Malware Analysis Report

2025-03-15 04:26

Sample ID 241025-ztplrawcmk
Target YT_Channel_Downloader_installer.exe
SHA256 bf01407a2fdbd2262db05e14a6a2ba671e9e7b1eeef11ff38a24e4d070a735bc
Tags
discovery spyware stealer pyinstaller execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

bf01407a2fdbd2262db05e14a6a2ba671e9e7b1eeef11ff38a24e4d070a735bc

Threat Level: Likely malicious

The file YT_Channel_Downloader_installer.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer pyinstaller execution

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Program crash

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 21:01

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-25 21:00

Reported

2024-10-25 21:32

Platform

win11-20241007-en

Max time kernel

1453s

Max time network

1482s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\modern-wizard.bmp

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\modern-wizard.bmp

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-25 21:00

Reported

2024-10-25 21:32

Platform

win11-20241007-en

Max time kernel

1462s

Max time network

1481s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 4928 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2320 wrote to memory of 4928 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2320 wrote to memory of 4928 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 4928 -ip 4928

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 544

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-25 21:00

Reported

2024-10-25 21:32

Platform

win11-20241007-en

Max time kernel

1801s

Max time network

1542s

Command Line

"C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A

Reads user/profile data of web browsers

spyware stealer

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe
PID 2888 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe
PID 5036 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe

Processes

C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe

"C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe"

C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe

"C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --first-renderer-process --disable-speech-api --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2916 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 142.250.178.14:443 accounts.youtube.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\qml\QtQuick\Window\quickwindow.qmltypes

MD5 2006d4b7d0da455aa4c7414653c0018a
SHA1 6685b8360b97799aa4d6b18789bf84a343e9e891
SHA256 a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a
SHA512 703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\translations\qtlocation_en.qm

MD5 bcebcf42735c6849bdecbb77451021dd
SHA1 4884fd9af6890647b7af1aefa57f38cca49ad899
SHA256 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512 f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

C:\Users\Admin\AppData\Local\Temp\_MEI28882\python312.dll

MD5 d521654d889666a0bc753320f071ef60
SHA1 5fd9b90c5d0527e53c199f94bad540c1e0985db6
SHA256 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2
SHA512 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

C:\Users\Admin\AppData\Local\Temp\_MEI28882\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI28882\python3.DLL

MD5 a07661c5fad97379cf6d00332999d22c
SHA1 dca65816a049b3cce5c4354c3819fef54c6299b0
SHA256 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b
SHA512 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_ctypes.pyd

MD5 fb454c5e74582a805bc5e9f3da8edc7b
SHA1 782c3fa39393112275120eaf62fc6579c36b5cf8
SHA256 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1
SHA512 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_bz2.pyd

MD5 5bebc32957922fe20e927d5c4637f100
SHA1 a94ea93ee3c3d154f4f90b5c2fe072cc273376b3
SHA256 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62
SHA512 afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_lzma.pyd

MD5 195defe58a7549117e06a57029079702
SHA1 3795b02803ca37f399d8883d30c0aa38ad77b5f2
SHA256 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a
SHA512 c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\base_library.zip

MD5 43935f81d0c08e8ab1dfe88d65af86d8
SHA1 abb6eae98264ee4209b81996c956a010ecf9159b
SHA256 c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0
SHA512 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_wmi.pyd

MD5 8a9a59559c614fc2bcebb50073580c88
SHA1 4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d
SHA256 752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12
SHA512 9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_uuid.pyd

MD5 50521b577719195d7618a23b3103d8aa
SHA1 7020d2e107000eaf0eddde74bc3809df2c638e22
SHA256 acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78
SHA512 4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_ssl.pyd

MD5 c87c5890039c3bdb55a8bc189256315f
SHA1 84ef3c2678314b7f31246471b3300da65cb7e9de
SHA256 a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2
SHA512 e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_sqlite3.pyd

MD5 c3a41d98c86cdf7101f8671d6cebefda
SHA1 a06fce1ac0aab9f2fe6047642c90b1dd210fe837
SHA256 ee0e9b0a0af6a98d5e8ad5b9878688d2089f35978756196222b9d45f49168a9d
SHA512 c088372afcfe4d014821b728e106234e556e00e5a6605f616745b93f345f9da3d8b3f69af20e94dbadfd19d3aa9991eb3c7466db5648ea452356af462203706c

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_socket.pyd

MD5 dd8ff2a3946b8e77264e3f0011d27704
SHA1 a2d84cfc4d6410b80eea4b25e8efc08498f78990
SHA256 b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085
SHA512 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_queue.pyd

MD5 b7e5fbd7ef3eefff8f502290c0e2b259
SHA1 9decba47b1cdb0d511b58c3146d81644e56e3611
SHA256 dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173
SHA512 b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_overlapped.pyd

MD5 7e4553ca5c269e102eb205585cc3f6b4
SHA1 73a60dbc7478877689c96c37107e66b574ba59c9
SHA256 d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91
SHA512 65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_multiprocessing.pyd

MD5 2bd43e8973882e32c9325ef81898ae62
SHA1 1e47b0420a2a1c1d910897a96440f1aeef5fa383
SHA256 3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d
SHA512 9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_hashlib.pyd

MD5 da02cefd8151ecb83f697e3bd5280775
SHA1 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7
SHA256 fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354
SHA512 a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_elementtree.pyd

MD5 f89c26a967569f393e8e958c9127d4d7
SHA1 ea09407004b2b279f9424c20ba555cfc8909f154
SHA256 4869325e5cffbd13d3cc02dc78226478adfb51a802b52ff65b5adfacff3511f1
SHA512 eb2090ed5e00ea1a1b7b0c21f27bab45ec271dfb8e16c2df07be16df12ceaa1f8d0e0430b0ed65e4945e443aeb5248b42a6448decfc4157a39fa2c3dea20f5c2

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_decimal.pyd

MD5 492c0c36d8ed1b6ca2117869a09214da
SHA1 b741cae3e2c9954e726890292fa35034509ef0f6
SHA256 b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1
SHA512 b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_brotli.cp312-win_amd64.pyd

MD5 9ad5bb6f92ee2cfd29dde8dd4da99eb7
SHA1 30a8309938c501b336fd3947de46c03f1bb19dc8
SHA256 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8
SHA512 a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_asyncio.pyd

MD5 477dba4d6e059ea3d61fad7b6a7da10e
SHA1 1f23549e60016eeed508a30479886331b22f7a8b
SHA256 5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6
SHA512 8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2

C:\Users\Admin\AppData\Local\Temp\_MEI28882\youtube-icon.png

MD5 7cd8aff3f633380adefc52ae49aa60db
SHA1 ef2b02255b6bb6cc5e9a89ea57ec52edc2316b1b
SHA256 0a06fe6d9ca65e417d68d3aa11f41d6dd9e9f806b726d7998e574b1f51dd506c
SHA512 e89311ea19da836496979db844ad7286f3090c7e643aab7d2d1e340aa1fd6571b6d865a58b1454b9a519009b3da541c8a06a9a54aedb5cb0dd942a714a7b75c1

C:\Users\Admin\AppData\Local\Temp\_MEI28882\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI28882\unicodedata.pyd

MD5 cc8142bedafdfaa50b26c6d07755c7a6
SHA1 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe
SHA256 bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268
SHA512 c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

C:\Users\Admin\AppData\Local\Temp\_MEI28882\sqlite3.dll

MD5 e52f6b9bd5455d6f4874f12065a7bc39
SHA1 8a3cb731e9c57fd8066d6dad6b846a5f857d93c8
SHA256 7ef475d27f9634f6a75e88959e003318d7eb214333d25bdf9be1270fa0308c82
SHA512 764bfb9ead13361be7583448b78f239964532fd589e8a2ad83857192bf500f507260b049e1eb7522dedadc81ac3dfc76a90ddeb0440557844abed6206022da96

C:\Users\Admin\AppData\Local\Temp\_MEI28882\select.pyd

MD5 d0cc9fc9a0650ba00bd206720223493b
SHA1 295bc204e489572b74cc11801ed8590f808e1618
SHA256 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019
SHA512 d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\pyexpat.pyd

MD5 958231414cc697b3c59a491cc79404a7
SHA1 3dec86b90543ea439e145d7426a91a7aca1eaab6
SHA256 efd6099b1a6efdadd988d08dce0d8a34bd838106238250bccd201dc7dcd9387f
SHA512 fd29d0aab59485340b68dc4552b9e059ffb705d4a64ff9963e1ee8a69d9d96593848d07be70528d1beb02bbbbd69793ee3ea764e43b33879f5c304d8a912c3be

C:\Users\Admin\AppData\Local\Temp\_MEI28882\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI28882\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\icon.png

MD5 ec749ec1a2279dd8f87f0b399668e5b8
SHA1 4eed0038d25bc9e47b93e03a8eb755ccab337546
SHA256 7e0f1014bddeb18e107e85db081b0cfcab16b7cf103f1879bf95ca0e9b7abbe1
SHA512 3e6e47f3479097c4935e83a900172691ba6bbc368f2888217332eda3dd19268b2023125aeef91eccdd823e6b594286f2d4e397024e0bcdaf5713a51c055a628b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\QtCore.pyd

MD5 358c3afb11e59f7b436ffce315e1dc3b
SHA1 2fbaa8232105cd3d2ae7df73fcd743a0ac339400
SHA256 7ec13026cac563d927ee9cef2fbea5e51fdc2233cc3b8115f0ac077daddf6707
SHA512 d25ec190bf7070065ec0a27efa94d14fe9ad4c67a02eb3090f0371d67e472d2303fa9b8402e544f85ae51c583a4b12c42662103285f478fe5b8a57594145636f

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\Qt6Core.dll

MD5 b5fdc51aaabe8c0f1b611e003817b3e0
SHA1 e856cfb754a1f753c85f10e3e51914b76c916f5c
SHA256 8a1af6b5ea341ef0d01573a9005e5c68206cfef6853b5584e8a737c26c9d9ee7
SHA512 b9d9973d34087dad86a0b6fdaa0a8ffcb1261c73782459cdd16675001bea9333039e9a75da98c4f2f24891931fd4ce7dfdb090dfe046d47ece6b5ada99368afd

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\sip.cp312-win_amd64.pyd

MD5 a1823e1a7233970d5d639318a43d27cb
SHA1 22f7d5aeef3d474213d9af24b093acf29374992c
SHA256 bed34b4dcebe35b7690b93a2bde95a184204dcbc658da881c1c97fb2c4bb9a2c
SHA512 94073d08e6122ea8c737c7831955c82efafb018de93a64b0795247e6869fc6a6c04eb2277045116415480f801d520f42cc4a3d240e074c749a83e78e9b855c74

memory/5036-1685-0x00007FFA20D00000-0x00007FFA20F65000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\MSVCP140_1.dll

MD5 0fe6d52eb94c848fe258dc0ec9ff4c11
SHA1 95cc74c64ab80785f3893d61a73b8a958d24da29
SHA256 446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f
SHA512 c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\VCRUNTIME140_1.dll

MD5 6bc084255a5e9eb8df2bcd75b4cd0777
SHA1 cf071ad4e512cd934028f005cabe06384a3954b6
SHA256 1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460
SHA512 b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\MSVCP140.dll

MD5 01b946a2edc5cc166de018dbb754b69c
SHA1 dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46
SHA256 88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5
SHA512 65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\QtWidgets.pyd

MD5 a6804a97aaf514ea2816ed4aab7379a0
SHA1 ef279c6e6e4d4d08cb89c1cdc2084543a1411a37
SHA256 3daad2162489819f55f3013d9250362271bbabba51712224576b970ed9f3bf0c
SHA512 081a4bc70f187079b4993c582b9ca2a59519a90f43987e6fade1687c6337a571006411490a911b48fafe24aac14aa261281d45bc03b7c0b2e32a90c6a5aa0a00

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\Qt6Gui.dll

MD5 817b182e009f388672445e69144f8543
SHA1 a66cf9f9909bc2c4306dd7a6382965eedebbcde1
SHA256 cfce665b7c477ebff815fb27a9b55d0b629183c0cecb5282a87bad666d76daa8
SHA512 3e7ac5cf005a11d0d0e23084efce3256a342fa559c393f40bb81ced616898e03ebdf265fbbc855864d402665471010210d6ed12a2688f9fdb4383a0c659043b6

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\MSVCP140_2.dll

MD5 9002e0bee6455b2322e3e717fe25f9be
SHA1 bc8df83cc657f0f46a0bff20565870a435ed1563
SHA256 24b47c966b6e4a65b3e4df866d347d3427e9bd709be550c38224427eb5e143d3
SHA512 28ddd087b48d5aa96ec39ccc29a4020cf75ae3c5cb6af9a9571694d73f7aaa4fecb15336c9c7a7d12c93d8bf12efa4fe4d8d612cd93d72c72130cae52317d0d9

memory/5036-1697-0x00007FFA0EBD0000-0x00007FFA0F0A3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\Qt6\bin\Qt6Widgets.dll

MD5 c3241a2e538115dbaddf3a8c283c7966
SHA1 0833370c511d9e44d6a9fd44eab950a77e6908e1
SHA256 6a97350bbfe5518c5e41453062548f493014f8037a70645246549de33e6cfc17
SHA512 3ee01be6b0f3f112cf0f64ea3d446bc819f310a9fa23b96e6839d4a4c007a70603a7cf595c25c107f04a65110639b3d617094c1b0d1240dbae9e54ee42e6b148

C:\Users\Admin\AppData\Local\Temp\_MEI28882\PyQt6\QtGui.pyd

MD5 1703d7cbfccca36fce45f0bc62607e52
SHA1 52057f574a0cd791cf68622d53bc7fe5c43614e0
SHA256 af423b8bcecee28099c0ab6816595aa6e9fae5bbee399c2cff661839cf1bafe5
SHA512 11d671abccfcef0d7969338720597a2224da893735637dbbdafdfec015fab57ef4b4e03c9ab43c9eec012a07a0fa2efffd7af4a2bc923c8c723fe428bc1e169a

memory/5036-1700-0x00007FFA0E580000-0x00007FFA0EBC7000-memory.dmp

memory/5036-1703-0x00007FFA1B700000-0x00007FFA1B923000-memory.dmp

memory/5036-1705-0x00007FFA0CC20000-0x00007FFA0D1A4000-memory.dmp

memory/5036-1706-0x0000027B00600000-0x0000027B00610000-memory.dmp

memory/2928-1711-0x00007FFA2EE80000-0x00007FFA2EE81000-memory.dmp

memory/2928-1710-0x00007FFA2F800000-0x00007FFA2F801000-memory.dmp

memory/2928-1712-0x00007FFA0CC20000-0x00007FFA0D1A4000-memory.dmp

memory/2928-1713-0x00007FF9F1C90000-0x00007FF9F2C90000-memory.dmp

memory/5036-1718-0x0000027B00600000-0x0000027B00610000-memory.dmp

memory/2928-1719-0x0000021E6C1D0000-0x0000021E6C63C000-memory.dmp

C:\Users\Admin\AppData\Local\yt_chan_dl\yt_chan_dl\youtube_cookies.txt

MD5 73984441d9366856f49de10a997e6841
SHA1 c810c66ba94e5c198ea67dcfbdfa75e75a79c624
SHA256 cc3de4f72caf4e7c36ee03f009115e73f93722840cbfb3cfce92eea4c77bce99
SHA512 85eaa9367e7a41e524c4bc909c40527eebe268eeb27d192203840afb78489c2ed9253d8e200e0ba0d9254a24cc86480f8c7352bac9d0d30e2f8418b3d30e1565

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-25 21:00

Reported

2024-10-25 21:32

Platform

win11-20241007-en

Max time kernel

1468s

Max time network

1476s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 21:00

Reported

2024-10-25 21:47

Platform

win11-20241007-en

Max time kernel

1924s

Max time network

2615s

Command Line

"C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\where.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2996 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe C:\Windows\SysWOW64\cmd.exe
PID 1084 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\where.exe
PID 1084 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\where.exe
PID 1084 wrote to memory of 2892 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\where.exe
PID 1084 wrote to memory of 3948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1084 wrote to memory of 3948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1084 wrote to memory of 3948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1084 wrote to memory of 2136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1084 wrote to memory of 2136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1084 wrote to memory of 2136 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Processes

C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe

"C:\Users\Admin\AppData\Local\Temp\YT_Channel_Downloader_installer.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\YT Channel Downloader\install_ffmpeg.bat""

C:\Windows\SysWOW64\where.exe

where ffmpeg

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Invoke-WebRequest -Uri https://www.gyan.dev/ffmpeg/builds/ffmpeg-release-essentials.zip -OutFile ffmpeg.zip"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Expand-Archive -Path ffmpeg.zip -DestinationPath ."

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 243.108.222.173.in-addr.arpa udp
US 208.94.117.187:443 www.gyan.dev tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsp6BEA.tmp\nsDialogs.dll

MD5 b7d61f3f56abf7b7ff0d4e7da3ad783d
SHA1 15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
SHA256 89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
SHA512 6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

C:\Users\Admin\AppData\Local\Temp\nsp6BEA.tmp\System.dll

MD5 192639861e3dc2dc5c08bb8f8c7260d5
SHA1 58d30e460609e22fa0098bc27d928b689ef9af78
SHA256 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
SHA512 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

C:\Users\Admin\Downloads\YT Channel Downloader\install_ffmpeg.bat

MD5 04efad433e9da3f568ad8f3eae2c6a20
SHA1 f9574f77ab6efe50a83e7d37c1eb0058c3a8eb15
SHA256 c6f3392e97e794405c5bb1bb8fb66d0fa0c808c826e07141551fc923dc5f4ba2
SHA512 9a5cc767d45c4c746ea4cec3af022022a558b14a3863eeca6733db7dc657ce3340db778e34b58096937445ad402ee404485097e206b6bd69b7021e2ecd2e4165

memory/3948-20-0x0000000072EAE000-0x0000000072EAF000-memory.dmp

memory/3948-21-0x0000000003110000-0x0000000003146000-memory.dmp

memory/3948-23-0x0000000005980000-0x0000000005FAA000-memory.dmp

memory/3948-22-0x0000000072EA0000-0x0000000073651000-memory.dmp

memory/3948-24-0x0000000072EA0000-0x0000000073651000-memory.dmp

memory/3948-25-0x0000000005920000-0x0000000005942000-memory.dmp

memory/3948-26-0x0000000006020000-0x0000000006086000-memory.dmp

memory/3948-27-0x0000000006090000-0x00000000060F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cbzdk3ze.sxv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3948-36-0x0000000006100000-0x0000000006457000-memory.dmp

memory/3948-37-0x00000000065E0000-0x00000000065FE000-memory.dmp

memory/3948-38-0x0000000006600000-0x000000000664C000-memory.dmp

memory/3948-39-0x0000000007E50000-0x00000000084CA000-memory.dmp

memory/3948-40-0x0000000006AC0000-0x0000000006ADA000-memory.dmp

memory/3948-41-0x0000000072EAE000-0x0000000072EAF000-memory.dmp

memory/3948-42-0x0000000072EA0000-0x0000000073651000-memory.dmp

memory/3948-43-0x0000000072EA0000-0x0000000073651000-memory.dmp

C:\Users\Admin\Desktop\CheckpointUnpublish.wma

MD5 402f9c3aaf4e3be441a97c9aa5b57b11
SHA1 3ea415eff79a2cc5ad8d0d50ffab6cc6d9e9dd08
SHA256 ba82f89f62925ebb428df785813a0dccc378a40ab5cb263c69174721cdace188
SHA512 be209aafdba44dd269f83a0d2cfbb48b45fca05df825c4984b69c7e7527e5dac8bb1b158d5f06f1bb43977765b0ac1aed927f7f53cf25ef1804a5340f4c0e713

C:\Users\Admin\Desktop\CompressTrace.kix

MD5 bf2fc6fab1dff9c3cbf1c3fb4feb7212
SHA1 a8c36fc443fc3a9eb2276b9d77c95a78a24ee2de
SHA256 2dfa8a7121d962f82329175060ea6e8505ff3d284de89207905fb39e41ea0be6
SHA512 70dcabb5712b81100d6b0f1a65875785c77848b95f2d299092690bddee7c2e2a47e6e542df50d12008d1ebc773d0588c48ad6d5079d05e6eaafcc7db291695b5

C:\Users\Admin\Desktop\ConvertFromWait.aif

MD5 ab8322a5ec7032d96d1862ab7e44f7b7
SHA1 361a11fe70cf0178749c08be9bebab80238d3ade
SHA256 0a85ec33c0105f47a2281ab9bab69b8e4d9679d4ecfc984d047dfcf97d270ba4
SHA512 44ee43fa04fa8c47ba00cda0782963de88298e92adaa174b4a89cced52e7dc58d1138cbfd38c0d201bc07cf51b6a6f2146810f1019a17d29c263cbb81b042198

C:\Users\Admin\Desktop\DisconnectSelect.aiff

MD5 fb98e38ef79cc3c28c6b2d4ad8cf98d7
SHA1 5b62da109f7cead82f9c7102ac7f70577c0f48f5
SHA256 da6b269c8b3531eefe5daeccd0e86f07db5291b0e2e4f9a5a37d81e3a1c25737
SHA512 e27fdee62531707c9d5731b7a3b4a86d04dc7b4c2245ad93fe21d2199ad501298b7463956682de07207a00e0a7f24d2404060f3059663427d8d5c7600ee6fa9d

C:\Users\Admin\Desktop\FormatSubmit.jpg

MD5 40cfde38b99df50974ef2d4e1e911d3d
SHA1 6173888eebc68f976a43bc67f2dce6db47b67bea
SHA256 ff13858c6bbd24d3f9fb0d3a07fa043b1b0e660ba8de5a457e3b07be37b23765
SHA512 c0a4635024739c3b8e8246d08a089a1d5a4e5b384d8b672c69c054b5e0687865d3bf63d98f9d3de9329e61ff12a73862c28c351e86378f3d5dffcc86ba84841e

C:\Users\Admin\Desktop\ImportRestore.vssm

MD5 ade3ca36fbf32cbc46688cea9454167d
SHA1 889ee471a798c0e91582584fa847132eb30d2801
SHA256 7a207d32a1118f6e19f66774d2ff5574be3bab011b1e66b916b5a02aa912f7eb
SHA512 2813b8784363cc16a9eda7f0255d73640c690d90b45438abab89224c4167d93e42a92e0908c48a4ab884468080ea8a1bff50b429063ccf60ab5c49982ea834e9

C:\Users\Admin\Desktop\OpenRename.jpeg

MD5 18e6a1f508381be8f8347a0752f4d7ea
SHA1 43df2f053e46101763e5ab019b4451933f3cdca9
SHA256 03055ecfad606af80b00b70b51111755b70974826d6d3aefb6a9231b8542bf94
SHA512 5410877cddf62599d4dac131a22875dcae231265ae36ef30d6a1b77b69774ddccc00b88a0d2e8bc33fb762eb634bde6e5b019a91adf39761891e80492a32c131

C:\Users\Admin\Desktop\RenameJoin.mpeg

MD5 4d0870c3fa41d76bfd9b1a628369ca4a
SHA1 cbecedc526f844c11f870671adb5e652114378a2
SHA256 ed84826ed7552221869db39ec4fde32552f78dd6f40c2ea40c1e736750130010
SHA512 309f8f67c52fba9987e69d1c3dd7b6ae5a1b62d16c8c95a43bbb1e784a1fa2d04c314c71141a170de61d620e42c7143c5acfbe852d0dde00b7236685d0e7afcb

C:\Users\Admin\Desktop\RestoreUnlock.tif

MD5 df4ad8818acd201f4357a99b24293144
SHA1 58007d5fbfb3777a8366446fb1c896d5e92b2874
SHA256 9f4b57fbbf182cbd77a99b9e9116fd3c30197d79cb3a9865a158756b537fc9c1
SHA512 d38289296e6d37373fe3deac01e901755d05ead16b6c480b268f339d791400a781761fc6ffda1e56d4e4413b19a7b44879e94a2e0d875863782a7aac61ed9ad5

C:\Users\Admin\Desktop\SaveDebug.ex_

MD5 36afe91e137a3967ee660fad71f183d8
SHA1 2c0e3f72bc5ceb7a9fdb8e485c9a5b35940db8d8
SHA256 ae6adfbd5b05311448f9c844e72cff2573800d906ed38d37857e1c4f88d0960f
SHA512 ca9b10a42739770a6762b3b2448f7b4b085a754d7cabcf96ffefcd484e2f5ab3f0ae92e16b71c8e90bfde11731e20bee97c9d90454e6144719354941fe366dda

C:\Users\Admin\Desktop\StartDeny.mpg

MD5 291e5acda455b85c7ea89aac32033ad9
SHA1 3e67f34273de25b7de06c3efbc7a71a246a31920
SHA256 d1d0b79df70a3ceb2f6edec0dc6b2eea0d60875fe450d9f8a40dee0e7e0bf611
SHA512 100ce505b322e61a21171716d36a9fc1e24842774f86194d72888e863a770bbc67e80490bc4ef364dfd4df21a7c37fc995bc45629c9f60d8028a55e6f285d1c9

C:\Users\Admin\Desktop\StartRestore.vssm

MD5 75441a67eeb15016e894747249b1b93c
SHA1 16670bd77a1910cda77f2d29010443dc0b4ff5ec
SHA256 331dd43275185829b16931fe65f9370486bd8ee82a1e7ef96d0f82b09a29081c
SHA512 9a492ba2483bf8fa1d1590c4afce11312eeaea7327a8c90dc86f69fc58ea002d617138c307ddabe2bc2d13eaebb1965fccfbf8967c4c81b816ac2a2722714820

C:\Users\Admin\Desktop\SuspendMount.wma

MD5 a31a77b7f7050aacc59200b5a00eb844
SHA1 3340938d45e68ff671ff4493340b77b98c52470e
SHA256 9bc38283ace19512a28b6aa42e9dfb104f3cf050cc91a8c52afc12592a592b2f
SHA512 cc10a308a022a298aaa4f7fdd50580eff872daac2c3f88b44ac55eddf0cc8a4a4b41541823b1b18aef144ff1c90306a51117fb9b263902600cbddb6948b389c5

C:\Users\Admin\Desktop\UnlockRequest.tiff

MD5 878024d9fc796b1b9f4dacbadfcf40f6
SHA1 8dc4bf195ec391cb15c0db1157286b0ee955be59
SHA256 d65f4355b181fb5d115e4d6cefe39edc118709abbb17f03e9c27f813a64b31ab
SHA512 894e9070056d14aa67a9ac406fdd07f6e6d92ad3a52deaae6ca609e8cfadb3815fc9dfbb195ea9a0d2d751ada6e7e604ccaa7f90ce7ffacb957772143d06728b

C:\Users\Admin\Desktop\UndoSkip.mht

MD5 70b81c750abc1356fb740c53a4fe4c61
SHA1 fe3c58fb4c9332e4f275a678fdaef43085269dc6
SHA256 c53ac943f3902beed49755de7df1fafb1108b90f31b17e42692b33e46837ec7a
SHA512 6bf8f0e9086b8bbae62b2c2532ca04648382fa0785f00171a6132964d7c2123c9b0ec5c1dc3cb5f875b24458659ca2b24fe4dc9fb34f8cd7cc47ced7b07871df

C:\Users\Admin\Desktop\TestMeasure.mp2

MD5 1930f82d534f416341fcde38b339c9d4
SHA1 3c8963f8c01c418dc2f7a4ef394f1417b2dda666
SHA256 4a9ef7f6ee42298572a2e4ca0b2326c5595c253d81778dcbf59fc3d0cd7766dc
SHA512 2dc57fc131e6b71b7c3ba5b8a4a430760db8562c0820558c5d9c38a6c0ce4a0233e02b484bd62f00b5b5f0ec01b2ec5be09a34a3cda575368b14654bd20bd3ef

C:\Users\Admin\Desktop\TestExpand.vsdx

MD5 16cbc828a532e11c89636759ee620477
SHA1 27340bb14074e3eb719d60b5d2de0807c0a257bc
SHA256 1baecc49a2a9327a01d7748f65c9e363754d8e50b8e1fb5f9253933eb61da5f1
SHA512 e67d362beb25f36ce44141e91a958a1ba44a9b4a09bdeda67347fbf0012d9610e69ee6ff844fb462245c8e21c98650df49bf23901416afde9a1424cde1f387b6

C:\Users\Admin\Desktop\SwitchGroup.3gpp

MD5 2368614445c3eddbccb745f20b1a30f9
SHA1 2812a0a0d289e1154ca5c2d4a6d5f8ebfdf67fe5
SHA256 f37b501ab6803ad6cadca7931398e2e8c0c0ab2905b9db2d302bb8b0a3ce51e6
SHA512 915bff10e89c37e7b051a6b3eadb3b55de272aff616de70a1a1340068ce5c7e406cffcb446f768ff33cba1f7e714051013e5aa67a85615ef065a3fdb75fbc119

C:\Users\Admin\Desktop\UnpublishPop.mhtml

MD5 3227e4b7ce93a0a5696e5628920aa5d8
SHA1 41e7754dc9e116eff6ac9903ee604c29234435db
SHA256 6c6e7bee8b7533b0e6044f65d161f3106f93cb3c25a6858ee0d13d3ac0eee4a1
SHA512 efd385557e72727a0179ecc5b48816093590255a46abf734ce8867a77711f8c1f37818e0b6c66e5bccd30a21cf496ae2a0d6a257daf473f6b167239b4fdb34ac

C:\Users\Admin\Desktop\UseSave.vb

MD5 c01a683cb060b845d8c717de62132dae
SHA1 edebd8d99a717dffb686fc4a7d3e597d09caf271
SHA256 b61f0d2fe91c7ea63ebdf27785e65bf2bf6731733364b183e6ff27ebd16459b9
SHA512 b24a88dc808fe4e273c636f36e6b5d80cbb3f6d62ac3d19ae70b6728e22f258460a373c31aca59669574d4fdac1e1eb7470b6f9c7e8e3a487a745e8df33af048

C:\Users\Admin\Desktop\UpdateConvertTo.wav

MD5 632bb241344459cc06df2e30ee67c405
SHA1 554e40f049b825a8ba4e149c9236850cec50a599
SHA256 16459eabbb19286f9950a4b4a0a629b56c3454eca92665bd07a003485d2fb6a5
SHA512 2caf46cecc8ebcc0216ca68f6f4f2b4b479db1424ee65f5f05da2df07a5156ca547b7e2ce8f651adc0ce4ca4661a7819025eb7b9864c2f4ac81d2bf18c7e2843

C:\Users\Admin\Desktop\InvokeGroup.docx

MD5 208294c1c80496a7097680ae974413e7
SHA1 36d5de97fa291d1136ecdfef17e4130c64dc889c
SHA256 242ef7e0602f1507584bd0ba53febf94c5d110e4245f2405d59e00313166d4bc
SHA512 14869c5b05d2d0e6f2c9558ca6bb5aae3be2ed44489ec04e1dcd0e4b2021cebb9f4985831197f5cd56e076db6d7efd34d511730a97444440e7c7de45bf3e4451

C:\Users\Admin\Desktop\RepairSet.xlsx

MD5 70f619bd514ef8e18feb3a9e04b21e76
SHA1 117888091dc7fd0ff500bc8532aabf23e8cabe23
SHA256 31ca2f6a90815da624272d5b54bb12261a6ee99ed3583eb356389be82fdf64f8
SHA512 2dd71e6da700730f318cc61d42af4c827470b5b6c6398c1047b28043a5bb6dabdf4d3a79ada3daa959b3a1e8d528d9b56dc9c12ee659e2321e9972538e7cc0d4

memory/3948-73-0x0000000072EA0000-0x0000000073651000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 c0636f2d138baca01dbb2eedb99bf3d5
SHA1 3b927899db0f3e2cb510782592887dc02fc3e400
SHA256 10973e727e5b0eb3f12aba60a682d66e79dfd86e4b6cfc454fd8df70c6e1fa8a
SHA512 0187a6ccb6428fb24ad4bc4ca14e7ce6f40ae6ca4f352f8e86a15288deb05cb4dd317ef8e9d04dc9ffb24407ecf0924af2c7910830c79366f7e4e48cb4b82b1d

memory/2136-83-0x00000000059F0000-0x0000000005D47000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 62f74c49344a196aced23516ec0ef04a
SHA1 5ea74ffab08f2af08fa621a5a56a7f499ff70065
SHA256 c6b37b09979682d0f34c238dc08749d71ec88fcc77a131ebdc141b2f52d52b6f
SHA512 4b37e07d9afb39c2139c78363aa5c2336b6bac6f4fd425c0888fc5ad1be12535e4debca4c454a4306090df21a7448ead8ead8b6ed98e79172f488f25a4dcc49e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 0a9da256ffcfe42119c7a351e5eaaa9c
SHA1 c992b8e18cfc24faee739511beb5094189806177
SHA256 f4750e5af8c84626318382887c9c17e6555eff006af7d7e88cadd562ab2ee8ed
SHA512 451f4d470fe938a7c71d340f0711a9d1cb98f542138bd95584244471fa5f31beba8274699be1e497742ce91182dc9e308ca2d9ce3d004174a8228cca4c118672

memory/2136-86-0x0000000006EA0000-0x0000000006ED4000-memory.dmp

memory/2136-87-0x000000006FB90000-0x000000006FBDC000-memory.dmp

memory/2136-96-0x0000000006E40000-0x0000000006E5E000-memory.dmp

memory/2136-97-0x0000000006EE0000-0x0000000006F84000-memory.dmp

memory/2136-98-0x0000000007250000-0x000000000725A000-memory.dmp

memory/2136-99-0x0000000007490000-0x0000000007526000-memory.dmp

memory/2136-100-0x00000000058D0000-0x00000000058E1000-memory.dmp

memory/2136-101-0x0000000007430000-0x0000000007452000-memory.dmp

memory/2136-102-0x00000000084B0000-0x0000000008A56000-memory.dmp

memory/2136-103-0x0000000007590000-0x00000000075A2000-memory.dmp

memory/2136-104-0x0000000007580000-0x000000000758A000-memory.dmp

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\COMMUN~1.HTM

MD5 19e1a55b83c47c035daa14ae1561fe61
SHA1 945b2b92d22b3f61151f115fdf29bd10fc9b1b7b
SHA256 f0383f1bf88527820ab6e3b2842a30a8354c77cfe3df0ab081a7cb40f36a9213
SHA512 eb0a220c14735de936e8ae8ca949b2d941b847745254fed1acb52806830d959beba94802741b748b396ecaefee29ca269370cd49d159bc90e8f4e17f7b1a8a21

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\default.css

MD5 63d1ba9723f4c05412fe3b3ddf302847
SHA1 5e7543bcc13a79446dab1ed7e446dd473a633514
SHA256 504c4a0980e6ec809da02ce16b73151622a2fdfb4409098c7ce96c1cac9b3735
SHA512 0267d2b166882874261afbc95fa3cf4e0e5c302cb1857a3d960567a6319c0570f59159ef58e584b4e80b5535a30ce2de76c0ce3d2180390271efda238812be69

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\BOOTST~1.CSS

MD5 7ec408560f2ebe6e038bc71b63c76df4
SHA1 7ae66e04bdfe209db420a0d9096f200dc12b05d3
SHA256 3cedecf2b8064b4a56ba47bda04544e1b21d71c83a12e7b5709e7c7976ead70e
SHA512 e4975e9f7edfc314f1074a11c7936df4bfad039ae8ae8aa8dc97066f8f6aa9cc9b75297e8eca6db879f31b636f58f87aefa7c51e4cc4ce5b0c6a48a322ff3dc7

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFPLAY~2.HTM

MD5 fbc692202cbfce9b949d94d5a7968de2
SHA1 547c6a1ee2b0e4322e0d66abcc666895730e9914
SHA256 42a7e0aa6b4fffeb2c73551b8c77a1475fd6a845df00f951b349fc34afc306c4
SHA512 b67884a2dfb98ed88e4927d1eb2fc35f793ad5fcb6c5726926e3c6ad1ae98baa3de29daf7c64b5642fe15937222fda8614049580caa296ba24454a8293fd2060

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFPROB~1.HTM

MD5 f3938e7e100b55722ec268b71c43a3a0
SHA1 0ebcc8dd4980b5fc19de808d8be3d0078c9e9371
SHA256 f34b0193f12e67c070bb9d65b705cd928b3637cfaf89ac15d872fca55fdf5abf
SHA512 1ddb333f2f676193c289f381e8ba3a7ddbed0b2db6d6f665973b1c0ca96db12231c0eae81be9f5e0413cca773dacfa0f84c7535f1d521a6c6ede60b512d64156

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFPLAY~1.HTM

MD5 a0df077247fa8ea856ff3edbc08d3f00
SHA1 5f620c65613383d1e04c8f3ea5839ac8f20f1821
SHA256 96ed6acf22e583dc5d104e925aadcbb10b7f7c33e0f653214e063b6941e24676
SHA512 6398b4e643554073df1bafbf16f55188ea4b0830712435f4cd2129715d1d0c262f3d9b4fdd910f08694dec1b37d1bf8d1a5212484d696c8d67119b9f7ca3f135

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FF1189~1.HTM

MD5 0206028b8eeb49fd8878a2d36e2dbc0c
SHA1 322f29009c4c8a6b1df436f8bf103045ae1c8551
SHA256 8ecae389c16bb3b593d6b4c302185ad5dea748e144ddbacbd5ff4a5003a926d0
SHA512 158897a6351d11cc7b644bed6e3318bd47672483ddb470b83c5238ca1cb66d6f31cefc6be72ce823b81b959c2010f791b292d24447098f3db2fb05c9b2da12e2

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FF3620~1.HTM

MD5 379f6eee5cad994607efc9d189aaf774
SHA1 6222be9771d6b0738fcfae5ded39f3d36aa32c45
SHA256 bacf3f45770bd5015254ede8e87dc09460c9053c7770acee195e89ea64cce623
SHA512 3773c937f749e5a0c3da4558438070e622e050ca6a2e8aae1f0237901843fb14569cef1776c002abc66f5d99c98389707c6cb5907fc124f984da02af72918edc

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FF274B~1.HTM

MD5 7fbe1ac2dc15b7c7d555482d68cb7f16
SHA1 dfcdd54cb31bc44f86e95f58273c6694d5b3be57
SHA256 7a420a56ebb98ed1a309316e609be63f04a5b092907cf351690a6a81de639b34
SHA512 0573d1b9a8278a5c248e3eb6028e17590b2c2c94b6b3cbe531f96c266e1353d0e7b086e89610dd520c9313ceb002f8e43923de9191079c32755e1195168f9832

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FF1275~1.HTM

MD5 77a8e04a766768ba44ad90541e175dbf
SHA1 5eebd3eb3e43b961c1e7d0fac2f60f6b0c08ba90
SHA256 3958f3ded5c0be3457fda1100f6a020c49a4caedc99365a390b8dbb04f44479f
SHA512 22c0179caae24d2aad8047f0627b24a2ea22438a815c2871774b7db40e65613c723b9b26b8c86198de5b1f20ccfbb396b82022171573a13fb5b07276696aade3

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FF2FE4~1.HTM

MD5 e77b92fd39d71d0428a6c93ed5bb9ee8
SHA1 058a6a897fa138656575ebda16c8ac96b9a851e0
SHA256 8e5984c6d001473d99c3da2d3c9c3f32a85a7fd9d6db93b11290fcc72e77bb72
SHA512 fd0265b679c3229eab85dee8a33747a726a4569b20faa2ed95ffbfe28b490435b1401cfeb9f1611deb176689ccc6c7a54ba80fcf44a05449c2404b4a1244263f

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFDA4B~1.HTM

MD5 0bbfa66005f80c43af7d67de99a24462
SHA1 18d7d4bf66a544d6ab09cf8c595ee039d270268a
SHA256 815a3b87dab282d442ad8409c777e3215c49e275a641a5004f29883b311910f9
SHA512 b40f345d5cafc52809dec533073399f5ac9c99e2c68692c7a65dcfb21d3121352ba6906a077c7ccd914464094dc72b1709aa657d07d23048d733c2f5ef90baa2

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FF70C8~1.HTM

MD5 5b55ad4df38b233674e2a82a7fc354f8
SHA1 0b2d5c696d3a7d626a3ee8ce7ffb8751cd18a27e
SHA256 ecce3ef82421ba759776ec41b59c5ef8e092d4e74f7dc07921ead0b1a9c56803
SHA512 afbb31a160bfe5ea26347f03046311442b3a6353b36ddae7ab69f91cee613175c14a563fa41ed92149d6975531f3d9eadd99251a7d11bd608c1d095c0da5902b

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFMPEG~4.HTM

MD5 5ca9a5fe2cd8cb6546c5eddeb29ce9fe
SHA1 24f52bb08f64f2bd014dcf70e677a6295deb5a09
SHA256 565f7798a7c34a7c5d49f8054c319d771c32a4c97ed5e974a3a3d8d483482468
SHA512 d10358c46cb66f373ecb1a730dee641f4930e9351a9f017f02f5a57c1b1e6235021b9498bd8151e7c4059f35c67c527e35e5d994e6113d083e5ed4194b7fee65

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFMPEG~3.HTM

MD5 24b90b70c6480d2ef0463a51ff0dafb0
SHA1 b931930b19a3b3855c6dfba86c8e87d27e5accd6
SHA256 1b29d38aad4ece5b8af62d19c7c092748971ee9574aefe6a68ffd674a616c292
SHA512 9d0604abc9ff95fff0a4893e0f4995e10c771f8dd5a4cb4968b9e8fbea40894e4aa299a164a4f6dc771cfcc148f3b50563386c5ed3ad116a0b34b616d38155c5

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFMPEG~2.HTM

MD5 8f2ce3d1eff2714a839a4505ff64dd9c
SHA1 a5ff50870383a2f8d0833adccf298253ae59d32e
SHA256 8e23323083f60d4a244227a659730fbc279866bbb6bb1ecbfaf772c4eec8b7cf
SHA512 bd5a646afefefc0f1b22e2dac6af8a9cc91c905f2eb26adfac8f3e66c333196b070f8aa95d16a04850a8ef1750498f8a70b85f2b581022b346ac625d060b543e

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFMPEG~1.HTM

MD5 c4db4cdaaeee80aad97ee854c6771804
SHA1 c43f3351156841337be8c179580152f9c1907e95
SHA256 fcfb5b83551c866fee82b9af3a05bea5fb21618748f364b4326e7364dcb4c462
SHA512 62aa665a4eb743794dec028d4ecc94561211c4526ddbfac8af3b3953fe89476ec646f5cf3bad596f1d2ce6ace0e1bc96b755d35defaa81eba144bcef862985fc

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FATE~1.HTM

MD5 91b0aa401618ff2e1a9b6b76029a5522
SHA1 10265ada8e0554a41803dabb2e3d4e15ec8c1e9b
SHA256 8a4b42521a9548c1f8106f2a69fda573901a0538bb9169c6ab8b1b50a2809612
SHA512 2dbfe3b85608c132ef89e2e12872c4954114c00d4bc537e5d4b2d682475067420d0b2cbf2d0938b8d24e7cf26052939c75a664ef3106f361a0916c7aa3a0c77f

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FAQ~1.HTM

MD5 3d69c314d407db0c009b3b367ecdf7bd
SHA1 b4c3c4875045a153c741008c502b898dbd0c4a08
SHA256 b6e75cced900d05708368d154bad2f38a8dceb8eacf4f170ac57bf2697f197cc
SHA512 73ccdd34dd09fffc8fd6dd2910ebdbec3e19d338751f9deb7b8558efc03efe7ee698855e56ad70acbbe707734f9954ab7002846909c665c76db92d90e15c5e98

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\DEVELO~1.HTM

MD5 b90007ed03f340023beaebdf89dc4bc1
SHA1 c9e32cbadbfbb4a80a09bb64e2ebfcb3923e01b3
SHA256 5f04bd828cdb06521ab8fe87f975e360c34ec9daf78d682cc2339a074ac13268
SHA512 d1fc99132b2e02cb0b0fb60738844bcf70369d8dbe87073f9f79e305081bb813212cf1c22ade8d0bf83f113559376d7867b87de829b5a6ea1a016866112b2ded

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBSWS~1.HTM

MD5 a17763e31006b1b1e411ca73f5294b2d
SHA1 7e503ff05f5abbdef840f40c06ebd8ce556ae3c7
SHA256 6149a324b5f380c6fa1a75d64aa365b01ddc2478f1939980a834ca4a9ab69e9b
SHA512 b9c07da8458b62b775f9bfb4bc3d16f6f4d858cb4d8dddab60b0221cab80c8af84c30a058bc1123104d60c00ad718145c15c754ad3adfcd4f4c95c24f48cb5c8

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\MAILIN~1.HTM

MD5 fdd1a98a0dd567365c5fa8cf0f81954f
SHA1 cf00644d78773165774ab130c802cc2939557d63
SHA256 9d948fca1aaa1c5f76e828f9b5a83a485e9a0f84135b1628724b22071e70f823
SHA512 23fd20cbef27c8b3fb2df698486d60e82d8a86e4230b1008d5beb5c200dfe74848721f71a2c73cd24c3bd7cbfe881fe216bbf51c85f59252d330c0180bd5985a

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBSWR~1.HTM

MD5 848364738e84a65ec690043a50949167
SHA1 d3c19ddb6c07620e05de8f20828d8039116058fd
SHA256 cac795999e223af3ebb40787fe0bda475925e97f8045cbd7f4ceff73d10b5d0d
SHA512 7ba6a4faa521c14600a4cad18fce4ac6ed68b0f049be26feac5ef08a78f7717e135caa6ca96dbaa2ea87b666a279afcd18284dd756df475b2aef58f78189a716

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBAVU~1.HTM

MD5 e35c033cc9d05e4aeb0d17d984d7d2dc
SHA1 f6c1faf4a8fbf84bdea7ce81b2c6bc237b5675ea
SHA256 00e80ac1a88b31a03fe0bd6e431f8e56cb48d75c60aeb39f4d0387ac720042dc
SHA512 a8fe78d484e66aca66af9b67aa320b88cb5a903dd96fcd188b6200ac053d182b25dc91324444fd0b02d0cf37bd823c30f48d04049361121826f1012b3160f509

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBAVF~2.HTM

MD5 2aa84b65a9e057d054db50e8ebf73d16
SHA1 c099b07103f5680f14885d2bc359716917ca2f0b
SHA256 41d92f09d17dc0022ed021366a4609314ed9e8f4c3e2e46c0863e267d8abdfad
SHA512 c17c09e5d1aa9854baa531d9649ed4cd5ca1f8aeb388a9eb2f5819bb17504ec16055d802970a2855a7c43f013900841d5ba427da9066a0b21c7129cbe51733e6

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBAVF~1.HTM

MD5 c56d3c0ac6e4b5f4080134df617d3b46
SHA1 8d3e03aba887d21ab907007018d6292790478f6f
SHA256 4077230a13f4f7e6ca418359eab6dcac6aeea69466f38fdfd5b4fd10c53bc77c
SHA512 01b198805f176d56921cf05f295a83275831b3bab09256339aeb5519c05b968cd93eb081e58da494c9d2bd56c1d58b4d41cf651e177773d1830b8d2f0859f9e1

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBAVD~1.HTM

MD5 0ceb3482139e69d98e79e64f1727a29f
SHA1 33d1a0f6afe4e8fc00b582c3dcc86b3834b92e45
SHA256 aad4ef308c4b0f8a36d5bedfea68e8045e89256989ea63be350490b07388660a
SHA512 7f6756d2e5ba8b0dd32469f0e0e5e2b913f6ad4081594f9e82e7e9c6f6d6f4d0b02f63f19f497143e7923cb789505d90016d1f6a81670fd7bf35e6898d56537d

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\LIBAVC~1.HTM

MD5 5e5a38f860ff744f69ba6463f0e60ed0
SHA1 c53bafbe27b74f5c5ed1dad14f48dc9c871a47a0
SHA256 d6712e76aa14cc7e346e05337c441baafdb97df205c04956a5b7ab2784bcb091
SHA512 5d86095c4ca80904b2515ab9356130e97ee83c2c96e6c6fcae7ee2d4f8898acc34a822788c9891446b99b04f954dc292ef1b7b1763da0507fcd2102ddbcd06e7

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\GIT-HO~1.HTM

MD5 2b5048d31862069460f704f70da6ea00
SHA1 cb51c8c8c21ee67e6f6a58c86246db2086a1945b
SHA256 875bb69cb2469f2c650329e925599a16b51c69151d51d102aaa3b7d2e18385f5
SHA512 9ccef9c6f0aa93ba335f0d3a65a824d9914bab9663e136a1c14e42b33455de165f660b8cec452c8d82c4aef2e70cfb181c605e00d81959e289063d98699264ed

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\GENERA~1.HTM

MD5 dcdb0c6da536dc8be71efc35e1d6ad24
SHA1 6b9e563d1738a0a0d118853729f67ec0cc6d028b
SHA256 b9df966c02dd7cbc60ab58f27c5f23c3ee8a88b099ebca1314440001cbfd70f3
SHA512 c9901e7a6363bab6ece1bcd12dbf4006fe81053edf1a9a083c9399e7ee66f0e224abb0ee51c09da651e36bb2a1fcdb19670130fc56712909aaee6e99d4e839d9

C:\Users\Admin\Downloads\YT Channel Downloader\ffmpeg-7.1-essentials_build\doc\FFPROB~2.HTM

MD5 ba6c40882060ed78e86faaec448e54d5
SHA1 fd3be4a8f30b2eb43ee0eb64b3b33a6fbff2b517
SHA256 4eaed9ab81a663e43e8e7d8e8d9d6876c84cc67fd67ff602b8f88188640f620f
SHA512 1cf04deb15d32dfb84cd85b71ea9fe7a6b46f98cc749ca177264a6ad84e74b901dc5cbc597420fcbfadf7b50a1ffe492cd12dd7786bb53cac472b4fcf045f7eb

C:\Users\Admin\AppData\Local\Temp\nsp6BEA.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 21:00

Reported

2024-10-25 21:32

Platform

win11-20241007-en

Max time kernel

1463s

Max time network

1483s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4564 wrote to memory of 4276 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4564 wrote to memory of 4276 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4564 wrote to memory of 4276 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4276 -ip 4276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 460

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

N/A