7462809739b96455ae2f24a3a0089574147185ae67d602d42db2314bdeb101b7

Analysis

max time kernel
120s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-10-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe
Size

121.8MB
MD5

f456565c272ac8ad9d0751b76cc026bc
SHA1

d2f80b5f1d5756e890a89cca5532dabe8e466d11
SHA256

00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9
SHA512

a890eb73154f7c292f5b608646b5303f098423b1c3476f062b71accce0dbde9f41ab170cadfd26912d747524b5dede68d9b81c4eb5147571748a40a9033dc3bc
SSDEEP

393216:4ezBr1SCF0LIUYuFBmY54NEZPb+ON8BM+:4kBrxM5YuF4jNePbH2M+

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp
2812	YTDSetup.exe
932	ytd.exe

Loads dropped DLL 43 IoCs

pid	Process
2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe
1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp
1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
932	ytd.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 55 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1059.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1060.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1034.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\librtmp.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res9999.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\scripts.yds	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1035.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1038.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1044.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1048.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1061.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\manual.bat	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\libvlccore.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1030.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\COPYING.LGPLv3	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1031.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1050.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\FFMPEG.EXE	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1040.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1045.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1055.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1052.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1053.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\libvlc.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1032.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1033.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1026.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1025.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1049.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res2052.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\COPYING.Apachev2	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1029.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1043.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1051.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res2070.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\plugins.dat.932	ytd.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\COPYING.LGPLv2	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res2074.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1036.ini	YTDSetup.exe
File created	C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\LICENSE	YTDSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2680	932	WerFault.exe	40

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YTDSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ytd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 57 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{004BA0E1-964C-11EF-BF50-D686196AC2C0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "344"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "344"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000591eb4e82070bda5025f988b1a6ed412f415d06e188a89f35458098bc11948ba000000000e80000000020000200000006f6a6de8acd93b3884cfaa97e988486314e29feca9469caf01a4cc44a8ac54cf20000000fa67c63711a4cd2083824dd58b855b44bb381d31163eb741ece97650db2cb6084000000073988a172718e0d25fbe7db92b7d5f7827e420ff3e6c46012dba2c6f292859a10f09a28d1123564e0067369a2c434fa425b37c95d7a7126835d4bb002fc2e653	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "103"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "103"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "103"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00ce6c8582adb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "344"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436405731"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\ytddownloader.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	ytd.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000004c174f645b43429f3f9f0dfe179e83c905e442f81e96828fd4343641ffd0e7e7000000000e8000000002000020000000c14ec1e411cb0ed589971168a790c1338d700d5017599a92e8f54c186860610b9000000041f0bf1f23103df87f0976a11a557543d1fd12a89db6597a2002e20632df6f9993628d448ea345d34a1effc1a8a7bd768aee9acf9c9f6bc30b546bbeeeff7bc3a901b9ade51f146c32f1c85f5b6b0ade98a6aeaf3e3020bdf9239f8daa425a1bb110fa52e60dac726cd9c651c5711b9d98be1f51e6e74d49a7b17de86035f9dd36ac99f70034154c8b926547c6713ab140000000695c53f355c51dc11070e67dcce207ee4ddb42e861ddab6804df406eeadcf9d1b5cd2773bb8a1345b7611704a683efd2d759723a7a548b022f6bc008feda685e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\ytddownloader.com\NumberOfSubdomains = "1"	IEXPLORE.EXE

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	ytd.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	ytd.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	ytd.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	ytd.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2812	YTDSetup.exe
2812	YTDSetup.exe
2812	YTDSetup.exe
932	ytd.exe
932	ytd.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
408	iexplore.exe
932	ytd.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
932	ytd.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
408	iexplore.exe
408	iexplore.exe
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
932	ytd.exe
932	ytd.exe
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 41 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 2444 wrote to memory of 1920	2444	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe	30
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 1920 wrote to memory of 2812	1920	00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp	32
PID 2812 wrote to memory of 1808	2812	YTDSetup.exe	34
PID 2812 wrote to memory of 1808	2812	YTDSetup.exe	34
PID 2812 wrote to memory of 1808	2812	YTDSetup.exe	34
PID 2812 wrote to memory of 1808	2812	YTDSetup.exe	34
PID 2944 wrote to memory of 408	2944	explorer.exe	36
PID 2944 wrote to memory of 408	2944	explorer.exe	36
PID 2944 wrote to memory of 408	2944	explorer.exe	36
PID 408 wrote to memory of 2916	408	iexplore.exe	37
PID 408 wrote to memory of 2916	408	iexplore.exe	37
PID 408 wrote to memory of 2916	408	iexplore.exe	37
PID 408 wrote to memory of 2916	408	iexplore.exe	37
PID 2812 wrote to memory of 872	2812	YTDSetup.exe	38
PID 2812 wrote to memory of 872	2812	YTDSetup.exe	38
PID 2812 wrote to memory of 872	2812	YTDSetup.exe	38
PID 2812 wrote to memory of 872	2812	YTDSetup.exe	38
PID 1660 wrote to memory of 932	1660	explorer.exe	40
PID 1660 wrote to memory of 932	1660	explorer.exe	40
PID 1660 wrote to memory of 932	1660	explorer.exe	40
PID 1660 wrote to memory of 932	1660	explorer.exe	40
PID 408 wrote to memory of 2576	408	iexplore.exe	42
PID 408 wrote to memory of 2576	408	iexplore.exe	42
PID 408 wrote to memory of 2576	408	iexplore.exe	42
PID 408 wrote to memory of 2576	408	iexplore.exe	42
PID 932 wrote to memory of 2680	932	ytd.exe	43
PID 932 wrote to memory of 2680	932	ytd.exe	43
PID 932 wrote to memory of 2680	932	ytd.exe	43
PID 932 wrote to memory of 2680	932	ytd.exe	43

C:\Users\Admin\AppData\Local\Temp\00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe
"C:\Users\Admin\AppData\Local\Temp\00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\is-685KI.tmp\00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-685KI.tmp\00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp" /SL5="$4014A,126715381,999936,C:\Users\Admin\AppData\Local\Temp\00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\is-65M0H.tmp\YTDSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-65M0H.tmp\YTDSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "http://www.ytddownloader.com/thankyou.html?isn=604FDEF90AF242EC90287EDAAFCAFBCF&lang=1033&cid=78a99326219c5645a1d9f543e15f39b4&oldVer=&newVer=5.9.18&kt=ytdd&pv=0"
      4⤵
      PID:1808
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe"
      4⤵
      PID:872

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ytddownloader.com/thankyou.html?isn=604FDEF90AF242EC90287EDAAFCAFBCF&lang=1033&cid=78a99326219c5645a1d9f543e15f39b4&oldVer=&newVer=5.9.18&kt=ytdd&pv=0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:408
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:408 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2916
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:408 CREDAT:603143 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2576

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
  "C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 2320
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1033.ini

Filesize
14KB

MD5
5e4f61279b53016801d453b1d7a20cd3

SHA1
f32a34a88f7684264bfe4b1589cb7fd346add1b7

SHA256
546f50186b607153c9f121c751ac592b8905c29397bdd7a9c0bd860e467e6ee9

SHA512
1f9514359eada9224ed52815f02b17712d357e9806171acd1b0c88d6dceadac5692e5a131df4af62b8d15fce01759ffdcc3f075c374a33d43e10df8acc5268c6

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe

Filesize
336KB

MD5
2b4ec88beeaeebdfe0f996fbd53177ec

SHA1
8b60a69d5a72d456c496e4fb061182c5d46a9253

SHA256
410dea37700039f821acdb66d6be05350f37d143798cf39946ed5b4def709b95

SHA512
bd2c5d7f7e4b2ca7f38ff646fecdf46620557b269cae520a43d78fd040d06dc0ccab3eb068bed4621a4186c992850703b065881730f52fe1c29eba47cbea2529

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll

Filesize
45KB

MD5
ab0a22194181d6d6ff01123dc9a376ce

SHA1
006355a4240c874443db242ec4d79b8f61e149be

SHA256
4d03b0edd616098fa390a41f8d68f6b77f4c96abf0bbf1578e310c1846017da1

SHA512
1db197bf8e99cd3e729a481a6f24fe1b090a12679a6ab5b6334e26a8442bd80d25379104c475fc9a70111b8c57ca048c4a3f40eb6e667814cce9ab1c86b6253e

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll

Filesize
45KB

MD5
91074f5c7288c67eaed2c2c657e373d3

SHA1
84aecb92336c668bd834a749081eaf1e476c38e4

SHA256
085dc559b88b1687b2918b8ee797734adfbbaa233ba7d8f0e8b5abea8740ca51

SHA512
579a27e5f3565efe46a47034f2880782c5a947b56e65118e8cbc58c886ec805ce39593becce5df4aeb851adc12fc22fd3db450c67b864a618dea05822c58a4a4

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll

Filesize
36KB

MD5
43f19a5d4d42e3cd6514348ba5fbdd96

SHA1
1f708f75fb1024be8b3f6e51ac465664f9414e29

SHA256
634e0e8bcecde4375f1f9510980bc2bf95495acfc8d0a14d15307c49829b4b2a

SHA512
bee50cdaeb50c888bd7df7ed789983a47ce6a50ab8bbba006519640530de8744f164628e741be8cd106cc229de1ca5f63ce23f41e94343869e8ba1aadd840f41

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll

Filesize
35KB

MD5
a3297b187aba1024501007bce77eeec4

SHA1
66b0d789f0fc6e465827bc372047ae1b57fb209c

SHA256
bf000179818fd3db857f7f46dca974698258fc11acf518fd77df4f5a9de05bbd

SHA512
8528aedc44bfb827fa2b5c9fe7c36152daa2e7c4cec32b8eabd8167dca4deadbe3dbd2b4723f00355a1f77cca1ff8c3275cc33c85454ef3e951a72bd1a6a407f

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll

Filesize
46KB

MD5
46672363f47a25d69a5324045f4e8d63

SHA1
f0d65ad9301f953f7b604087d27ce3e600891250

SHA256
0a2f80092b426f11dbf54b10542d3d7b45d2e40fc575e8e0e73cdcca47b4885d

SHA512
24b52206390b04cb909a1da12b46294f2aa848a42c27a6d765e6666ffbf86f64bac929e9210723d5c537a11d015d2f556e39821d01310a328cf41c988a25146b

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll

Filesize
9.5MB

MD5
4088b4e4ea76db97544c76ef7f2af08c

SHA1
c862b32ed75b8ad1c029edd2c0f492fcb689f8e6

SHA256
2d7aff56a160ac39f7b68b34eb1e25bbeee8fca6034fee8f278abd0fb3dbc0d8

SHA512
66f664a8fc270bc611cc1c247fbe9a2b26baa900b7b38a35ac2d232b6af694914667eb066139e1a889b33e226b845f74f615b48ef84eb626fcf3db137468087c

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll

Filesize
39KB

MD5
3dee8d41db28133b3d00bfdf0fd16eaf

SHA1
55f447676e8d94df25285155f6974583613395ed

SHA256
d6af06ae76f1409b16d2e781217b863a7b32d5ca953795f52d5aa54b0491272c

SHA512
6b222b39601210957082e490073b2d15caa0ccb94121385f4372a02f916a04d4c1824b0f897c875fa1a756d81d511f4ffa649dae7cc900c3746817e1049a67ac

Download Submit
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\scripts.yds

Filesize
220KB

MD5
d8ced7c2193354757988028fbdbf197e

SHA1
23e7c13471207cc7abd0267f11f9c814bece7011

SHA256
6b384b1e208a2260f54e3d003449c53c03acd8947c8762060fd9e9832dc3bd9c

SHA512
96db2348c6c8f00fb14321b3b816a1a59a60bc54f66002253d6ac43768c94aca5ec3435069e17a23426034bd583c350cdfbcb9daf4b258a8fd485bc96a34f908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
30c4c27f5c4afaf6126ddf15f878e3d4

SHA1
3b15db03d10a4ddc9bbca20b39da8b7ef1ae5b70

SHA256
4413a24b68119e62da4b3a4519b7bf6c51a78e9c794e78c3d9c56b2e5876a21d

SHA512
cb9a60b92a386a95f93bbdcb8cedfab24b84b30a36e275a0f38aa308428326314cfc5be1dd2834006a4ebf5c546eb0b6f760270954e80aa7df19aaa2a209f627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
ab0db4bdefd6dca4a2b0d158ab971431

SHA1
0d148b457da870a7a7710051f3fe7fcf66a92a05

SHA256
131fcf50ae60e121c69ca74593eb225b27690746d666bbb0737c1082f590ffde

SHA512
ed0dcb4e2cb9b66070a9b75a2fd689ef7bb217715cc2c8fe8dfe19a7babbf262891d8cf68af5551b082a5f9c4a78fe08aea2d1c2c8659cdd940f7b6cd61f1c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
d82d865758cdee97aa7bdb59a824de6b

SHA1
7aead903f576fdbc32cd6259f6f28c38073b7390

SHA256
7dde9272b72c41d241c9bcccdbf2c643c9ee1950b497934d104177d56d1ea3d2

SHA512
232bed432b044e6d63e84eda9ec90c2eff25590c1cb0488319643e86456d8da5206e6d248fa76018b596434a74f815dfb1fbba09b0197e9ef5a54da018edf509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ac52d5a41d5961a0547288df6a38d905

SHA1
741d0c92b7f4735cd27f8eef9fa31baf880b4800

SHA256
fc360e2a9aee9bfd66b2e74674852b45d8512d61b1814903d663d788fe99e985

SHA512
9c636d9f039a1bde85e49f0daee479a24d67227bbd72edc1bbf366d484d8d6cd7c97948fcf4cedc0451058d03596718aea61c23330ad4b87ad763a82d0912905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d37895e4215abe57dcd1bf72c262f5c

SHA1
862b54656972b02be23c192bfe95d9c83113753c

SHA256
1c27a7f116c095bdf5161bc1dbdd49b225b9daee447981078de82591eec30766

SHA512
720bdb5d6e32f9ba71394e5aba7ecfce2b8845c38da5a624d2b97505f9d1b584c37192916555fd771dffd31cd5f853479ffe6c2a8d4f48ed1b681c42aee8eec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6213ecbec97ab8ad6d6c2d27aa180b1c

SHA1
5d8b47aeea0aaca318dee47985df431988b9a5bb

SHA256
1bb9a4f0cbda0fc9c794a75f9588d481bc5f6aa1553775b5fef9f889f3a20ce2

SHA512
370ca0ea9668c63ee48e07c100a64f30dd25e0d5c264e0eb88e7a691a073eda6020451b92abb5f7dd738c6f79ecd6a709889d825ff97c310d48f35d77db7ed35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1213f23bed8e0c8bc5db1f883dc095f9

SHA1
5f9c8f4dadc1bc21bba0e89a9076cc7085eae9ba

SHA256
1f571290cc36573921cfe930d51fae05e9843f122c2c0b8f5fb2c66abe101fca

SHA512
621db3ed941b690c66d5ccf0900955ac264cea9ecb07d5261a255c7ae0f314e1946ed58b9154f45c5a4f303566aca36a6ddb71fb59878a0f2a380e7d2fb809ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4d15d26e07c2597a2a96d95c2b689aa

SHA1
bf56e406aa839b72ab4b29e91dded9d9a26b7d0f

SHA256
198e222cc080b45f0119c729f9affaabacdfec445a887604abb88e34d373c49a

SHA512
1cb6d6a5e6dd047d2bec07dabe485e254adb908f96b01833eb98e4470dc3475f2e5ddff762c98f7cfe9b0e62bc869b97c74764c9fb0a63bdd93236f6f4a379b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c680841a57f2c7c60551e6cc3953db27

SHA1
00b944c9ed8394b777055d7b2c104ac0802c723c

SHA256
51eaaf17921eb7189110604a9bdbae96a5155e945eb32099bd65d60d64a6400a

SHA512
afdddd14d95597e5a061356e6292374dde9aea4812fedb245d6c5a3ab64b901b9d9f2c389e2e48e7a9a7a7989ce0a0dbf758fb42c008b9ae7fa7d1fbc23af78e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15d44f5fa5a0e3386473b265695edca3

SHA1
2500ecda655915c71888c03d4900938530605aad

SHA256
e927f491cb9e29d3247e3aea529a52baa3240c750fa219dac7261e4b2cdc09fe

SHA512
c27481bc7766dfe1aa21c605b03ca3a35768317ec4b63ac15ec31750017905e1aa2d425b584183371389a77633beed037dfd093e86c525c5b3664ba929efba06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d75e88f8439096d08a7a26d707029253

SHA1
6fddb967269c55c9e7fd7023c9cd0d71bd18ce64

SHA256
d13975fed38d7a6b62afc703e015a6f819828745f080d222289d316730e4eb46

SHA512
089d3d238f275f11e9562c1a109b297cac4663ea55a16b9eef5a50e6f9e709a4ec4d2a757e7a686a23e9120703573135ccb73a6f094553c94b65c9e485dfa0f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c94b898d2be9741723d8c7bb01076a3

SHA1
c5677e9b50d45aaefd303fce82206c8dc1861b72

SHA256
e687795791a108fdac9df6a001e108405d7307eed8c943c05a7ecb272b3481ce

SHA512
bb1a28847f2524d301a0e2f3087928d38341bbc36da07f895e420e110dbf535ebd57c53c5a4411f15887f263555050040a5409f3bc285519f8f4e5e76bf0092d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be7696bfac9cc599659034f188e5cca7

SHA1
202ee835c682ad7b49434cd2677a719dea339571

SHA256
840fc99c76d8acba3edcc338a3216f174d43385b32567c8eb5a0b7b5ef3b8090

SHA512
3e7d1f6f92499cfda42e13abe13f43dde3bd7a280d18a1eb546bcbaa7b940625896e6ba903421f85dcdd0377dc85dba5b6630db2fc46ea3f6dd7d092fcdc39da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45ae5efe3e92a62ee8aa15d762c7ac23

SHA1
24c6ad19a9b56e105736d953a53133bb7b0d36ab

SHA256
0a5f5c1d78138c33def3d773ecb2009c23386978056cfa58e9e9c6f297ac462f

SHA512
87456f5eae094c2f824abfe51e26acc266c47b02a431615e0144dd3c45ce4114d47ed0367b36b355e393126fc69ca8a0fb6eea39c1982392e2efa677ae86c54b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5887ee2d15d7fb9ff8da42e70abc305

SHA1
7982a1a87dd3db63bbe34c038fe2e65f40176749

SHA256
c85fa7e3a412ca544ea4ba2b2409e08f2b47faf1519bb46db0b15f8da23e9434

SHA512
ba995717cc64f6d9c580907279960ca9269519cb553c2454ea5693aec83309eaed75cdcf791714f5910050043934c26fe761ac3772f494ae83d644a4bf32fc6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddbb04c3f863dea0f928a7df56e08cc3

SHA1
c25087be49c92a76ed8650d28b460f5f555df154

SHA256
5de9c0b650ebf08bb7eb67589c4b3692bd2b2869d9b40889231aef6f2d8d01bd

SHA512
e21fc982feba6b051303e5bfb754840d3bcfed968a978f42f30415b4ed4d977af68a2f16f18aba3ff33f8aff081e10519d13d4630b7ab6630ac782935b62c0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a5b0d33777996bc77d7577951ad6440

SHA1
f8f8d95e1bbbdbd43af2530e73006171d8c36201

SHA256
dce1881d76bc1ccad4b0c87cf4ee145f206e2c3fec4d76703fa42854d772e18a

SHA512
dc74f159d9448e6de85b9b395297c727631ea895963f535bd4259a442f5a5120260b384a3a655e930ed49fe0ebd491cd943c91f860bbf5ae0714b79b9a76a4a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fc910c9f7fb4ef200ea1f1585001eb0

SHA1
a3b1a1f82ba7885def152c78222ac01a839bc70f

SHA256
fff85681c7fd2815d2a525d4fbe90b37cd0c69d348440819f39da0acb691043e

SHA512
011689f34ed23e602bf4aedab2c430cedc197c2de1383d8ea4fe2789b1b2f2b6a53b01602507657137fc0cd72ca5ece305b8c0a8924eef6901e3eb4c8a082975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2a741d6c7684b5d16ac5f09a51c8999

SHA1
1b09601ea583504ab1825a433dd06339dbf6bd6b

SHA256
725dab5e05e1aeb7991a7a30000556cd722bdffd2be2c191e3b02b9a4cd08a9c

SHA512
5fe23f995f9272f6f13e873cdea27678a079f5cb970288b9485c241cef24d47238ed25ba75391b740847e95f637d613a01316002cf06f295fb6398109ae32f92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45982c35c952c2451dd476a56912baa5

SHA1
31e4467cd00b3c0c11b369b4814ab78a7be0b9c3

SHA256
a25dd513475811d00916ae023c85b2bf81a3c1fe67dc335248b3ee2eb013c1b0

SHA512
bd0cd621b20e881a3d9a01e8d65a0b6b3c0f585c59a2046492876b5f5545968477d6904598307548523f0f4d46a9dbc62e44aaabf7c6faf806cc0f1b0e6178d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2b6dec3f5cc9e522a48b54f9e642ca9

SHA1
9988d83f1eb38eb5467aa65d21eb73649f70a2a1

SHA256
222a95d4acc079355b56e086a43db3c81f22c27d6b93a4119f81164b6f188e7c

SHA512
624b0228e680cb93015e28e7a8477bf4b664eb10fa2a2e419ec0c04f861c3b05c52dc4ffa3bdec0bbbdc6f2fca8def1498a932bc0046ca238601997649759378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab8c84edc3180dc3e80d0d25b392a3f2

SHA1
61bc252eefc48aba2ddf9d85aa206f69967faa72

SHA256
92740d14dc2cf8da73227ef8cf1cc05096022587fa6ece3ad5835b6b484a9f7c

SHA512
d243f7f0212c0e1c4e1e5d2d25e084fa9af0688510f8f30f76440875e8aebf413ac803bb7c55a0f77928526ecad2bf169191c558260f668437bd9795a7ca7c9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a69774e2f0faf5f1c5d8474bae615caa

SHA1
9e4c973e0e8203f2e7951f4f2e1036537f66da75

SHA256
d14dab7ef8a7e6f7085d656238b15d9d9961c34063327600c27bba5a14e772f5

SHA512
cb1fbc50ab38e675133d3c7e83f560cda4c6073a018599c5783f43f751c1d06f5d586edd5add9a0f9791fb727a2671c07641b6231eaaf5fd4ebd958fea06a094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8d6352e2a17fd2bd2ff80ee0e08f36a

SHA1
4c1478c26f834a4908a0259b42ea80407e8acba5

SHA256
e6fc67608260cc29f15d75d09ddac99e43dba7aebc89ef8dc9f40fad64c57d32

SHA512
8734dfab37bc30578cbcfc45d332499364d7b75b1eee4aa19fff93e463423f4d4959eada52e063396e39face5fdd38a3ca96578474ba908d158e3ac39673a20e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be34a2f2dd7ea27aac8e2bc3d21ed7db

SHA1
c94b726ecef5b3f5308515bc1797cbe790f515b2

SHA256
ca3283f158585f3f7b96fe886ad63af24219837eed35cc6ce7078bdc3a1ed4bb

SHA512
4fa0b233a6661de9e7477da4925d0d6756555834fb8f22a0683fc3d3f4fef148893dee0cfb5560f64f88b9c5d9a438f7bb45efcc7c09f5e1d34ea4f69f9416f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27c109cdd64abd554ee7d8d3b286a9ba

SHA1
d34b2311275601327364146caa1458d5de41d667

SHA256
b4ef1a8ea1b8597385733a2b4d9ad0ba85c4b5c24e2bfc1a24852a7f6384d820

SHA512
affce681a01b727d8f7cdcd1cafd402b11db8f081a2de14ee95825a4bedd2b2c620a03aa8278d81fbe8cd94373865cd73dcfc5582f58d413b7ecc47b650c52ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d47c9b52252076c7904367a56662b1c

SHA1
f9885a3828f3733be39c1f4ff709cb489e6689de

SHA256
aaf6ecf532992db1227fe19ac90836bc5c2638d6747589b62d206c3f23af0759

SHA512
92393480f813bc6473fbc49e1ae48bca8de13495554f2d3160ed1bcbe1986ec438538c5e1b6b117792437eedcb2aeb48113944b2a49170a19520538e1f15ddaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2d2c35fa9340501292dba32a11919df

SHA1
402554c2c81f51939ac435972ac53e48095a18d8

SHA256
21daf63280d40533a4c213e1a5c0785ccb111c86717ddc70c1a3307b47b1fc55

SHA512
660374ba351ed6b6abdc7ee005fc9dd83dbd321816a8a8d231c04d9233ae530280ddc4f05a85e5db18890a2f6e7820aa850660db4a3a21cf11993aaffe29df62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
520df1b76011f02c06f3f4aa9a2cf6df

SHA1
25e0f849d2389209b1f46d7016c657389b25fed2

SHA256
a1507b72f7ad90d36f10a44c990184734eab645ba9b793f95bbaa864757f4fc9

SHA512
d9477c2c94dcd3825134bc9d69b80652af56a2c5fc7a6adbd7630cf7a569d228dd22d1415895bd3f8e9d19b8a400a69e1185f8efeccccea82e8d92053543e6ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31bafb5e1defd9c1ae08c1b522a74485

SHA1
5a80b6e4e33c9a5782ae00b7f13a1260ee3d14b1

SHA256
b1df6c25856ab268ce92f4dbd06c42076d620cdb1463a9a097b26cef6fe557df

SHA512
5f21b76dccd96b6ddfb7bd85a1b0754ce34a134533a114f9998840b8920ec188b392f9de0d2f188b6d1675910f1237bbf4043fc769459fe1678c81c61f55cf08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd131d9f7742d8cac22a74f37560efff

SHA1
fef276e80840af264cd1ab588d3ac4843a28c8af

SHA256
c5923f2cfb8abcd5b7cee6c45978c16882cbbc2004a8dd84aed6bc9149066c5e

SHA512
47d3b19f7f39ca7dc465082e57ea097df0fc73300c94f8780abdeb7dae31417abba9a8cc2ed942800f5a60855211b154bbdf01b727c177ea02d9babace857303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
986991ed070fd5226f4b8e823ea03d1d

SHA1
8455d1339b4037a54f2675a0b47ec02722af78fa

SHA256
a651f8c75ffb823530edcae4c12cc6b13cd8e47cc210a8467b455185c9f310b3

SHA512
ffe83c9caca36d130079f47073f3d600efbb25b987ff73d8394008d0389123c2a0f5d9b0a5df1ee2b0d598a74fde129b7ba45a682f6b82ef6c95a87261a002b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb1a13b7c1042571c82db1893c8153f6

SHA1
0eaa4c352e0db74e314cb06c47a022f5af364887

SHA256
5e333db7d1157ec75c40cacd6aa7ffd037f9c085a0ec8e816ebb3326e8c2fa06

SHA512
09d720110d1a956bf9ffc8058c4f7596ebcb31c3ae1cf57d3018d0df429f71f3c7489607bda1923644bc72614375ea7627b1b64f9213875f70f387872342142a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ab6e1e378de04f875c40da3ba115c24

SHA1
ca14d537735bd9f8fe9f561f1fbd816d08385ace

SHA256
3e177e5e4ece14dd79c8831917ef4154b49830c328dcbbad480b35c72a7dc4e3

SHA512
334d82b067503c23778fa6e3f697def3c696c07e3b650efc5d0a291db35a8b7daa96ecb569810e6a26c26bb1cf93fdcae472355c77bceb1f56c5bcda421a17d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58ac615828a9b76c0725d2fec4fd48ab

SHA1
82c9d9a9024b664fe470bdefd6d022147834d409

SHA256
e4c779bd9b4fdd64148d1fd6dcf5c59958562517e2687b3d6cc9c07e8c5ba2ce

SHA512
cea759f54563b11304e56321c5dfef1930d4ed8050cd55ccf303c95f84cf4880dee5d19eaadaae9c9c22f065ca1340d525a0512b3978c266db1111c1616a6bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b683d45a376bc4265e0102b276019ff1

SHA1
65be4b0740e151eb51e7256d171d5a493e095c04

SHA256
205ff77d2271ab9b04a2e23768f3531dd1275633843950a0c559c64b734ab7a2

SHA512
935a9f57a5c13c35f8f69095e83b0e008d73328a86dfea875833339659dca304b6677b50ca64781e4a59f7bbf53cfc9fa08fc044ca5850886077ca849f31b363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
d9d1cd22eeed8a30e8788b57b5463601

SHA1
a2d761f3fcc441ace7d80d17d27d42b460bcc8a3

SHA256
60d8be43965704b2895c0fed11284814907c5e5b7819a642e0276e7a8f9259b7

SHA512
c83764afa6560b0104b199e5b9b7a98af54b7639280060c27e09f6ff49476d38fd147d75b030ee28c7593c6fefe94317fa63af7062251121d7582e9b5ee3a614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
6af99f149c1a16e8a20c2c98eb6f131f

SHA1
3ba04fd57e48364b768098c881a2b81e3afa8b44

SHA256
46e3c94d0b33567b2c5212306a39297d6ec44f6ffa392046710eca154d9da4e7

SHA512
2329925347b1bf1050dcce26772b41f274b737e7222945408cb8861912092b9c5ac85c89d9b32e50cfca9fb5c22564cd281f1a362503285f0976f4f9f5d8bf9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5068e25eced8568131574c472399d3a6

SHA1
5da440a9d703523a70266bc98401adba4f50e3b0

SHA256
ffed9ac9277daab6d3ccc18468d43e5b123894049b2cad4146d58ccc2ceb860e

SHA512
3db012a9129b2335e9fc1078134a036119909d617c044645138d2db960d37190bd843042e3bb8c20b4de003fb4ba6da0ae9336b6d5f3e0dfeefd9cf7107300ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\84IP16VZ\www.google[1].xml

Filesize
540B

MD5
d334e3981ac2c2585a6e97af9a7eb7f9

SHA1
a6a068f32b3275586ff47905f110a554c5b7a8e8

SHA256
5eb5a81d74613880393d5751593daac58f0d52df95ef2b0441fcd36c93245bed

SHA512
9f43caecf484def86904ee795431fb2e0213d3dfb85d9217e21f85d362053c09a686462238a5de7e1936248f1fb0ee48d44e00cd731aa11f8008b506c85b76d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\84IP16VZ\www.google[1].xml

Filesize
99B

MD5
22a4ef0d5b3d972cae344bd2852fb045

SHA1
a9c3e8584d5383bd6d4291de2e7a39a3df0ee283

SHA256
1106c8e08ee5a79c2443bb98fb9fd979e6786ae3214361c166ccf32dbda7fb0c

SHA512
7d23421ff07809dc107dc29ed5117393ad6facb2b8339de4dfcff6a878be2dc89447440a995eba149f8cf3bb431e6a4ef7670f6a698c8c07d7b50d3d4cf004af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\recaptcha__en[1].js

Filesize
544KB

MD5
1d3c12ef7348978206413b2c985d0e37

SHA1
4c8bf7428ba9ff2c3f9e54c05065604d5c4d6a4c

SHA256
5ab8f962752071d61b4c1613f2126ead5a5969b0157509532cb1cc43d1c0486d

SHA512
0b544007426b2f5a7d5ea806cf2dc94e1d7c79ddd67d14e5d0d527cc367dd42be0300d9af32592d9bf59683183e7085c502c49d233acb10f8afb07a2b5463266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\spacer[1].htm

Filesize
134B

MD5
4aa7a432bb447f094408f1bd6229c605

SHA1
1965c4952cc8c082a6307ed67061a57aab6632fa

SHA256
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

SHA512
497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\favicon[2].ico

Filesize
21KB

MD5
b71d2d64c174e580bbf5fab2bdd8f5bc

SHA1
032fc9ffbdd4b8e2cf0490f0b78e3f41eb979084

SHA256
609e7c323da93b1f5f56ea594792c4bdbe55bc5efec0c074cc0f71b706452bd9

SHA512
8722a98063d56891cc00093d4d3d5084f5c9a6b300d3f0a133d881de7a01d896efa3e002cd54f1c4d02d443c013f3e6638e19eadeae24f933a47b835cec3b344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\styles__ltr[1].css

Filesize
77KB

MD5
68df4e65bb75c72bb2de801eebeec9c9

SHA1
76462f14972c57a6ddd6eb1fe624ef226a7dbc37

SHA256
af772a1084c1e08e7a7b0a650de797cb14337ea9ba8fee556bd44db8e0dbe1de

SHA512
3482d7a1803045b83001bb180548e8e125d8f48386de46804cb4bce6b842c545282966a7e6f0f137c2661328c4d0d99a6301a302312591f03728135fadde211c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\Vdvg9IkuWe8avakkm-53G20fsCyVhKgZwrq5Wn9OmsE[1].js

Filesize
25KB

MD5
07d80b37d4fbe47bebd0adc894c4b2d6

SHA1
01cd95e12b3f54a90be1523b764d3d167e4d0552

SHA256
55dbe0f4892e59ef1abda9249bee771b6d1fb02c9584a819c2bab95a7f4e9ac1

SHA512
b7d36e2e31c969747eab8cf99e1b916194e234a3f805b9c20f08871f6656f5761f5c66f2f15afd6bc8b477e5ce8f4013edd6edc838c435a8f42b4fff3a040f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab698.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6BA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\libvlc.dll

Filesize
111KB

MD5
ded3aa6b7920334e6b334eaed3db96c5

SHA1
43ddc57d22dce102a3687e548bd36e32fe20495e

SHA256
feed76629d5f9dbe7401a326994e80b003ca5fe1cf876029e4707a71bf4b5860

SHA512
aeec44f69d430a544594433a8e830af075cad27a7dfe83401ee82e51a949d1140e253ee49f786b944ddf98f513f3754eda6bf0311288eddf7ad1a73d8110de9c

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\libvlccore.dll

Filesize
2.2MB

MD5
3c07164ceba1068ee3eff672d8e11eb6

SHA1
c96d644ad20a788100609061c052220828784a09

SHA256
170a18f9d841606432b9157f243c43c7a2d53bf1fc028a147bd15f505749e69a

SHA512
af48e1d10f442789df7edaa89b7364f7670134af7f8c624b22073eadaf3516cf10aab196b411835afb839c0256314eb3d75fec37afe3f78f5e5fe123b3ffef4f

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll

Filesize
34KB

MD5
04a21f5ee0a9c27ca5e5dae050f3d275

SHA1
44835c934ec2a4e37a75023317798837e412e34f

SHA256
ef0fdefcf8af37c1ebaca95e79279907a389915d09e81da38fea9ff17afb1acc

SHA512
6fb0b523288c70f11cd1fae8bed774266956033352df6e9dea3f3881a9b971f0d13eddf9d6d124edccc4dc7ead9441749b091017b3f9ed2b33f887a1f8f660fa

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll

Filesize
36KB

MD5
d4f826e68b616cccc1de1e5ef07738b8

SHA1
e35d6657f4de4826d790c935f94ce41320d09b00

SHA256
1b64f39162f9918597019a89068edb9607caae194fd80b5367df08ed06ed5a78

SHA512
877df9980a3951d9f65983ddfac5df8026229e99618cd05b6c803e754074d760c5f4308cd54a1c7e7ba8f65ef684ea43eaa06ebebd4e1a38441ea9a63b47c956

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll

Filesize
528KB

MD5
416108272cc56d4036d5796fbb1b8f3c

SHA1
66a7bb238eb0d4ba6543a0046df5324a8833cceb

SHA256
7bf969f40afb0ae30da950059a10868e1a20c0d64ed7da11fa5c9c7e0a123bc4

SHA512
682062f8d3b012242b3f679a16f1e4edf62f7918864488f49fcc8ee5b938989ec6828417c0f771ec2835e11688ce024dc84dbc859c70daac2fff87fab28019fa

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll

Filesize
78KB

MD5
350983ab596397b2d2703d658baeea8c

SHA1
63205b4238ba14871bc44c7b14b61c43ea509f19

SHA256
36f5f233c3c01c8ddbe330a760d28c0733fc512ba5097daba5c992742e0a6571

SHA512
b923e096a0f0460055d8f959ea496625e87a939b0c054fb2331508d8905a3c19ef7dd9a0d327144a70a1ded62cfb602c42637fa2be1de69b1a74f61101fb962e

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll

Filesize
36KB

MD5
6d9fa70a05698e9b6aa1c6074def16e8

SHA1
41b2e9aa0ed69a75a279cd3b57e5b4666e9ab991

SHA256
3ef1918ccb05373eb15f5298d083c1c0a8e171ed2ab321a6c2270f26c2185a5b

SHA512
a075bdba7c71664880549b6779d56fc5e354f1ed11eb1f50be68e4e6f81c7fc4b4ead6a7478e58c460f292aac02506d01d5c65a7b42cd4a65ef554b75a20eb01

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll

Filesize
64KB

MD5
ccc67f588880568bfd46c4b8140f41aa

SHA1
5d37e43434dc31d55624bfd481c816bd2a285b6d

SHA256
8f42dafb5528c09248478913ba39b6381128c28eace727b488d639f36e614a7d

SHA512
5ac2ae619bb27a4c8cd2fdbed454d930cb5ed8ffa134ab6e9eb84c156650955b7eb1ab4542e5477f7aebad95194dd0dd751dfc508781d9820079d8189ef45092

Download Submit
\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe

Filesize
1.9MB

MD5
b1934b07dd28fe1ba94df3861128402b

SHA1
c5d918e696059437dacffa8c3359ee31e97e6e06

SHA256
2670c0406f42be2455f3a20e3ae8b024a41c46b956df9214cb63ca1efa18b17e

SHA512
e863702d96a1a8371403933d9a0e082498d15a39fcf0bedb981913981f8cd9dab64e54202c4a7f2b4c6e4407fd3a7bdb9b0a96340b258476cf59057e80cbbc7f

Download Submit
\Users\Admin\AppData\Local\Temp\is-65M0H.tmp\YTDSetup.exe

Filesize
9.9MB

MD5
37c8ee1cae9779ec094be29a35a5061d

SHA1
ae99157bda438ad024e38dd91a975246b00dd557

SHA256
0ac4b34f2a8f9c004f6c942ce112a0ab87bb1c2b17a7dd745519eb414ebdae35

SHA512
e725a2ec6f3550e8de89b200f4bb79f808f14d6da04d4a80629ecb1b428ba0c74a0468e7b7bb53d89744bbba19066f4799e3a84951d21215ce0b72edf0798728

Download Submit
\Users\Admin\AppData\Local\Temp\is-65M0H.tmp\_isetup\_isdecmp.dll

Filesize
34KB

MD5
c6ae924ad02500284f7e4efa11fa7cfc

SHA1
2a7770b473b0a7dc9a331d017297ff5af400fed8

SHA256
31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26

SHA512
f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

Download Submit
\Users\Admin\AppData\Local\Temp\is-685KI.tmp\00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.tmp

Filesize
3.2MB

MD5
f95ada73befa755b571eb48a45a9d3d2

SHA1
b9e468de9711bec40c2c7ad846fda0d28aadb78e

SHA256
b90ac9da590ba7de19414b7ba6fbece13ba0c507f1d6be2be2b647091f5779f0

SHA512
327c4b535e8b19bc1c4340e768ea025357f1e200c43ced9ebc92903cc6ae305c31fb57e0fb81ebad9e80a96fb2f6cadc97a7b8c6ff5c34bf5e07e58014b03399

Download Submit
\Users\Admin\AppData\Local\Temp\nsjCF91.tmp\NSISHelper.dll

Filesize
401KB

MD5
373c6ac98ae82cf341394215d28b5830

SHA1
2e3542372f1e520cdd47d30035dda85fdd2b11f9

SHA256
5cfd1ab1740c4a68cae314157468423dcd7b0ffe873b91257e10fa28169a7d18

SHA512
6d0a31a6c5c4b965633f943eaa15d3495be072f035d97deac27690d6a6a6890a8f817b406153fbba5a8862675b4f3015ac9e93fc8b6d90b1c4b029857123a117

Download Submit
\Users\Admin\AppData\Local\Temp\nsjCF91.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsjCF91.tmp\UserInfo.dll

Filesize
4KB

MD5
9eb662f3b5fbda28bffe020e0ab40519

SHA1
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41

SHA256
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1

SHA512
6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsjCF91.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nsjCF91.tmp\nsisdl.dll

Filesize
15KB

MD5
ba2cc9634ebed71cea697a31144af802

SHA1
8221c522b24f4808f66a476381db3e6455eab5c3

SHA256
9a3c2fe5490c34f73f1a05899ef60cfef05e0c9599cd704e524ef7a46ead67ba

SHA512
dcc74bcedd9402f7ac7e2d1872fe0e2876ae93cf8bbd869d5b9b7b56cea244ba8d2891fa2b51382092b86480337936f5ec495d9005d47fbfd9e2b71cb7f6ba8f

Download Submit
memory/932-1685-0x0000000074D00000-0x0000000074D14000-memory.dmp

Filesize
80KB

Download
memory/932-1684-0x0000000073B90000-0x0000000073DD5000-memory.dmp

Filesize
2.3MB

Download
memory/932-1683-0x0000000075270000-0x0000000075294000-memory.dmp

Filesize
144KB

Download
memory/1920-153-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/1920-8-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/2444-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2444-155-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/2444-0-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download