 017e208906d5f348455d871c37328d55
SHA1 2936314f89ee1c4210fc377279ab5a3d0f1223d8
SHA256 045638fe895cb769f553a24eb88e3d364c5013f81cbdc32b12e25fc7d7826885
SHA512 ccfbc562416f93dd3d951c11f04386e4e77e3e92f729290e2439381babbc489e32eccda750269d78edd656e2ce6885179da2e3eb8f59a5ef225072d42229fdc1

C:\Windows\Installer\MSICE9B.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Config.Msi\e57c14f.rbs

MD5 00656287f599c8f6a1734bf3b97262bf
SHA1 6fe558f63b8ec48004100e1c3da5f5f63f094b06
SHA256 dcce444e28f916e9604e3ff46cd3914964a830fa38294072e88912454c2deb79
SHA512 1de748d98e8000e7f8683bbb3ea874e223e26fd9c48cd2b043b7d0e9734ab3a798c0661cf065ecd877908ace39b3979b1ecd8767b71b9aaf4d32a93e1adfa296

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Gui.dll

MD5 0b98c15911dc505f88bb07f72b0c584d
SHA1 6557d3956befba4ff73e775952711e99e495b7c8
SHA256 233b99cce8334721cde51c7b91182e916a5531f92beb1d8506a2c825f5cbe696
SHA512 c74376be73309d85d2770a33f46c2292f22bd32cec72803b299196d93ebac6bbf5d0a108735c5060e74906d04fe6b4e73d4492217969aa38c513e7c59bb290e8

C:\Program Files\4KDownload\4kvideodownloaderplus\msvcp140_1.dll

MD5 1d70a96af6cef0413ffcc36141ac1ab4
SHA1 c78b85d5d21537e750f99715ee51b443925a19ce
SHA256 4e4ea763054226d1a3c4cfd9419c52c18190c7ad504b8d2a95cb071ab80141ec
SHA512 31977f1442f8bfbd3d1faa113ec00dd2ebc7ac42fa1278254fe2bbab365b4db2483259ea07bc3bf22b0d3bcb9bb9e4c5ca5e21f6b711e088329e1a3ee265c772

C:\Program Files\4KDownload\4kvideodownloaderplus\portaudio_x64.dll

MD5 ed95460b0e728516e3568a04f651f655
SHA1 4e683a78cda0499c2f82260f0da7f86477a815a0
SHA256 6f3329af7edc8a6c062c36d835f89a2df6e574cb52548075f8b410fc72e225f8
SHA512 5de868dc24fc636a4d086c50c545c4e0d1ff313a06bcfef57d772d7918d3340d334327103d742aeca0c196c1a36b0f7231b1a26e4301d61befc72c2f2d185b2f

C:\Program Files\4KDownload\4kvideodownloaderplus\swscale-5.dll

MD5 bca83402c40e06c454957cd800c91add
SHA1 6e1a2db9f80095851fa37de05cb8042d921cbcfc
SHA256 836ea3c71b4b2837a33784e0eb7aea2fc1cd68dcf451100e51ac261b79c4ff3b
SHA512 9c1412bcb8f8e703bce6808fbce462141963f7d8aa5505943009c0097eca1bd3398840c59d69dd5f8d7aeb1459b9f03146268925428578d8ed0c35cb54171552

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5WebEngineWidgets.dll

MD5 6c1863062ff9e51282b973cc3a0503f4
SHA1 f6aebfcd6d199f74709117e4db7b81840836cc28
SHA256 bf7ba1f1460a8eba3e9dbf676d73983636e940c07f4d8260a185dff76aae10c0
SHA512 16b47aef613e1b1b58be1df43caa7d62675477f9a6f3007c590ae29302d86068232e1a75a630371d387e5bc9e8621880a33d1f9686edeac2fbd0f1eaefee1dc5

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Quick.dll

MD5 e58eda14d35a80372a722197b896d4be
SHA1 02a8bdfefd306151a4dca39a723e47422d84ccab
SHA256 10af00a8785ed7ac5843cb1f44508d37ed8b2cea72fc4363f711c8b81a8b9aa3
SHA512 4e7fea32468fd3af13f36c597b447e8a81f838a4061c8b186f7dc06e6c114f21e02f26036a9ac941b33a4a88fd658e1631e00c08764c0693bdf903b2235555f2

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Multimedia.dll

MD5 3241fece601e6dcfd443739c55895752
SHA1 48158f6fd2708ddb742ae98763bf8e76321a1f79
SHA256 69bf92d93cf5990d142ec2cf2c9fbef4c7e25a74533cc3a6b8ecae79fba1a4c1
SHA512 4e42e7717b6c555dd50b7b72e5333fd2e8f5cb368b3a76d81a04021bfb37ff193cbf274511f6ff4fccf68b65a7929c95dc29a33600169a6eeccfa241576fd317

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Network.dll

MD5 945e3171d130d75c2aeb2d4239517f64
SHA1 9021289f1cddd75273ab69763b4713fca3e6345a
SHA256 7d012f7ab7986a3d4599ce5e0af71270a756e3ad045ffe0be846a656669db417
SHA512 f5eb345c4362c0b2ab22edeed5bc1cb768b442a5332a550fe9129e89624e0f33e7f378fa38af5117fd8701e5686680a4ddc04f2d65e7c46f9b354ec0b973a7b1

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Xml.dll

MD5 8100f8be47239d8e5fb60ca8cdb5dfc1
SHA1 c70c15b7833e0e0e9b386c07ac8cd92bb87b66d4
SHA256 95e2fea5b42eb4bc816c4ccd4bff486cccc9fb1e71c551fa50d0e058312eca48
SHA512 96557b4cf8a0fa315044bdd3d4a2d18246d905f29bbe7db54b4bdd6e280242f436ee68d7e85bf7277bcf33b17faf715d0daa2ff7caa05c9eac3a29b1c839bf11

C:\Program Files\4KDownload\4kvideodownloaderplus\vcruntime140_1.dll

MD5 bdd6b54b11b67f2705c201131d2fa7bc
SHA1 cf8bfdc35a765bfdbed7524d91fed0e8850ff2a0
SHA256 eda6f0ebdd1e046d1603efd3b9ac16bcc60eb160cfc9fdda24a50b5c09052d17
SHA512 0847b8c08bd73d699a5df3809a3c7040a0e5d5d3a466cfc689e437c8c154876a1adf3dfd1574cbe70efe6746761db0455b6fae52e710f191b0c22125af441ed8

C:\Program Files\4KDownload\4kvideodownloaderplus\vcruntime140.dll

MD5 54cfa66571cfe57fcc1578e8f159221b
SHA1 fd45c1b5c774efb6e81ed4204c38c94ea39cac11
SHA256 307992b6fd2149671818e4c6fded907dda886b543e8572404d7345b1510d7466
SHA512 4475f33642e2c3f7675092a46d56dbe13f6a0ffec3e11264123969af6add105c8c000914e6ca9e2ab6206a0ae001daf32edde346edd5f00cfe9868cf306f0151

C:\Program Files\4KDownload\4kvideodownloaderplus\msvcp140.dll

MD5 a286b960985a80c225855e10676437b4
SHA1 5bcb22268b5c4c055950563aa66d3000cdb047ed
SHA256 c9090cd92a4475fdbfa770615d38c7e54a4b4b1870872d284ac64f6f60724ce0
SHA512 97d54ae4db6fa3ad45417ae990ac79d9c2ee1549a5c800d662b9beee313260d04d6bde9f36b28978265d88a8b1b33d79503f774ddd42918f5cc3227fc13a2a24

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5WebEngine.dll

MD5 6b55155785a557d0250132bd68c7389c
SHA1 df207ff9d26572730c2e82d1a1d7818093665827
SHA256 c3bd5229de9fab5708676eaad24566cad4114dccafb0c4f542e6a90751bd0de6
SHA512 2fdca8894c31f65e3b63709c40bb382b80c88bbcbc6ea4d5ab6cb7a641fcc8c7fc6951ed8e4bfb8f387c540493bfaaea3d8c1d98e10c424fa63006ccc221f6a4

C:\Program Files\4KDownload\4kvideodownloaderplus\avcodec-58.dll

MD5 11fe2d51aa36d7185f7049a5063c0448
SHA1 0fa0ab0949214657c3c43bbab4f01d824060883e
SHA256 6b6f904d39dfc8f587be63d63d7cb7f88cc5b6a2cd522719bb27b4c1097bf930
SHA512 27eebb0409b0e3d8eacad840aab7edac693e232047c879cf9a93d7b71638fb9f3bc1d8bcfeaf79a37a6a66380fb403bfe17fc52137c6fd2af122a305cda79b57

C:\Program Files\4KDownload\4kvideodownloaderplus\avutil-56.dll

MD5 d6bca6b2d7f80dc60bf29d88e2fedcda
SHA1 a6f57adf914bf9ebe9f8a94823f3f2b5a84d748f
SHA256 70c3835d1cf8c923920eb167d5bd14382ab20c22deba16a1205057eb402cdbce
SHA512 72924164e835310a64d0d2d70ae1669d88fb199557a31ae98d4cb3b44c54e9492ee315cb8e26c035be40609e3c484a65e930beb2900d3cd5648539748aa0d62a

C:\Program Files\4KDownload\4kvideodownloaderplus\swresample-3.dll

MD5 02120d6dc86266adad6b6dd36983c3f8
SHA1 6635e7fde23e62d3932085491a328211de1d2825
SHA256 b1d43e07c56d4a2e62c5aa740c4b50e094e34e1668fd4fdf412a96f1fe165f38
SHA512 ea8ef3bcefbaf363127674df28f355d1c49f22058a6dbbe5434905ff0e36317aee729624127ae6528f0f9bb2f374edb8e9f98f5efbcd69c898557339771da1a6

C:\Program Files\4KDownload\4kvideodownloaderplus\avformat-58.dll

MD5 52ca13ede592fda8ff4c05cc42805671
SHA1 ae37737c285c8fdd8efc17464883db0b3fc6a72a
SHA256 ded585fd7923ffaa359673adb7bdd2b28441786aad34d508f42b7a2dff99d8a8
SHA512 5286e0412a4b99ca685b34d9220a33296a8580fefbec5c5c99ad1b91a6e2305e12a050ff77cf1c8f3cfac4816d2e0145a610902e686fde9c3e2e51e9208a3612

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Widgets.dll

MD5 4e45d22255703b7027698a3ca8972618
SHA1 e11081d014ad5ed5f452a6ae311945ba9e788df3
SHA256 db85b436c224995e3efec9c98bf7c2fa7557b656d34e7b85b6af8b0acb6acd59
SHA512 95eda818439d086c99b6a68f96e3dc37fbbcf388cb9f6ded9dbdba168998ba36a86da3c7017c7be48122603198d9189696a6f081edbaa70ea3dd49ae259592f7

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Qml.dll

MD5 5f837dae893a917595de67bdd78b9478
SHA1 31b2ec3e8dc171a0df9b41830c8cee086ad67a1d
SHA256 d7a37a28a0df92f7254a92fa810011c5d4772c0c79df80b357e91b5a967eab51
SHA512 4d02123a037a170d2a8ea9c742cc2456a68490dca1453cbd6ab81a1613556db2e415f2af30779e6d658b9dc926608815df5472177dbc84419bab80eeb91e9f05

C:\Program Files\4KDownload\4kvideodownloaderplus\libcrypto-1_1-x64.dll

MD5 b77277f1117a1d46501384f5df134c49
SHA1 0a78b0d3461d0d25930e6b55846b163bd68909a0
SHA256 9867aac6151236568bb64c3635544c4beed75159e8b82da6a42a978b1e5e3bb1
SHA512 697e8a95a70120e24f7147ca0d1dc34691afb4cfc12819298daf11f3e230891d82b8049c446cdff498f39484e1feaf41eb353327c8e50a9f11dfa32ccb9b351a

C:\Program Files\4KDownload\4kvideodownloaderplus\libssl-1_1-x64.dll

MD5 7455d50462c9c6fc5b91c65296f6a41f
SHA1 230ea24931e51ca5b15eb3c303105dbee90ccd44
SHA256 6b6795c77e7ec4b209cedc2bbf8f3ce96234fab904be6d8494abc431cdf50093
SHA512 2575158ac1a372cafd9a218a033261ad3cc6ebc74648e8cf30f2f54b1096eee85e3bd6e467d8a49543a87e28aa8a11b8738c6a664fe3eddcfd4eb205e39b6483

C:\Program Files\4KDownload\4kvideodownloaderplus\Qt5Core.dll

MD5 a0914e1a789f2ddb52938c025e46deca
SHA1 74913fa8924ce06600197e0c3ffdff2f08ce16ac
SHA256 ee791ccf874dbad1294903adb93ad6ec89a27a68e668f3408906c55e02017a80
SHA512 e60dbe72e50f5c65d515c8476773c9268dee11dd1fe03d2a8f77d226485bb2a7838dcd67f6c885da27ee3eb4e521730766e054b7df96df02d0656712717fbd38

memory/952-666-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/952-665-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/952-667-0x00007FF79EBA0000-0x00007FF79FBA0000-memory.dmp

memory/1772-673-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-672-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-671-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-677-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-683-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-682-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-681-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-680-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-679-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1772-678-0x000001C5D7BE0000-0x000001C5D7BE1000-memory.dmp

memory/1748-685-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/1748-686-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/1748-688-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/2072-698-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/2072-697-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/2352-707-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/2352-706-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

C:\Users\Admin\AppData\Local\4kdownload.com\4K Video Downloader+\crashdb\settings.dat

MD5 8b97eb738c4031dd718cb10dff445048
SHA1 be4a07ff564c45b2df23ca96e3ad7d89bb7e7e84
SHA256 6914a0165978ac1581746943887abdaf20d025e7522a7920da71b485d98ce81a
SHA512 980a004c72c73c0c5d385879261172d32aeebbdc52cd300be41f2e3ca57be26b0df94b3a39dbe29144decd4e2e2632e1d4289a9a52b3598dff862dcc1bac8c5a

memory/3576-713-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/3576-714-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/3084-722-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/3084-720-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/3916-725-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/3916-726-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp

memory/332-734-0x00007FFB940C0000-0x00007FFB9460E000-memory.dmp

memory/332-735-0x00007FFB904C0000-0x00007FFB908C2000-memory.dmp