Malware analysis aTube_Catcher_v3.344.74.355.1.exe Malicious activity

Add for printing

File name:	aTube_Catcher_v3.344.74.355.1.exe
Full analysis:	https://app.any.run/tasks/4db8abf0-5dd7-415e-ab96-4c87a8544196
Verdict:	Malicious activity
Analysis date:	December 09, 2023, 12:48:59
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:	553B70E1FAEAA7163AB6001071434631
SHA1:	1B731CCB38147E97A1287FC0212B76C289B65BA9
SHA256:	3D1B1B7DF0E2ECEA9743D49D151A027ECEDB3013E0E38614209148CA42D3F975
SSDEEP:	49152:SMqqqCCDKw1TZQ49949949TsouNshyO9CDKw1JCDKw1P:/qqqCQXMshx9QfQ1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - avg_antivirus_free_online_setup.exe (PID: 2608)
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3728)
- Creates a writable file in the system directory
  - rundll32.exe (PID: 2708)
  - icarus.exe (PID: 3728)
  - regsvr32.exe (PID: 3888)
SUSPICIOUS
- Reads settings of System Certificates
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - avg_antivirus_free_online_setup.exe (PID: 2608)
- Reads security settings of Internet Explorer
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
- Reads the Internet Settings
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - runonce.exe (PID: 1232)
- Checks Windows Trust Settings
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
- Adds/modifies Windows certificates
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
- Starts itself from another location
  - icarus.exe (PID: 4040)
- The process creates files with name similar to system file names
  - icarus.exe (PID: 3728)
- Process drops legitimate windows executable
  - icarus.exe (PID: 3728)
- Creates/Modifies COM task schedule object
  - regsvr32.exe (PID: 2676)
- The process drops C-runtime libraries
  - icarus.exe (PID: 3728)
- The process verifies whether the antivirus software is installed
  - icarus.exe (PID: 3728)
INFO
- Reads the computer name
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - wmpnscfg.exe (PID: 2860)
  - avg_antivirus_free_online_setup.exe (PID: 2608)
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3608)
  - icarus.exe (PID: 3728)
  - eWorker.exe (PID: 3280)
  - yct.exe (PID: 3784)
- Checks supported languages
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - wmpnscfg.exe (PID: 2860)
  - avg_antivirus_free_online_setup.exe (PID: 2608)
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3608)
  - icarus.exe (PID: 3728)
  - eWorker.exe (PID: 3280)
  - yct.exe (PID: 3784)
- Reads Environment values
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - icarus.exe (PID: 3728)
  - yct.exe (PID: 3784)
- Manual execution by a user
  - wmpnscfg.exe (PID: 2860)
- Reads the machine GUID from the registry
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - avg_antivirus_free_online_setup.exe (PID: 2608)
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3608)
  - icarus.exe (PID: 3728)
  - yct.exe (PID: 3784)
- Create files in a temporary directory
  - aTube_Catcher_v3.344.74.355.1.exe (PID: 1840)
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3608)
  - icarus.exe (PID: 3728)
  - regsvr32.exe (PID: 2792)
  - yct.exe (PID: 3784)
- Creates files in the program directory
  - avg_antivirus_free_online_setup.exe (PID: 2608)
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3728)
- Dropped object may contain TOR URL's
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3728)
- Reads CPU info
  - icarus.exe (PID: 4040)
  - icarus.exe (PID: 3608)
  - icarus.exe (PID: 3728)
- Reads mouse settings
  - regsvr32.exe (PID: 2676)
  - yct.exe (PID: 3784)
- Drops the executable file immediately after the start
  - rundll32.exe (PID: 2708)
- Reads the time zone
  - runonce.exe (PID: 1232)
- Reads Microsoft Office registry keys
  - yct.exe (PID: 3784)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (64.6)
.dll	\|	Win32 Dynamic Link Library (generic) (15.4)
.exe	\|	Win32 Executable (generic) (10.5)
.exe	\|	Generic Win/DOS Executable (4.6)
.exe	\|	DOS Executable Generic (4.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:11:07 00:16:33+01:00
ImageFileCharacteristics:	Executable
PEType:	PE32
LinkerVersion:	8
CodeSize:	938496
InitializedDataSize:	178688
UninitializedDataSize:	-
EntryPoint:	0xe710e
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	1.92.2.8615
ProductVersionNumber:	1.92.2.8615
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	aTube Installer
CompanyName:	-
FileDescription:	aTube Installer
FileVersion:	1.92.2.8615
InternalName:	aTube.exe
LegalCopyright:	Copyright aTube 2022
LegalTrademarks:	-
OriginalFileName:	aTube.exe
ProductName:	aTube Installer
ProductVersion:	1.92.2.8615
AssemblyVersion:	1.92.2.8615

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

292

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\DsNET Corp\aTube Catcher 2.0\msscript.OCX"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

304

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\DsNET Corp\aTube Catcher 2.0\dvdauthor.ocx"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

328

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\DsNET Corp\aTube Catcher 2.0\DSNTabCtrl.ocx"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

448

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\DsNET Corp\aTube Catcher 2.0\viscomaudioprocess.dll"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

668

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\DsNET Corp\aTube Catcher 2.0\ChilkatAx-9.5.0-win32.dll"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

732

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DartCertificate.dll"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

968

"taskkill.exe" /f /im "eworker.exe"

C:\Windows\System32\taskkill.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Terminates Processes

Exit code:

128

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll

1128

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\System32\grpconv.exe

—

runonce.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Progman Group Converter

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

1232

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\runonce.exe

—

rundll32.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Run Once Wrapper

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\runonce.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1448

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\DsNET Corp\aTube Catcher 2.0\lame_enc.dll"

C:\Windows\System32\regsvr32.exe

—

aTube_Catcher.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

14 737

Read events

14 497

Write events

139

Delete events

101

Modification events


(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB
Operation:	write	Name:	Blob
Value: 09000000010000004C000000304A06082B0601050507030206082B06010505070303060A2B0601040182370A030C060A2B0601040182370A030406082B0601050507030406082B0601050507030106082B060105050703080F0000000100000020000000489FF6233F3D3C5DA77604BE230745657FE488CB05257DA551BFD64C1F179E72030000000100000014000000B7AB3308D1EA4477BA1480125A6FBDA936490CBB1D00000001000000100000000D48EE33D7F1AF8F4B002527F82A344A140000000100000014000000DD040907A2F57A7D5253129295EE3880250DA65962000000010000002000000085666A562EE0BE5CE925C1D8890A6F76A87EC16D4D7D5F29EA7419CF20123B690B0000000100000052000000530053004C002E0063006F006D00200052006F006F0074002000430065007200740069006600690063006100740069006F006E00200041007500740068006F00720069007400790020005200530041000000190000000100000010000000787D09F953C59978ECD8D6E44B38E24F2000000001000000E1050000308205DD308203C5A00302010202087B2C9BD316803299300D06092A864886F70D01010B0500307C310B3009060355040613025553310E300C06035504080C0554657861733110300E06035504070C07486F7573746F6E31183016060355040A0C0F53534C20436F72706F726174696F6E3131302F06035504030C2853534C2E636F6D20526F6F742043657274696669636174696F6E20417574686F7269747920525341301E170D3136303231323137333933395A170D3431303231323137333933395A307C310B3009060355040613025553310E300C06035504080C0554657861733110300E06035504070C07486F7573746F6E31183016060355040A0C0F53534C20436F72706F726174696F6E3131302F06035504030C2853534C2E636F6D20526F6F742043657274696669636174696F6E20417574686F726974792052534130820222300D06092A864886F70D01010105000382020F003082020A0282020100F90FDDA32B7DCBD02AFEEC6785A6E72E1BBA77E1E3F5AFA4ECFA4A5D91C457476B18776B76F2FD93E43D0FC2169E0B66C356949E178385CE56EFF216FD0062F5220954E865174E41B9E04F4697AA1BC8B86E625E69B15FDB2A027EFC6CCAF341D8EDD0E8FC3F6148EDB003141D100E4B19E0BB4EEC8665FF36F35E67020B9D865561FD7A38EDFEE21900B76FA1506275743CA0FAC82592B46E7A22C7F81EA1E3B2DD9131AB2B1D04FFA54A0437E985A4332BFDE2D655347C19A44A68C7B2A8D3B7CAA19388EBC197BC8CF91DD922842474C7043D6AA92993CCEBB85BE1FE5F25AA3458C8C123549D1B9811C3389C7E3D866CA50F40867C02F45C024F28CBAE719F0F3AC833FE112535EAFCBAC5603DD97C18D5B2A9D37578037222CA3AC31FEF2CE52EA9FA9E2CB65146FDAF03D6EA6068EA8516366B85E91EC0B3DDC424DC802A81416D943EC8E0C98141009E5EBF7FC50898A2182C4240B3F96F38274B4E80F43D8147E0887CEA1CCEB5755C512E1C2B7F1A7228E700B5D174C6D7E49FAD0793B6533535FC37E4C3F65D16BE2173DE920AF8A0636ABC96926A3EF8BC65559BDEF50D892604FC251AA62569CBC26DCA7CE2595F97ACEBEF2EC8BCD71B593C2BCCF219C8936B276319CFFCE926F8CA719B7F93FE3467844E99EBFCB378093370BA66A676ED1B73EB1AA50DC422132094560A4E2C6C4EB1FDCF9C09BAA233ED870203010001A3633061301D0603551D0E04160414DD040907A2F57A7D5253129295EE3880250DA659300F0603551D130101FF040530030101FF301F0603551D23041830168014DD040907A2F57A7D5253129295EE3880250DA659300E0603551D0F0101FF040403020186300D06092A864886F70D01010B050003820201002018119429FB269D1C1E1E7061F19572937124AD6893588E32AF1BB37003FC252B7485903D786AF4B98BA5973BB51891BB1EA7F9405B91F95599AF1E11D05C1DA766E3B194070C3239A6EA1BB079D81D9C7044E38ADDC4F9951F8A38433F0185A547A73D46B2BCE52268F77B9CD82C3E0A21C82D33ACBFC581993174C17571C5BEB1F02345F49D6BFC19639DA3BC04C6180B25BB53890FB38050DE45EE447FAB94786498D3F628DD87D8706574FB0EB913EBA70F61A93296CCDEBBED634C18BBA940F7A0546E2088717518EA7AB43472E02327775CB690EA862540ABEF330FCB9F82BEA220FBF6B52D1AE6C285B1740FFBC86502A4520147DD4922C1BFD8EB6BAC7EDEEC633315B723088FC60F8D415ADD8EC5B98FE5453F78DBBAD21B40B1FE714D3FE081A2BA5EB4EC15E093DD081F7EE155990B21DE939E0AFBE6A349BD3630FEE777B2A07597B52D8188176520F7DA90009FC952CC32CA357CF53D0FD82BD7F5266CC906349616EA70591A3279790BB6887F0F52483DBF6CD8A2442ED14EB77258D3891395FE44ABF8D78B1B6E9CBC2CA05BD56A00AF5F37E1D5FA100B989C86E7268FCEF0EC6E8A570B80E34EB2C0A0636190BA556837746AB692DB9FA18622B665270EECB69F4260E467C2B5DA410BC4D38B611BBCFA1F912BD744075EBA29ACD9C5E9EF53485AEB80F1285821CDB00655FB273F539070A9041E5727B9
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB
Operation:	write	Name:	Blob
Value: 040000000100000010000000866912C070F1ECACACC2D5BCA55BA129190000000100000010000000787D09F953C59978ECD8D6E44B38E24F0B0000000100000052000000530053004C002E0063006F006D00200052006F006F0074002000430065007200740069006600690063006100740069006F006E00200041007500740068006F0072006900740079002000520053004100000062000000010000002000000085666A562EE0BE5CE925C1D8890A6F76A87EC16D4D7D5F29EA7419CF20123B69140000000100000014000000DD040907A2F57A7D5253129295EE3880250DA6591D00000001000000100000000D48EE33D7F1AF8F4B002527F82A344A030000000100000014000000B7AB3308D1EA4477BA1480125A6FBDA936490CBB0F0000000100000020000000489FF6233F3D3C5DA77604BE230745657FE488CB05257DA551BFD64C1F179E7209000000010000004C000000304A06082B0601050507030206082B06010505070303060A2B0601040182370A030C060A2B0601040182370A030406082B0601050507030406082B0601050507030106082B060105050703082000000001000000E1050000308205DD308203C5A00302010202087B2C9BD316803299300D06092A864886F70D01010B0500307C310B3009060355040613025553310E300C06035504080C0554657861733110300E06035504070C07486F7573746F6E31183016060355040A0C0F53534C20436F72706F726174696F6E3131302F06035504030C2853534C2E636F6D20526F6F742043657274696669636174696F6E20417574686F7269747920525341301E170D3136303231323137333933395A170D3431303231323137333933395A307C310B3009060355040613025553310E300C06035504080C0554657861733110300E06035504070C07486F7573746F6E31183016060355040A0C0F53534C20436F72706F726174696F6E3131302F06035504030C2853534C2E636F6D20526F6F742043657274696669636174696F6E20417574686F726974792052534130820222300D06092A864886F70D01010105000382020F003082020A0282020100F90FDDA32B7DCBD02AFEEC6785A6E72E1BBA77E1E3F5AFA4ECFA4A5D91C457476B18776B76F2FD93E43D0FC2169E0B66C356949E178385CE56EFF216FD0062F5220954E865174E41B9E04F4697AA1BC8B86E625E69B15FDB2A027EFC6CCAF341D8EDD0E8FC3F6148EDB003141D100E4B19E0BB4EEC8665FF36F35E67020B9D865561FD7A38EDFEE21900B76FA1506275743CA0FAC82592B46E7A22C7F81EA1E3B2DD9131AB2B1D04FFA54A0437E985A4332BFDE2D655347C19A44A68C7B2A8D3B7CAA19388EBC197BC8CF91DD922842474C7043D6AA92993CCEBB85BE1FE5F25AA3458C8C123549D1B9811C3389C7E3D866CA50F40867C02F45C024F28CBAE719F0F3AC833FE112535EAFCBAC5603DD97C18D5B2A9D37578037222CA3AC31FEF2CE52EA9FA9E2CB65146FDAF03D6EA6068EA8516366B85E91EC0B3DDC424DC802A81416D943EC8E0C98141009E5EBF7FC50898A2182C4240B3F96F38274B4E80F43D8147E0887CEA1CCEB5755C512E1C2B7F1A7228E700B5D174C6D7E49FAD0793B6533535FC37E4C3F65D16BE2173DE920AF8A0636ABC96926A3EF8BC65559BDEF50D892604FC251AA62569CBC26DCA7CE2595F97ACEBEF2EC8BCD71B593C2BCCF219C8936B276319CFFCE926F8CA719B7F93FE3467844E99EBFCB378093370BA66A676ED1B73EB1AA50DC422132094560A4E2C6C4EB1FDCF9C09BAA233ED870203010001A3633061301D0603551D0E04160414DD040907A2F57A7D5253129295EE3880250DA659300F0603551D130101FF040530030101FF301F0603551D23041830168014DD040907A2F57A7D5253129295EE3880250DA659300E0603551D0F0101FF040403020186300D06092A864886F70D01010B050003820201002018119429FB269D1C1E1E7061F19572937124AD6893588E32AF1BB37003FC252B7485903D786AF4B98BA5973BB51891BB1EA7F9405B91F95599AF1E11D05C1DA766E3B194070C3239A6EA1BB079D81D9C7044E38ADDC4F9951F8A38433F0185A547A73D46B2BCE52268F77B9CD82C3E0A21C82D33ACBFC581993174C17571C5BEB1F02345F49D6BFC19639DA3BC04C6180B25BB53890FB38050DE45EE447FAB94786498D3F628DD87D8706574FB0EB913EBA70F61A93296CCDEBBED634C18BBA940F7A0546E2088717518EA7AB43472E02327775CB690EA862540ABEF330FCB9F82BEA220FBF6B52D1AE6C285B1740FFBC86502A4520147DD4922C1BFD8EB6BAC7EDEEC633315B723088FC60F8D415ADD8EC5B98FE5453F78DBBAD21B40B1FE714D3FE081A2BA5EB4EC15E093DD081F7EE155990B21DE939E0AFBE6A349BD3630FEE777B2A07597B52D8188176520F7DA90009FC952CC32CA357CF53D0FD82BD7F5266CC906349616EA70591A3279790BB6887F0F52483DBF6CD8A2442ED14EB77258D3891395FE44ABF8D78B1B6E9CBC2CA05BD56A00AF5F37E1D5FA100B989C86E7268FCEF0EC6E8A570B80E34EB2C0A0636190BA556837746AB692DB9FA18622B665270EECB69F4260E467C2B5DA410BC4D38B611BBCFA1F912BD744075EBA29ACD9C5E9EF53485AEB80F1285821CDB00655FB273F539070A9041E5727B9
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Operation:	write	Name:	Blob
Value: 53000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0190000000100000010000000EA6089055218053DD01E37E1D806EEDF620000000100000020000000E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD21400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB1D0000000100000010000000885010358D29A38F059B028559C95F900B00000001000000100000005300650063007400690067006F0000000300000001000000140000002B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E0F000000010000003000000066B764A96581128168CF208E374DDA479D54E311F32457F4AEE0DBD2A6C8D171D531289E1CD22BFDBBD4CFD979625483090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703082000000001000000E2050000308205DE308203C6A003020102021001FD6D30FCA3CA51A81BBC640E35032D300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3130303230313030303030305A170D3338303131383233353935395A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A3423040301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201005CD47C0DCFF7017D4199650C73C5529FCBF8CF99067F1BDA43159F9E0255579614F1523C27879428ED1F3A0137A276FC5350C0849BC66B4EBA8C214FA28E556291F36915D8BC88E3C4AA0BFDEFA8E94B552A06206D55782919EE5F305C4B241155FF249A6E5E2A2BEE0B4D9F7FF70138941495430709FB60A9EE1CAB128CA09A5EA7986A596D8B3F08FBC8D145AF18156490120F73282EC5E2244EFC58ECF0F445FE22B3EB2F8ED2D9456105C1976FA876728F8B8C36AFBF0D05CE718DE6A66F1F6CA67162C5D8D083720CF16711890C9C134C7234DFBCD571DFAA71DDE1B96C8C3C125D65DABD5712B6436BFFE5DE4D661151CF99AEEC17B6E871918CDE49FEDD3571A21527941CCF61E326BB6FA36725215DE6DD1D0B2E681B3B82AFEC836785D4985174B1B9998089FF7F78195C794A602E9240AE4C372A2CC9C762C80E5DF7365BCAE0252501B4DD1A079C77003FD0DCD5EC3DD4FABB3FCC85D66F7FA92DDFB902F7F5979AB535DAC367B0874AA9289E238EFF5C276BE1B04FF307EE002ED45987CB524195EAF447D7EE6441557C8D590295DD629DC2B9EE5A287484A59BB790C70C07DFF589367432D628C1B0B00BE09C4CC31CD6FCE369B54746812FA282ABD3634470C48DFF2D33BAAD8F7BB57088AE3E19CF4028D8FCC890BB5D9922F552E658C51F883143EE881DD7C68E3C436A1DA718DE7D3D16F162F9CA90A8FD
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Operation:	write	Name:	Blob
Value: 0400000001000000100000001BFE69D191B71933A372A80FE155E5B5090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F000000010000003000000066B764A96581128168CF208E374DDA479D54E311F32457F4AEE0DBD2A6C8D171D531289E1CD22BFDBBD4CFD9796254830300000001000000140000002B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E0B00000001000000100000005300650063007400690067006F0000001D0000000100000010000000885010358D29A38F059B028559C95F901400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB620000000100000020000000E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD2190000000100000010000000EA6089055218053DD01E37E1D806EEDF53000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000E2050000308205DE308203C6A003020102021001FD6D30FCA3CA51A81BBC640E35032D300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3130303230313030303030305A170D3338303131383233353935395A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A3423040301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201005CD47C0DCFF7017D4199650C73C5529FCBF8CF99067F1BDA43159F9E0255579614F1523C27879428ED1F3A0137A276FC5350C0849BC66B4EBA8C214FA28E556291F36915D8BC88E3C4AA0BFDEFA8E94B552A06206D55782919EE5F305C4B241155FF249A6E5E2A2BEE0B4D9F7FF70138941495430709FB60A9EE1CAB128CA09A5EA7986A596D8B3F08FBC8D145AF18156490120F73282EC5E2244EFC58ECF0F445FE22B3EB2F8ED2D9456105C1976FA876728F8B8C36AFBF0D05CE718DE6A66F1F6CA67162C5D8D083720CF16711890C9C134C7234DFBCD571DFAA71DDE1B96C8C3C125D65DABD5712B6436BFFE5DE4D661151CF99AEEC17B6E871918CDE49FEDD3571A21527941CCF61E326BB6FA36725215DE6DD1D0B2E681B3B82AFEC836785D4985174B1B9998089FF7F78195C794A602E9240AE4C372A2CC9C762C80E5DF7365BCAE0252501B4DD1A079C77003FD0DCD5EC3DD4FABB3FCC85D66F7FA92DDFB902F7F5979AB535DAC367B0874AA9289E238EFF5C276BE1B04FF307EE002ED45987CB524195EAF447D7EE6441557C8D590295DD629DC2B9EE5A287484A59BB790C70C07DFF589367432D628C1B0B00BE09C4CC31CD6FCE369B54746812FA282ABD3634470C48DFF2D33BAAD8F7BB57088AE3E19CF4028D8FCC890BB5D9922F552E658C51F883143EE881DD7C68E3C436A1DA718DE7D3D16F162F9CA90A8FD
(PID) Process:	(1840) aTube_Catcher_v3.344.74.355.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:	write	Name:	Implementing
Value: 1C00000001000000E7070C00060009000C0032000800B603010000001E768127E028094199FEB9D127C57AFE

Add for printing

Executable files

205

Suspicious files

127

Text files

131

Unknown types

Dropped files

PID	Process	Filename		Type
2608	avg_antivirus_free_online_setup.exe	C:\ProgramData\AVG\Icarus\Logs\sfx.log		text
		MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA	SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\icarus_ui.exe		executable
		MD5:FEF5E959190FDBA9365B3672B117D00F	SHA256:85A35C7B03857C3482526938DA2C912AF6092C251DDD7359973B373153EE6B65
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\icarus_mod.dll		executable
		MD5:D82C7E7541B0FB4BCC07230A464110F3	SHA256:787F09B46F996C1835532A9A0BD03D3D02BA200655F59D09067AEA164E581FF7
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\2d05b9f5-9c8b-421a-8a37-7e2ff9d6ee5b		binary
		MD5:8A0ECC6639E0E218CD4D3F3B840C28D2	SHA256:85FB4F9ECE8E51F33643F3A9FC9E8159C4C5836113B77ED1466E1F7B6ABDAC3C
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\4a82e0fb-2bba-4dd0-aadc-8f8f324b3b27		binary
		MD5:5751F90923D39573F3847A28A6EE4EEE	SHA256:67C3B970F86558F3C769BCB301A89102616E19549DAFDA74E0EF201F023792BF
1840	aTube_Catcher_v3.344.74.355.1.exe	C:\Users\admin\AppData\Local\Temp\aTube_Catcher_files\saBSI.exe		executable
		MD5:BB7CF61C4E671FF05649BDA83B85FA3D	SHA256:9D04462E854EF49BCD6059767248A635912CE0F593521A7CC8AF938E6A027534
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\bug_report.exe		executable
		MD5:9672D59B4F4FD4083FACDB53DDC4A83E	SHA256:A1A69486E716550834B0D28E07ED55412157B671B90AEE545EA57649F90AFBDA
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\icarus.exe		executable
		MD5:74304FACCD7A95FFF290B0A8AD15EE88	SHA256:8639967DFE4310D2C942052A45E0C47D7AB4EF6A0EC245AA67DF3A01E81E07A9
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\30d0211c-d6c8-4334-8837-ec035f36a2d5		binary
		MD5:4C6ADE41D53BAE584644744F2E6A232F	SHA256:B880331FE25923DF07B3F4110C52D2387F4EFD3B2AEE4B9948BE253D3CCD3EA4
2608	avg_antivirus_free_online_setup.exe	C:\Windows\Temp\asw-f509ef53-0af3-446e-808b-2119c8c0ba6c\common\34431638-b374-49b6-acb5-18a9b058674e		binary
		MD5:A89EA361A78E7F89EFC92F52D9A77619	SHA256:45B31ABEBF071A43237BC73750A03836F5D4ABC7D0D3B7E5E2772CE518D6268F

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
868	svchost.exe	GET	200	172.64.149.23:80	http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt	unknown	binary	1.52 Kb	—
3436	avg_antivirus_free_setup.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	—
3436	avg_antivirus_free_setup.exe	POST	200	142.250.186.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	—
3436	avg_antivirus_free_setup.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	—
3436	avg_antivirus_free_setup.exe	POST	200	142.250.186.78:80	http://www.google-analytics.com/collect	unknown	image	35 b	—
3784	yct.exe	GET	—	192.99.39.28:80	http://ytc.dsnetwb.com/ytc_update.php?item=check&major=3&minor=8&revision=9991&build=Modules%5F568150%2E3900%2E750%2E	unknown	—	—	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	unknown
868	svchost.exe	23.211.8.250:80	armmf.adobe.com	AKAMAI-AS	DE	unknown
1840	aTube_Catcher_v3.344.74.355.1.exe	13.224.98.59:443	d2abin9qrcnctu.cloudfront.net	AMAZON-02	US	unknown
4	System	192.168.100.255:137	—	—	—	unknown
868	svchost.exe	192.99.39.28:443	files.dsnetwb.com	OVH SAS	CA	unknown
868	svchost.exe	13.224.98.59:443	d2abin9qrcnctu.cloudfront.net	AMAZON-02	US	unknown
868	svchost.exe	172.64.149.23:80	crt.sectigo.com	CLOUDFLARENET	US	unknown
3436	avg_antivirus_free_setup.exe	23.35.229.27:443	honzik.avcdn.net	AKAMAI-AS	DE	unknown
3436	avg_antivirus_free_setup.exe	34.117.223.223:80	v7event.stats.avast.com	GOOGLE-CLOUD-PLATFORM	US	unknown
3436	avg_antivirus_free_setup.exe	142.250.186.78:80	www.google-analytics.com	GOOGLE	US	unknown

DNS requests

Domain	IP	Reputation
armmf.adobe.com	23.211.8.250	unknown
d2abin9qrcnctu.cloudfront.net	13.224.98.59 13.224.98.224 13.224.98.4 13.224.98.88	unknown
files.dsnetwb.com	192.99.39.28	unknown
crt.sectigo.com	172.64.149.23 104.18.38.233	unknown
honzik.avcdn.net	23.35.229.27 2a02:26f0:7100:9a4::240d 2a02:26f0:7100:9b0::240d 2.19.100.183	unknown
www.google-analytics.com	142.250.186.78	unknown
v7event.stats.avast.com	34.117.223.223	unknown
analytics.apis.mcafee.com	35.165.220.198 54.190.8.5 35.161.88.181 44.239.99.22 44.237.159.181 35.164.197.214 54.213.206.251 52.40.246.206	unknown
sadownload.mcafee.com	23.50.131.75 23.50.131.76	unknown
analytics.avcdn.net	34.117.223.223	unknown

Threats

No threats detected

Add for printing

Process	Message
regsvr32.exe	12:50:40:560.328 [01820] : [InitDebug]: Level=0
regsvr32.exe	HKCR { StarBurnX.DriveSpeed.12 = s 'DriveSpeed Class' { CLSID = s '{E0EEE430-80D8-42D7-8D83-F046AECD7536}' } StarBurnX.DriveSpeed = s 'DriveSpeed Class' { CLSID = s '{E0EEE430-80D8-42D7-8D83-F046AECD7536}' CurVer = s 'StarBurnX.DriveSpeed.12' } NoRemove CLSID { ForceRemove {E0EEE430-80D8-42D7-8D83-F046AECD7536} = s 'DriveSpeed Class' { ProgID = s 'StarBurnX.DriveSpeed.12' VersionIndependentProgID = s 'StarBurnX.DriveSpeed' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { NoRemove AppID { '{3DD7EA49-B5E1-4493-895D-C73562138FC0}' = s 'StarBurnXLib' 'StarBurnX12.DLL' { val AppID = s '{3DD7EA49-B5E1-4493-895D-C73562138FC0}' 'Version' = s '[!output TYPELIB_VERSION_MAJOR].[!output TYPELIB_VERSION_MINOR]' } } }
regsvr32.exe	HKCR { StarBurnX.DriveSpeeds.12 = s 'DriveSpeeds Class' { CLSID = s '{7169A231-64EC-4702-98AB-05ABB6D882A9}' } StarBurnX.DriveSpeeds = s 'DriveSpeeds Class' { CLSID = s '{7169A231-64EC-4702-98AB-05ABB6D882A9}' CurVer = s 'StarBurnX.DriveSpeeds.12' } NoRemove CLSID { ForceRemove {7169A231-64EC-4702-98AB-05ABB6D882A9} = s 'DriveSpeeds Class' { ProgID = s 'StarBurnX.DriveSpeeds.12' VersionIndependentProgID = s 'StarBurnX.DriveSpeeds' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { StarBurnX.DriveInfo.12 = s 'DriveInfo Class' { CLSID = s '{996C8DFD-8CE6-43B2-9414-CB6132485363}' } StarBurnX.DriveInfo = s 'DriveInfo Class' { CLSID = s '{996C8DFD-8CE6-43B2-9414-CB6132485363}' CurVer = s 'StarBurnX.DriveInfo.12' } NoRemove CLSID { ForceRemove {996C8DFD-8CE6-43B2-9414-CB6132485363} = s 'DriveInfo Class' { ProgID = s 'StarBurnX.DriveInfo.12' VersionIndependentProgID = s 'StarBurnX.DriveInfo' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { StarBurnX.Track.12 = s 'Track Class' { CLSID = s '{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}' } StarBurnX.Track = s 'Track Class' { CLSID = s '{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}' CurVer = s 'StarBurnX.Track.12' } NoRemove CLSID { ForceRemove {F750BC9F-72CE-45C6-9D1F-BFEFB0765918} = s 'Track Class' { ProgID = s 'StarBurnX.Track.12' VersionIndependentProgID = s 'StarBurnX.Track' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { StarBurnX.Tracks.12 = s 'Tracks Class' { CLSID = s '{AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF}' } StarBurnX.Tracks = s 'Tracks Class' { CLSID = s '{AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF}' CurVer = s 'StarBurnX.Tracks.12' } NoRemove CLSID { ForceRemove {AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF} = s 'Tracks Class' { ProgID = s 'StarBurnX.Tracks.12' VersionIndependentProgID = s 'StarBurnX.Tracks' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { StarBurnX.Session.12 = s 'Session Class' { CLSID = s '{80E026F0-CE90-4F15-986A-45317268AB5A}' } StarBurnX.Session = s 'Session Class' { CLSID = s '{80E026F0-CE90-4F15-986A-45317268AB5A}' CurVer = s 'StarBurnX.Session.12' } NoRemove CLSID { ForceRemove {80E026F0-CE90-4F15-986A-45317268AB5A} = s 'Session Class' { ProgID = s 'StarBurnX.Session.12' VersionIndependentProgID = s 'StarBurnX.Session' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { StarBurnX.Sessions.12 = s 'Sessions Class' { CLSID = s '{4EE12AA6-A781-490F-96DA-783969C58A1A}' } StarBurnX.Sessions = s 'Sessions Class' { CLSID = s '{4EE12AA6-A781-490F-96DA-783969C58A1A}' CurVer = s 'StarBurnX.Sessions.12' } NoRemove CLSID { ForceRemove {4EE12AA6-A781-490F-96DA-783969C58A1A} = s 'Sessions Class' { ProgID = s 'StarBurnX.Sessions.12' VersionIndependentProgID = s 'StarBurnX.Sessions' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }
regsvr32.exe	HKCR { StarBurnX.DiscInfo.12 = s 'DiscInfo Class' { CLSID = s '{DE9B465F-0405-41B9-8C20-B6F0CACCC713}' } StarBurnX.DiscInfo = s 'DiscInfo Class' { CLSID = s '{DE9B465F-0405-41B9-8C20-B6F0CACCC713}' CurVer = s 'StarBurnX.DiscInfo.12' } NoRemove CLSID { ForceRemove {DE9B465F-0405-41B9-8C20-B6F0CACCC713} = s 'DiscInfo Class' { ProgID = s 'StarBurnX.DiscInfo.12' VersionIndependentProgID = s 'StarBurnX.DiscInfo' ForceRemove 'Programmable' InprocServer32 = s 'C:\Program Files\DsNET Corp\aTube Catcher 2.0\StarBurnX12.dll' { val ThreadingModel = s 'Free' } 'TypeLib' = s '{93CBA48A-1C58-4648-B22D-8F3588CB8D95}' 'Version' = s '12.0' } } }

General Info

aTube_Catcher_v3.344.74.355.1.exe

553B70E1FAEAA7163AB6001071434631

1B731CCB38147E97A1287FC0212B76C289B65BA9

3D1B1B7DF0E2ECEA9743D49D151A027ECEDB3013E0E38614209148CA42D3F975

49152:SMqqqCCDKw1TZQ49949949TsouNshyO9CDKw1JCDKw1P:/qqqCQXMshx9QfQ1

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Creates a writable file in the system directory

SUSPICIOUS

Reads settings of System Certificates

Reads security settings of Internet Explorer

Reads the Internet Settings

Checks Windows Trust Settings

Adds/modifies Windows certificates

Starts itself from another location

The process creates files with name similar to system file names

Process drops legitimate windows executable

Creates/Modifies COM task schedule object

The process drops C-runtime libraries

The process verifies whether the antivirus software is installed

INFO

Reads the computer name

Checks supported languages

Reads Environment values

Manual execution by a user

Reads the machine GUID from the registry

Create files in a temporary directory

Creates files in the program directory

Dropped object may contain TOR URL's

Reads CPU info

Reads mouse settings

Drops the executable file immediately after the start

Reads the time zone

Reads Microsoft Office registry keys

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings