Multi-License Discount Quote

Change Region

English
Threat Database Adware YTDownloader

YTDownloader

By LoneStar in Adware

Threat Scorecard

Popularity Rank: 278
Threat Level: 20 % (Normal)
Infected Computers: 521,352
First Seen: May 29, 2013
Last Seen: February 5, 2026
OS(es) Affected: Windows

YTDownloader is a freeware that enables the users to save videos from YouTube and other similar sites for video sharing on their computers and convert them into audio files. YouTube itself doesn't have an integrated option for downloads, and this is why YTDownloader seems to be a very useful tool. However, because this application doesn't cost anything, YTDownloader is supported by advertisements that may prove to be intrusive and annoying. Many people are not pleased with the overall impact of YTDownloader and want to have YTDownloader removed so experts classify YTDownloader as a Potentially Unwanted Program (PUP). This adware often brings other tools such as the Tuvaro, which is an unreliable search engine. The adware attaches itself as a browser extension to the most popular browsers such as Google Chrome, Internet Explorer and Mozilla Firefox and changes the browser settings. Besides displaying plenty of advertisements, the unpleasant features of YTDownloader also include modified homepage and redirections to sponsored pages. Although this adware is not a severe threat, its negative features should make you think carefully about whether to install YTDownloader or not.

How can You Acquire YTDownloader?

YTDownloader has an official website that is ytdownloader.com. A lot of people find themselves on that domain when they search for a way to download videos. Although the site is created in a very simple manner, the creators have listed the Terms of Use and Privacy Policy below the download button. If a person decides to check the provided information before installing YTDownloader, he will see that this application may cause advertisements in the form of banners, hyperlinked text and pop-ups. However, most people don't want to waste several minutes and find themselves surprised when they find their browser modified. In addition to the official website, this PUP is promoted on different sites as well that emphasize on the user-friendly interface and functionality of the software and skip the negative features that accompany them.

YTDownloader sometimes can be installed together with another freeware without you intentionally searching for it. This process is called bundling and is a standard distribution practice for PUPs and adware. If the user chooses the quick installation, he may skip the information that states YTDownloader will be installed as an addition to the main program. This is why experts advise always to select the advanced or custom option and to pay close attention to all programs included in the installation process. Doing so will give you the opportunity to select which of the provided programs to install manually.

What Makes YTDownloader not the Best Tool for Downloading Videos?

YTDownloader is not a threatening software, and YTDownloader will indeed be able to download all video formats and convert them to MP3. However, in the meantime you may notice annoying modifications of your browser. Often, the first thing that makes an impression is that various advertisements start appearing on almost every page. These advertisements may come in distinct forms such as banners, animations and inline text, often promoting good deals and discounts. As a result, you may find your browser slower than usual, and you may feel distracted and annoyed. It is important not to follow these links, regardless of what they display. The reason for this is that nothing guarantees that the sponsored pages are legitimate. The operators of the adware have explicitly stated in the Terms and Conditions that they are not associated with third-party sites and don't hold responsibility for any damage. This leaves the door open for potentially harmful domains to exploit these advertisements as means of spreading their harmful applications. YTDownloader also promotes alternate search engines such as Tuvaro that may manipulate the results so that you are redirected to specific Web pages. Users also need to know that their privacy may be violated by YTDownloader as it monitors your on-line patterns such as visited pages and searches. The purpose is to show you advertisements that will likely attract your attention, but at the same time, this sensitive data may be provided to marketing lists, leading to spam.

How to Remove YTDownloader and All of Its Negative Features Forever?

If you don't find this application as useful as advertised and these pop-ups make your experience disagreeable, you should consider removing the PUP. The preferred way for this is by using an up-to-date anti-spyware tool with a history of effectively dealing with such applications. Investing in such a powerful security software will pay itself many times as it will remove any infiltration present in your system now and in the future. If you scan executable files before launching, you will be notified of all threatening or unpleasant programs that may be contained in it and maintain your PC secure.

Aliases

1 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG MalSign.Skodna.A8D

SpyHunter Detects & Remove YTDownloader

File System Details

YTDownloader may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. YTLoader.exe#06E0F47B120A432E adc9db2753fa3daa6a8156254ba2a5f1 1,369
2. ytdiegut_gutdc_inst.exe b1ba95767114d426e96d2bda1f27d9fb 1,175
3. DCytaiesmt_smtyc_setup.exe 736a89f0d253e85c821ff3849533b3ea 784
4. ytdieamo_amodc_setup.exe ca93aebedf8d553e8b60578389a00f26 320
5. DCytdiegut_gutdc_setup.exe 355c864ab6372d085798abd8024cb0c0 307
6. ytd_installer.exe c87b70cf61c2642c8970bb566a1aa4fe 283
7. ytdieamodc_amodc_inst.exe cca74db3b0403f0a55e5eff5e7c0b0a9 159
8. DCytdieamo_amodc_setup.exe e69a572c549b925f48b6acc572ba34aa 157
9. DCytdkietut_tutdk_setup.exe e443296d4b029fd2b2337f9edb0e4836 142
10. ytdownloader.exe 6564e2fa9e4f58a1ed94e8a86882806f 41
11. Menu.dll c9e8d7d525353825cbcb86c1e2449d9a 12
12. SysMenu.dll 0c90bb770b9d39deb5194b52cca5066f 4
13. sbmntr.sys 5c381c30751e0c6a047ddeca6ba6b78f 2
14. youtubeserv.exe feec38efa24da4bb1b2efecec42601ff 1
15. smp2.exe 98beda4ae701cf346217d77b9ed40013 1
More files

Registry Details

YTDownloader may create the following registry entry or registry entries:
CLSID
{020B1D4B-5738-4C77-9E19-4F173DD9B486}
{1F79EB77-955D-47F5-9B73-A9CF4571C819}
{22222222-2222-2222-2222-220322282250}
{44444444-4444-4444-4444-440344284450}
{4573D215-5247-44F1-8AD5-14DA283D3B41}
{5252AC41-94BB-11D1-B2E7-444553540000}
{55555555-5555-5555-5555-550355285550}
{66666666-6666-6666-6666-660366286650}
{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
{82351433-9094-11D1-A24B-00A0C932C7DF}
{82351440-9094-11D1-A24B-00A0C932C7DF}
File name without path
About YouTube Accelerator.url
http_download.ytddownloader.com_0.localstorage
http_download.ytddownloader.com_0.localstorage-journal
http_www.ytddownloader.com_0.localstorage
http_www.ytddownloader.com_0.localstorage-journal
www.ytddownloader[1].xml
YouTube Downloader.exe.lnk
YT-Conv.lnk
ytaiesmt_smtyc_setup.exe
YTD Video Downloader.lnk
ytdieamodc_amodc_inst.exe
ytdiegut_gutdc_inst.exe
ytdkiemon_amodk_setup.exe
YTDownloader.lnk
Regexp file mask
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]
%PROGRAMFILES(x86)%\ytd\YouTube Downloader.exe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]
%WINDIR%\System32\Tasks\Installer_ytd
%WINDIR%\System32\Tasks\SMWPUpd
%WINDIR%\System32\Tasks\YTDownloader
%WINDIR%\System32\Tasks\YTDownloaderUpd
%WINDIR%\Tasks\YTDownloader.job
%WINDIR%\Tasks\YTDownloaderUpd.job
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\CrossriderApp0032850.BHO
SOFTWARE\Classes\CrossriderApp0032850.BHO.1
SOFTWARE\Classes\CrossriderApp0032850.Sandbox
SOFTWARE\Classes\CrossriderApp0032850.Sandbox.1
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ytddownloader.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ytddownloader.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ytddownloader.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ytddownloader.com
Software\GreenTree Applications\YTD
Software\InstallPath\Status\YTDownloader
SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ytddownloader.com
SOFTWARE\Microsoft\Tracing\YTDownloader_RASMANCS
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytd
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpd
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YTDownloader
Software\pardeep_youtube_downloader
SOFTWARE\SearchModulePlus
SOFTWARE\Wow6432Node\Microsoft\Tracing\YTDownloader_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloader
SOFTWARE\Wow6432Node\SearchModulePlus
SOFTWARE\Wow6432Node\YTDownloader
SOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Software\YTDownloader
Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTR
SYSTEM\ControlSet001\Enum\Root\LEGACY_SMUPDD
SYSTEM\ControlSet001\services\BrsHelper
SYSTEM\ControlSet001\Services\sbmntr
SYSTEM\ControlSet001\services\SMUpd
SYSTEM\ControlSet001\services\SMUpdd
SYSTEM\ControlSet001\services\SMUpdPlus
SYSTEM\ControlSet001\services\YTDUpdt
SYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTR
SYSTEM\ControlSet002\Enum\Root\LEGACY_SMUPDD
SYSTEM\ControlSet002\services\BrsHelper
SYSTEM\ControlSet002\Services\sbmntr
SYSTEM\ControlSet002\services\SMUpd
SYSTEM\ControlSet002\services\SMUpdd
SYSTEM\ControlSet002\services\SMUpdPlus
SYSTEM\ControlSet002\services\YTDUpdt
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTR
SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMUPDD
SYSTEM\CurrentControlSet\services\BrsHelper
SYSTEM\CurrentControlSet\Services\sbmntr
SYSTEM\CurrentControlSet\services\SMUpd
SYSTEM\CurrentControlSet\services\SMUpdd
SYSTEM\CurrentControlSet\services\SMUpdPlus
SYSTEM\CurrentControlSet\services\YTDUpdt
YTLoader
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
YoY 1.00
YT-Conv
YTConv
YTDownloader
{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1

Directories

YTDownloader may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\YTD Video Downloader
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
%ALLUSERSPROFILE%\SearchModulePlus
%ALLUSERSPROFILE%\YTD Video Downloader
%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTDownloader
%COMMONPROGRAMFILES%\GBUpdatePlus
%COMMONPROGRAMFILES%\Goobzo\GBUpdatePlus
%LOCALAPPDATA%\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1
%PROGRAMFILES%\GreenTree Applications\YTD Video Downloader
%PROGRAMFILES%\Uploads Only for Youtube
%PROGRAMFILES%\YT-Conv
%PROGRAMFILES%\YTDownloader
%PROGRAMFILES%\YoY
%PROGRAMFILES%\YouTube Download Pool
%PROGRAMFILES%\YouTube Downloader Services
%PROGRAMFILES(x86)%\Uploads Only for Youtube
%PROGRAMFILES(x86)%\YT-Conv
%PROGRAMFILES(x86)%\YTDownloader
%PROGRAMFILES(x86)%\YoY
%PROGRAMFILES(x86)%\YouTube Download Pool
%PROGRAMFILES(x86)%\YouTube Downloader Services
%Temp%\YTDownloader
%USERPROFILE%\Local Settings\Application Data\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1
%USERPROFILE%\Start Menu\Programs\YTDownloader

Analysis Report

General information

Family Name: Adware.YTDownloader
Signature status: No Signature

Known Samples

MD5: d2f881376f8830112a101ee26388583d
SHA1: b54168ba5340fc2f0843801950657601b081b95e
File Size: 161.58 KB, 161584 bytes
MD5: 7ef6c00f1c441ae6f4ff7fd1e4406a5d
SHA1: b66e2f40e24c510447c1b9cbb4501b5b68623fd1
File Size: 4.69 MB, 4686432 bytes
MD5: e16f5b28677bd22bb3b25b1220d69d19
SHA1: 0640a227f6b7379410ff6a2903970245d581899c
File Size: 4.78 MB, 4775936 bytes
MD5: dbb1caedb4b59878fe4023b2c11d4df0
SHA1: 0704db98562384cf33fcecc5ca87276fb71dc2a6
File Size: 3.63 MB, 3633619 bytes
MD5: 47ba835011dca93c851ce511208f123c
SHA1: bf3284faaed1995a34bcbc18c88a11fe3bb44886
SHA256: 292756A2D8194A5F42F335ECB37494D868DDEEA849BEBA3926CE88B1340E668E
File Size: 182.82 KB, 182824 bytes
Show More
MD5: 6c058c26d16e057465d2f8ee667de6e6
SHA1: 0734e8728f3df3e88a9d4c33c5320b0c541d2bfb
SHA256: 74A18B4D467E91817C72864B1C5180E79FB2EB5B1CCCC2FFA64E241C04ED0427
File Size: 4.86 MB, 4855296 bytes
MD5: 3546685242eaa7dc3652ad257871606f
SHA1: 500e803aa7247ab42b6c6d2fd74bccbae3db997d
SHA256: 2DA878DAA7008EA4ED96449E7FC5FB7452CFE72EDD7F8DFE87D548160F200455
File Size: 3.63 MB, 3632689 bytes
MD5: 0a04322df1d1d8dcd4e08726da0eef03
SHA1: 9b95f46431d6dc3d08a4fbd3b2ab92728ff635d9
SHA256: A11A748B753D04367994EE227F83F8CFFF8B5BA9DE8C9583130958DC862A1D24
File Size: 1.50 MB, 1499136 bytes
MD5: 6145cf125c3b94e643e4c4e56c72c555
SHA1: c4c84aca46c0c3904edff1be94f8ed84a9793f7f
SHA256: C90C96CA0643EB617772E19A8608CEEC67C94AA5ADCC9074F4FDBDCCD449593E
File Size: 889.34 KB, 889344 bytes
MD5: da610d39e76288393b90ec643264aeca
SHA1: c00aa355de01a222480ed83df59ad89c621fe908
SHA256: FEB47CDBE2B2E1DBF83A3AC36173D0560D27ED930AA173DDE423F2AE437D84D5
File Size: 886.78 KB, 886784 bytes
MD5: 319d43f403f9800f64ee13ec974de478
SHA1: ec7b19f6c6f0729e2a0c9cfd91fb2ef2a8f5db1f
SHA256: 74AA7EC64AC6F135F8CFF4998274EBB943324A800A83F7AEB82B7CCE93EC491F
File Size: 6.03 MB, 6028800 bytes
MD5: 837928419ff1dbbc575fb1540acad955
SHA1: d1f5f9e8bf77d6e8e3a29b9736014c276e4ceff1
SHA256: 4F9820B3AF12AADAD8F94CB3B07F7DFFCD81740DFC1EA2CE48FD8CC3F00AD4CA
File Size: 4.86 MB, 4857856 bytes
MD5: c6bf6c75d6a11606fe82cecc8e9d4980
SHA1: c2880a5796bcb45081c242ab633640d50d04282d
SHA256: D2BC43118D55C1E284337AD22AA5C5074FF89167D0B35A95F369FF3A6AA27CCD
File Size: 2.97 MB, 2965504 bytes
MD5: fc66b0de4b64bb848b81c4c7ed11d950
SHA1: 28cb3182676d2ac3d6c7320fe331901b3d29c532
SHA256: 70D2A77000FBAEC54A955EF0380D362862B37DA48EE0AB2BE6ED591798B001F8
File Size: 4.71 MB, 4713984 bytes
MD5: e70ff536e49659020c78aaca34810adf
SHA1: f72ca15c5247c7dc365c0643ce77a649033f9f00
SHA256: CA9DEE2E7FECAF9B13243B495B1B6712C51BA8E6F7F4178D74F4DCB8D8D75F79
File Size: 1.51 MB, 1507328 bytes
MD5: 4d5c1d9cd2a6ac23d48854f2af012678
SHA1: 541c498adf65ca945b093398c60f6a87469a3285
SHA256: 36AB2E734CBC670A6F00BF8EE8AEDDFA69C45832FF7A3CD4B7A53F5676FD75FA
File Size: 1.71 MB, 1706194 bytes
MD5: ac906410e68946833bf9b00984578199
SHA1: 6ddaa1663c7f4426c0f5415a0715b900c3ef2d94
SHA256: 6DAC60DBBA5C89C2D93AFAB019387761D3C0EF88A57F993CDA195CA8669692F4
File Size: 4.92 MB, 4924928 bytes
MD5: a23b0567bbdc2ee6c0a66de15e93676a
SHA1: 5a34259fdba166d6dbcec06ea3b4f6fe42e715fe
SHA256: 17E34ECEEDE32DDC7E43FC2E9E40641D6374C51C4D5FB54C5671621DE7CFBBC7
File Size: 1.51 MB, 1507328 bytes
MD5: 092eb4fb77cfd89325d898d60715d779
SHA1: 385b7b9cae71207bce4c2214bf65576779d14dfc
SHA256: 72BAA4F3A739393FF8C9DFD05E645C9757B4B74409196338B6AD5931544A7EFD
File Size: 603.14 KB, 603136 bytes
MD5: b8102aacf6838eeb16ed1562af25ada9
SHA1: f18db2a67106605fcaea387ecb82cbfcbd681c60
SHA256: B94767480E83B33BECCAD5476EA881EA4742D548ECEBA1DCF2FDC16CBC591398
File Size: 886.78 KB, 886784 bytes
MD5: e51132b0a19c8efd0a09fb95984048a5
SHA1: ec9fef72600917c63bea350e33416aa22bd2bfea
SHA256: B2BBAF2DEE0B972BD88A982F639425F6B0F05470A23055EC270D670FB6013BAA
File Size: 4.87 MB, 4865536 bytes
MD5: d7f7d35c0db51f9b710d221b1708792b
SHA1: 8dab81589859a61493cea8f5c0a10f25e011c62d
SHA256: 753E89A4155535820F8EAC9AF319AFB92D9A62B314FCBAFE7815018A8EDDA688
File Size: 1.50 MB, 1503232 bytes
MD5: 710963649f5d57bb9951153f002977e1
SHA1: e4408718834595c8cc60d57cdddbb4d26247bb19
SHA256: 83D1769CA4BD081792561F306B44CDED9353C051CD8C2E18C0F832BD1324C693
File Size: 2.77 MB, 2767256 bytes
MD5: 05f5c1d2d5a50b237785fd1fa78a55cd
SHA1: a5dd268907890a9e25e175efdc5c30457aaa465f
SHA256: 3EE8B4CA54C20F8DED0037567CEBAC87A680FA7636FBDC4A36922637DD48950E
File Size: 1.50 MB, 1503232 bytes
MD5: 10825319820c576ae468066d031495e9
SHA1: 49a12a8c3dbac7bbb020d0932acb51ab841a1be8
SHA256: 28DA4888AC497E178A4F40D6D8017F77DD3454614EBBB0F081C1D9DA78BBD787
File Size: 1.51 MB, 1507328 bytes
MD5: c49f32b0fbb1af0ed49b006d2da6dba2
SHA1: 0e749b9629ab64fc68ffe084a6a72f1ee2fa453b
SHA256: 059BBCD3E2411FDECE2467891DA06D503D5F3CA57C84784107115518C070514E
File Size: 4.86 MB, 4855296 bytes
MD5: b4b72c7314c9ed0b38535b4940efcf8d
SHA1: 11e6c639c992ff3f1bdd2c5c09440a063fe9b81a
SHA256: A55D6E160178163D90D38A8C1BCA7A6EA75B8F84676655B6353E36DFA58C4038
File Size: 3.64 MB, 3637301 bytes
MD5: 8a1e93a4d3d8223140e9664fa4167081
SHA1: b9d5567a3ade4e1c03c51a5f4f067b2abe118d43
SHA256: EE660BA8FDC45A3EEE6D9EB6A7C800A870172C8202922964587FA8C779253D27
File Size: 3.31 MB, 3311609 bytes
MD5: da0ec90a7ddfeb221bfeff5a330f6b66
SHA1: d5124a2ec2d4aa38a85552ddf42503be3aebb9f3
SHA256: 8A7DB4E0ABA08B94B838208913345F95C99A10A8BC29C7F4E30059830FD60BC8
File Size: 2.01 MB, 2012310 bytes
MD5: 0fe21518803a4e01dd067f75f8dc0403
SHA1: ad34d80d7758a7ad3940a5bc639c6a2a359db292
SHA256: 3FCB13A9B3E95C5DAF344DF4ADBDF1A1154B181A069A4930E25735BABDDF2CFA
File Size: 610.30 KB, 610304 bytes
MD5: 1b888892a84f78de15a41a890642df2a
SHA1: e9923ee03875fbde20cd9631d822efc3cae80a29
SHA256: 0EE402748FC58F4A8C9AC2BFA465FD3F04381B5345986BF7C1FA0C675A0AB354
File Size: 4.98 MB, 4982272 bytes
MD5: 6418fce20b837dac40486e0a080a3938
SHA1: 4117bc4047af85f1594296d3e33e7e81456d319e
SHA256: 446AB9F6EF5B1D9C52F0D9405508249017C101FC2634450759AA24978172D52E
File Size: 4.98 MB, 4975616 bytes
MD5: cf67c80814629c4f84cabff86de58bb3
SHA1: 6a7e164915fd2f0e0c016c6b50c5e3dfb537cc3a
SHA256: CDC900963A3E86F7E5168C156901E3749CD1419F7B69FC83D577C0B6150448E8
File Size: 3.25 MB, 3252224 bytes
MD5: de1169e3bbede434471655f0b7f64ca2
SHA1: 137ce1f2c6e7b5d54c7c8a2855320222c163af0c
SHA256: B8FCD4F5D444A6DF0FE02935EED2042B2C5D9F0E624F098F360801DC7BB398C2
File Size: 230.77 KB, 230768 bytes
MD5: 80452056df0c0412dcbe6b4eb5ba163a
SHA1: e2b82a5f69c771249a3678b90ac8b7f0faf6012c
SHA256: BB2B30A909A028EB06226625B5FC0312FE7AEC7C0885CB2A024C9EECE3C4F350
File Size: 1.50 MB, 1503232 bytes
MD5: 7ddd89c8c9bfc51aa2c26594b1e9b0cd
SHA1: 3433499417df8f42b11afb851a6761740c118e5c
SHA256: F14457E274876F057B9CEB0FC206C8B711122493418A108FAB5A80803E3EF232
File Size: 4.81 MB, 4812800 bytes
MD5: f56756b9c014dfcd4aafc610f21a8fa3
SHA1: f9563744e6e0f2d48eefb5b4983ca6e57109bf9c
SHA256: 0F45683F4FB22B0FEDF1D6160EC943A6363FD22A8874866BE960DAEACED10EAA
File Size: 4.82 MB, 4819456 bytes
MD5: 566b6a0cb415059b695d6705f955ee07
SHA1: 3e2aa441c7b6649319dbf44253968649146cf56f
SHA256: 2D85E7200D8B68300EA440557F7051A0F940C8424A821D8C9E79934C20883507
File Size: 4.88 MB, 4879360 bytes
MD5: 78eb7e9ce0f205bad60f64a497176e87
SHA1: c54ee2a145ed6731e0e81ad7cfac2beb95457495
SHA256: FEF6970ED7C9AA92CF35C0347BF432A2047BD9211A61E0EAD8CDCE7B318948F5
File Size: 1.50 MB, 1503232 bytes
MD5: 2651edfa78a1d7b06ba1a43a96e3613e
SHA1: f25714fc50f69bf9f41ae7ea5f8a76a794551cd2
SHA256: D6113E95B278EC38571BC7F4AF8A7BB8AD861342ABEEC62450DD63864609FE64
File Size: 1.51 MB, 1507328 bytes
MD5: d7da653fc25b3f7e6c704fdae18bd995
SHA1: 98b1a6723cf3e8fd2d59690d386082d4e39576e7
SHA256: 216A1178ADF425562C1A0133F6AFF598B9A0A12E3E4C0CB142589F2D9E7628E5
File Size: 3.63 MB, 3631473 bytes
MD5: a577a21970a9947fab4638d9d5c1a532
SHA1: 6d56fc62fe29d3b0ed6a90c89c7c9379eb001f80
SHA256: 8721B76F625A6F9AF70330598DD31EA55C927E4555CE5EDA098E6712D11B862A
File Size: 1.51 MB, 1507328 bytes
MD5: 0189f98834584a37b422943b432f3eb2
SHA1: 46c6fcc425f8a5e4a98a3320ce15edcf0b3fbf42
SHA256: D51178C7AF6AA7DC32D8B42FE9028EFA1ED8068CE5974355AAE35D73AB62B975
File Size: 1.25 MB, 1246208 bytes
MD5: 559695a8ac1d6c00a37d037591887813
SHA1: fa1c1f11646bebe389b241f24fcc77eb2e66f415
SHA256: 57E71389D4A840197EB03D18438DE24B6020F2B387D40C0FA267EA40242C794D
File Size: 4.99 MB, 4990976 bytes
MD5: f85c3ca041fa14c534a1b1b3b88445f9
SHA1: ef0e753f2497270b76e3ecb02d7be90526d331b3
SHA256: C67EFBD434D5C1B6BAD67C6BFB9D982E664B72FC8191D7B104411A57C1CD45A5
File Size: 1.50 MB, 1503232 bytes
MD5: 6c8dca0e2bdbc886cc70032ab33911c4
SHA1: 3d68cd68398740601f709c46ae0aa8486a97806f
SHA256: 86DD8764EF28DAA4E420B538404B49D14544058874D860C6D9900999070A2097
File Size: 1.50 MB, 1503232 bytes
MD5: fd95932368d8f7bb0b800f56317e2fef
SHA1: ac15a972909506b7517990e1a2c4a85c09fddbc2
SHA256: 4322E476A717132A543FD0D4239AC8A54E441F349F958322910E16FE86849952
File Size: 1.50 MB, 1499136 bytes
MD5: beb25133ba1a459e282569aa6f550ea7
SHA1: 32384da6803946d65ea012d9911398ea0e782ebb
SHA256: 541A0EFE4BAFD50DEB154F0FA6678FE67EE3B7B4991BC92369E3E66D63EFBBCD
File Size: 1.30 MB, 1303552 bytes
MD5: fd8d32efb3a356d801f2e349d51cc394
SHA1: b2cad8606ca33538e35fce0785c51959e7c4b3ec
SHA256: 53AF30378D0A09BCB17A8BC326175432A895273D64F39F3136EAD35523B6EEAD
File Size: 2.85 MB, 2847640 bytes
MD5: bea1e59ff31e06b5d4a5252b5bb33e96
SHA1: 8da623be1a7d3eff6ad6e67ebd3284edc30c1e31
SHA256: 0D4F48529B2C00B26CEF0C7D2F2ACEDB17007C388F7A4F488D9982E002BA03A8
File Size: 1.50 MB, 1499136 bytes
MD5: d30c008a203e654ee1d7182193a76b85
SHA1: a7d27d81953096afbf5ec2ecdc346320b9c53218
SHA256: 4DE0D6C7E257B0A6D6BDFB7C53E3C3DC975DFE5235195A6D1A43DF633DB1A589
File Size: 1.50 MB, 1503232 bytes
MD5: 67460c93939176ce8dd254ce19aa379e
SHA1: 036da1ecc4e8441c2293476471e2933bc74d58c9
SHA256: 6D50A6EF0FEAD2A98687654588E8BDB456C5684CF23097FCB5C1ACA2BE3AF236
File Size: 2.80 MB, 2801560 bytes
MD5: 75d9c2119d2cbe10becb54fb1490f8d9
SHA1: 3d309c4af832e88955b30f9108a40535ba06f85d
SHA256: A47F1F1370F0E0BFEEE1022C4ED0C6A3C3EC3E6E74459C5AB1BF7708279EBB35
File Size: 1.76 MB, 1756927 bytes
MD5: 9545c668d83bc67d4160789d548bf714
SHA1: a47d5d3463f8714b2cabff77cc7cacc0a1a6adb6
SHA256: FDC81EAF38A809A0BAFF1829428FC63FFEEFF9B84356BA2E4BAE6C588C0BC96A
File Size: 1.50 MB, 1503232 bytes
MD5: ee1723f45a18a0c2acc457c7cecad33f
SHA1: bc12800e56304941c63fb9ce5906cf0552e7dfef
SHA256: AB9262875BF55A7E899DB5B59826CA7C3BB144E97019CF8C2017BC9F49A9AADF
File Size: 2.85 MB, 2846720 bytes
MD5: b52e5047a34431c2bc58c37f2cf124e1
SHA1: ceb969049f524f01c3d4587e2a7cc85b8b1e667f
SHA256: D91359E9B2C4E08D215871604154AB0DFC64299ADD7547E4D0D28B11473E3873
File Size: 5.01 MB, 5013504 bytes
MD5: 387ea065b9f8e2ae131e8691a160fdbe
SHA1: dbf44aecaf2105d9a1f1c88aa0693d2c5ff2a1ed
SHA256: 081FBCC7B54BCB468B699AE85D85F49F72D1AA57DBF7D049D59465389C8B08AD
File Size: 5.00 MB, 5000192 bytes
MD5: 7095ef36cdda9326887a3898949639a2
SHA1: adc47395495ae6c17c1c7854508830bd60bc590e
SHA256: 54CEDBBA420F2D5F2211ACBD6AA9E61E72414FB505B6E22C702C9E1320E9001B
File Size: 343.55 KB, 343552 bytes
MD5: 26845b6f7374d9467d280952f9124625
SHA1: ea508c8a169f7ded04e0a07fb759a9afb52f19bf
SHA256: 042276E4D44D2634842856AE2DCBDAE49D18DDA60560F30B8561FB2308452157
File Size: 2.86 MB, 2864024 bytes
MD5: 81eac6d5d21c8d95c5d1ca6bdcc85235
SHA1: da4a9a2c1a5c2374de1b562cf9a013d2ea3aa23f
SHA256: 53F1EB898A3AE950C7788A82AD5BCEC20DDE273AB6DAB230057714DF3182A198
File Size: 4.99 MB, 4990464 bytes
MD5: 6987785e15678a7ea154ca63707cef11
SHA1: 49a325fec3dbe99832a6942442b0daf54d047f30
SHA256: 4FE7A6B80F1C333B6EFE4396C3BDDD3291BEB9EFEB3539B86BA2EA2D84BA3FB1
File Size: 4.29 MB, 4294656 bytes
MD5: 25c641ded1ec12ec7aacfe43c23c7624
SHA1: e5cff6a2ca18b7fdb5a104ad46d0dc9388345440
SHA256: B31307CA8EA2FFC2C810892ACE24F73B7AFF491B9849A994001399A59CDEBE0C
File Size: 5.20 MB, 5197824 bytes
MD5: 77b672000c0344634aa41b0e0b6680ff
SHA1: 9f89981391e6df61ca402da73ec5566d4370a664
SHA256: BCE25B32BE348C03B779018DE169D6B5223663FE92E7C277CFEDAFEDF4DB78EA
File Size: 92.10 KB, 92096 bytes
MD5: 7000a6b00cb4e872df4869bc17518aeb
SHA1: 61af82ea66aa1a8b131977f119fc237bbb31cd1e
SHA256: 2A391B235F46F49E811753FCE22771D52317D6AD7D1DC807119AB0AAE50B2447
File Size: 3.31 MB, 3309479 bytes
MD5: a4f2cd18ac611dff96b06ee7eb576ca0
SHA1: cea0906e4ee00228329b3d2a0f538f395c81b684
SHA256: 43D6121D2C3654846E0213DC91A49C559062893FA2682266E4C819A1182B74DA
File Size: 1.50 MB, 1503232 bytes
MD5: b5ec36621d84d56bb71de626d05338ff
SHA1: 02f9dd97595d64e5602db52f04bfa4effd9b8ff2
SHA256: FBCF2355AC11B7E721D7C4BA6711721F6517B065295740660E863DEA1982A827
File Size: 672.26 KB, 672256 bytes
MD5: 96b37b030e9bdeb2e710522d9de950d5
SHA1: b43287614cbde7447f6b88e6bf14b7b7ceb2b14e
SHA256: E6F441A8991540FF0961C2F5C7858F2A3C0276E5AE169C840665F2E592F2416E
File Size: 884.74 KB, 884736 bytes
MD5: cf7339ea7bc54c675ab3f22ac2ed6674
SHA1: d76cbff41f349ddaf39e370ab0bb1aef0d35cb64
SHA256: 741E940F0F7EA751C98E9FDBA8244F731D62A0792A1066CEB7A27392D3B827C3
File Size: 4.87 MB, 4873216 bytes
MD5: 0124d85d84b7fab38893d4c86904a424
SHA1: 4a54c89da5ffbaf9037c21ce08272a6432df1e93
SHA256: 3AEE5169A4066628A9350960E2BAE430529AB5AFFBDC815703262F98FA9D4C85
File Size: 5.66 MB, 5661184 bytes
MD5: 9b2919b328f0333876e3994aff1967f0
SHA1: 7b030f1a528bb01d57da84561dcebbc3ade9eeb2
SHA256: CDD6F9B1E49B1659E4D08E34E53E33BE698BB5C8D794B14808C94DADC3FA98D1
File Size: 3.21 MB, 3207320 bytes
MD5: 6cc096920e22d5769ca58a05e82e75eb
SHA1: d0ca652c375d7eba06e9426a4fe68fb4e489edae
SHA256: FB1642302F95CD0703060B1A1A6E48C5331DFF17629ACA64E3491CDDAFADCE01
File Size: 1.51 MB, 1507328 bytes
MD5: 5b4b1e45082a6d6c772797262d9613fc
SHA1: 6a1cc67090ade090889d320c4d358b132c8ba8c7
SHA256: 0DD6A0DE568E2F94FD190C967872B2D32206B72020DD3867C179C5298B2BD697
File Size: 4.30 MB, 4300800 bytes
MD5: fb395abc2133664a64d02fd8c7e07a19
SHA1: 72bd51d5445d15638b05843bdecf8c8ab81f658d
SHA256: 1984473354AD12271940DAD0C391B1919A69583A1982C84CAC9BDFE5D50F7085
File Size: 2.82 MB, 2815384 bytes
MD5: bbec8d4760ac6ea5f073769a08cac965
SHA1: 6fa2e92e86b81680ec31ba0f5600d580a94650e3
SHA256: 21081F159AEBE463D4A2CAD78C5ABB48CD028C5D8527F24FA304C83BC0D6CF82
File Size: 4.91 MB, 4908032 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

20 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version 7.6.7.0
Comments
  • A build of the PortableApps.com Launcher for YouTube Downloader, allowing it to be run from a removable drive. For additional details, visit PortableApps.com
  • Parallels Shared Application
  • This installation was built with Inno Setup.
Company Name
  • 4K Software
  • Any Video Software
  • Azureus Software, Inc.
  • Creative Design
  • GreenTree Applications SRL
  • Jerry Software
  • Kotato
  • Logitech Inc.
  • MediaHuman
  • Muziza
Show More
  • Parallels Software International, Inc.
  • Robin Software
  • Spigot, Inc.
  • TubeMate Software
  • YT Helper
File Description
  • 4K Player
  • All Video Player
  • Any Video Downloader Pro
  • Curso de Criação de Sites
  • Dictionary (Mac)
  • FLV.com FLV Downloader stub installer
  • FreeRIP MP3 Converter Installer
  • jive
  • Setup/Uninstall
  • Setup Launcher Unicode
Show More
  • Simple Video Player
  • TubeMate Player
  • YouTube Downloader
  • YouTube Downloader Converter
  • YouTube Downloader Pro
  • YouTube Video Downloader Pro
  • YTD
  • YT Downloader
File Version
  • 6000.0.64.5464247
  • 51.1052.0.0
  • 9.7.0.2
  • 9, 9, 11, 0
  • 9, 8, 6, 0
  • 9, 7, 10, 0
  • 9, 3, 1, 0
  • 9, 3, 0, 0
  • 9, 1, 6, 0
  • 8.3
Show More
  • 8, 5, 0, 0
  • 7.6.7.0
  • 7.0.6.0
  • 7, 23, 7, 0
  • 6.1.1.0
  • 6, 18, 5, 0
  • 6, 18, 0, 0
  • 6, 17, 6, 0
  • 6, 17, 3, 0
  • 6, 17, 2, 0
  • 6, 16, 2, 0
  • 6, 15, 1, 0
  • 6, 15, 0, 0
  • 6, 12, 6, 0
  • 6, 12, 3, 0
  • 6, 11, 10, 0
  • 5, 18, 8, 0
  • 5, 18, 6, 0
  • 5, 18, 1, 0
  • 5, 15, 8, 0
  • 5, 15, 7, 0
  • 5, 15, 3, 0
  • 5, 11, 9, 0
  • 5, 11, 0, 0
  • 5, 5, 0, 0
  • 4.5.5.1
  • 3.9.18.0
  • 3.9.17.0
  • 3.9.16.0
  • 3.9.14.0
  • 3.9.12.0
  • 3.9.11.0
  • 3.9.9.99
  • 3.9.9.98
  • 3.9.9.39
  • 3.9.8.8
  • 3,0,0,0
  • 1.00
  • 1.0.0.0
  • 1, 0, 0, 1
I S Internal Description Setup Launcher Unicode
I S Internal Version 19.0.160
Internal Build Number 115289
Internal Name
  • 4K Player
  • All Video Player
  • Any Video Downloader Pro
  • Creative Player 3.0
  • FLVDStubInstaller
  • FreeRIPStub
  • jive
  • PortableApps.com Launcher
  • Setup
  • Simple Video Player
Show More
  • TJprojMain
  • TubeMate Player
  • YouTube Downloader Converter
  • YouTube Downloader Pro
  • YouTube Video Downloader Pro
  • YTD.exe
  • YT Downloader
Legal Copyright
  • (C) 4K Software. All rights reserved.
  • (c) 2005-2025 Unity Technologies. All rights reserved.
  • (c) 2014 GreenTree Applications SRL. All rights reserved.
  • (c) 2015 GreenTree Applications SRL. All rights reserved.
  • (C) Any Video Software. All rights reserved.
  • (C) Jerry Software. All rights reserved.
  • (C) Kotato. All rights reserved.
  • (C) Muziza. All rights reserved.
  • (C) Robin Software. All rights reserved.
  • (C) TubeMate Software. All rights reserved.
Show More
  • (C) YT Helper. All rights reserved.
  • Copyright (c) 2008 Logitech, Inc. All Rights Reserved
  • Copyright © 1995-2007 Creative
  • Copyright © 2005-2013 Spigot, Inc.
  • Copyright © 2007-2022 Azureus Software, Inc.
  • Copyright © 2007-2023 Azureus Software, Inc.
  • Copyright © 2020
  • Copyright � 2007-2023 Azureus Software, Inc.
  • PortableApps.com
Legal Trademarks
  • Creative Player
  • PortableApps.com is a Trademark of Rare Ideas, LLC.
Original File Name Setup.exe
Original Filename
  • 4KPlayer.EXE
  • AllVideoPlayer.EXE
  • AnyVideoDownloaderPro.EXE
  • CursoSites.exe
  • flvdownloader_stub.exe
  • FreeRIPStub.exe
  • InstallShield Setup.exe
  • jive
  • SimpleVideoPlayer.EXE
  • TJprojMain.exe
Show More
  • TubeMatePlayer.EXE
  • YouTubeDownloader.exe
  • YouTubeDownloaderConverter.EXE
  • YouTubeDownloaderPro.EXE
  • YouTubeVideoDownloaderPro.EXE
  • YTD.exe
  • YTDownloader.EXE
  • YTDPortable.exe
Product Name
  • 4K Player
  • All Video Player
  • Any Video Downloader Pro
  • Creative Player
  • FLV.com FLV Downloader
  • FreeRIP MP3 Converter
  • jive
  • Parallels Tools Center
  • Project1
  • Simple Video Player
Show More
  • Windows TubeMate
  • YouTube Downloader
  • YouTubeDownloader
  • YouTube Downloader Converter
  • YouTube Downloader Pro
  • YouTube Video Downloader Pro
  • YTD
  • YT Downloader
  • YTD Toolbar v8.3
  • YTD Video Downloader Application
Product Version
  • 6000.0.64f1 (5360b7cd7953)
  • 9.7.0.2
  • 9, 9, 11, 0
  • 9, 8, 6, 0
  • 9, 7, 10, 0
  • 9, 3, 1, 0
  • 9, 3, 0, 0
  • 9, 1, 6, 0
  • 8.3
  • 8, 5, 0, 0
Show More
  • 7.6.7.0
  • 7.6.7.0
  • 7.6.4.1
  • 7.4.0.3
  • 7.0.6.0
  • 7, 23, 7, 0
  • 6.1.1.0
  • 6, 18, 5, 0
  • 6, 18, 0, 0
  • 6, 17, 6, 0
  • 6, 17, 3, 0
  • 6, 17, 2, 0
  • 6, 16, 2, 0
  • 6, 15, 1, 0
  • 6, 15, 0, 0
  • 6, 12, 6, 0
  • 6, 12, 3, 0
  • 6, 11, 10, 0
  • 5, 18, 8, 0
  • 5, 18, 6, 0
  • 5, 18, 1, 0
  • 5, 15, 8, 0
  • 5, 15, 7, 0
  • 5, 15, 3, 0
  • 5, 11, 9, 0
  • 5, 11, 0, 0
  • 5, 5, 0, 0
  • 4.5.5.1
  • 3.9.18.0
  • 3.9.17.0
  • 3.9.16.0
  • 3.9.14.0
  • 3.9.12.0
  • 3.9.11.0
  • 3.9.9.99
  • 3.9.9.98
  • 3.9.9.39
  • 3.9.8.8
  • 3,0,0,0
  • 1.5
  • 1.00
  • 1, 0, 0, 1
Special Build Parallels Shared Application

Digital Signatures

Signer Root Status
MediaHuman (Vyacheslav Anatolievich Parygin IP) GlobalSign CodeSigning CA - SHA256 - G3 Hash Mismatch
Greentree Applications SRL VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • .NET
  • 00 section
  • 2+ executable sections
  • big overlay
  • dll
  • fptable
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • Inno
Show More
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • MPRESS
  • MPRESS Win32
  • Native MPRESS x86
  • nosig nsis
  • No Version Info
  • ntdll
  • Nullsoft Installer
  • packed
  • VirtualQueryEx
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 4,171
Potentially Malicious Blocks: 12
Whitelisted Blocks: 1,892
Unknown Blocks: 2,267

Visual Map

? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 0 0 ? x 0 0 0 0 0 ? ? ? 0 0 ? 0 0 0 0 0 ? ? ? 0 0 0 ? ? 0 ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? 0 ? ? 0 0 0 ? ? ? 0 0 ? 0 ? ? 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? 0 0 ? ? ? ? ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0 ? 0 0 0 0 0 ? ? 0 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 ? 0 ? 0 ? 0 0 ? ? 0 ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 ? 0 0 ? 0 ? ? ? 0 0 ? ? ? ? ? 0 0 0 ? 0 ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 ? ? x 0 0 ? ? x 0 0 ? ? ? ? ? 0 0 ? ? 0 ? ? ? 0 ? ? 0 ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 ? ? 0 0 ? ? x 0 ? ? 0 0 ? ? ? ? ? 0 0 0 ? 0 ? 0 0 ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? 0 0 0 ? ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? 0 0 0 ? ? 0 ? 0 ? 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? 0 0 0 0 ? ? 0 0 ? ? ? 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? 0 0 0 0 ? ? 0 ? ? 0 ? 0 0 ? 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 0 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 ? 0 ? 0 0 ? ? 0 0 ? 0 0 0 0 ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? 0 ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 ? 0 ? ? ? ? ? 0 0 0 ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 0 ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 0 0 ? 0 ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 0 ? 0 0 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 0 0 ? 0 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 ? ? 0 ? 0 0 ? x 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? x ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? 0 ? 0 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 ? ? ? ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AdGazelle.A
  • Agent.DSJ
  • Agent.FDD
  • Agent.M
  • Agent.MI
Show More
  • Agent.MU
  • AutoHotkey.A
  • Banker.LH
  • Banker.R
  • Bitcoinminer.R
  • ClipBanker.HBA
  • CoinMiner.BB
  • CoinMiner.ZA
  • Emotet.AAJ
  • Emotet.AAL
  • Fugrafa.J
  • Injector.AK
  • Kryptik.FHE
  • Lumma.GFD
  • MPRESS Packer
  • Makoob.A
  • Mobogenie
  • Parite.F
  • Rugmi.IA
  • SearchSuite.C
  • Shella.A
  • Sheloader.A
  • Stealer.KF
  • Strictor.A
  • Tofsee.BP
  • Trojan.Downloader.Gen.BQ
  • Upatre.WIA

Files Modified

File Attributes
c:\program files (x86)\kotato Synchronize,Write Attributes
c:\program files (x86)\kotato\all video downloader pro Synchronize,Write Attributes
c:\program files (x86)\kotato\all video downloader pro\__tmp_rar_sfx_access_check_4107406 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\kotato\all video downloader pro\allvideodownloaderpro.exe Generic Write,Read Attributes
c:\program files (x86)\kotato\all video downloader pro\allvideodownloaderpro.exe Synchronize,Write Attributes
c:\program files (x86)\kotato\all video downloader pro\allvideoplayer.exe Generic Write,Read Attributes
c:\program files (x86)\kotato\all video downloader pro\allvideoplayer.exe Synchronize,Write Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxbc60.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
Show More
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\_msi5166._is Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsa6728.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse992a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf6738.tmp\freeripsetup_frp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6738.tmp\inetca.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6738.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6738.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b8.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsk60b9.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\cnetinstaller-75598595.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\cnetinstaller-75598595.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\downloadlink Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\downloadlink_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\inetca.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\inetca.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\ping Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\ping_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk60b9.tmp\userinfo.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\flv_downloader_eula.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\getcountry Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\nsisdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu993b.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx50bd.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsyaa36.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsyaa37.tmp\flvdownloader_setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyaa37.tmp\inetca.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyaa37.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyaa37.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\75ca58072b9926f763a91f0cc2798706_056b48c93c4964c2e64c0a8958238656 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\bad725c80f9e10846f35d039a996e4a8_88b6ae015495c1ecc395d19c1dd02894 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\f53eb4e574de32c870452087d92dbebb_97b752e15961af1934c66baf304fdcc2 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\75ca58072b9926f763a91f0cc2798706_056b48c93c4964c2e64c0a8958238656 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\bad725c80f9e10846f35d039a996e4a8_88b6ae015495c1ecc395d19c1dd02894 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\f53eb4e574de32c870452087d92dbebb_97b752e15961af1934c66baf304fdcc2 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_4a54c89da5ffbaf9037c21ce08272a6432df1e93_0005661184 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_4a54c89da5ffbaf9037c21ce08272a6432df1e93_0005661184 Synchronize,Write Attributes
c:\users\user\downloads\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\glu32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\msctf.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\netapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\netjoin.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\netprovfw.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\netutils.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\opengl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\samcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\schedcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\srvcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\userenv.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wgdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wgdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wimm32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\winmm.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wkernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wkernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wkscli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wmswsock.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wrpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wuser32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wuxtheme.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\dll\wwin32u.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\ec7b19f6c6f0729e2a0c9cfd91fb2ef2a8f5db1f_0006028800.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\exe\ec7b19f6c6f0729e2a0c9cfd91fb2ef2a8f5db1f_0006028800.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\glu32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\msctf.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\netapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\netjoin.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\netprovfw.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\netutils.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\opengl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\samcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\schedcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\srvcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\glu32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\msctf.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\netapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\netjoin.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\netprovfw.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\netutils.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\opengl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\samcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\schedcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\srvcli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\userenv.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wgdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wgdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wimm32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\winmm.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wkernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wkernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wkscli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wmswsock.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wrpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wuser32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wuxtheme.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\dll\wwin32u.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\symbols\exe\ec7b19f6c6f0729e2a0c9cfd91fb2ef2a8f5db1f_0006028800.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\userenv.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wgdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wgdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wimm32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\winmm.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wkernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wkernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wkscli.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wmswsock.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wrpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wuser32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wuxtheme.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\downloads\wwin32u.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\logs\parallels.log Generic Write,Read Attributes,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\robinsoftware.simplevideoplayer.playlist:: Playlist RegNtPreCreateKey
HKCU\robinsoftware.simplevideoplayer.playlist\defaulticon:: c:\users\user\downloads\49a325fec3dbe99832a6942442b0daf54d047f30_0004294656,1 RegNtPreCreateKey
HKCU\robinsoftware.simplevideoplayer.playlist\shell\open\command:: "c:\users\user\downloads\49a325fec3dbe99832a6942442b0daf54d047f30_0004294656" "%1" RegNtPreCreateKey
HKCU\.playlist:: RobinSoftware.SimpleVideoPlayer.playlist RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\4ksoftware.4kplayer.playlist:: Playlist RegNtPreCreateKey
HKCU\4ksoftware.4kplayer.playlist\defaulticon:: c:\users\user\downloads\6a1cc67090ade090889d320c4d358b132c8ba8c7_0004300800,1 RegNtPreCreateKey
HKCU\4ksoftware.4kplayer.playlist\shell\open\command:: "c:\users\user\downloads\6a1cc67090ade090889d320c4d358b132c8ba8c7_0004300800" "%1" RegNtPreCreateKey
HKCU\.playlist:: 4KSoftware.4KPlayer.playlist RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
Network Winsock2
  • WSAStartup
Network Winsock
  • closesocket
  • gethostbyname
  • inet_addr
  • socket
Keyboard Access
  • GetKeyState
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeleteAtom
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

runas c:\users\user\downloads\._cache_4a54c89da5ffbaf9037c21ce08272a6432df1e93_0005661184
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...