ytd-video-downloader-5.7.3.exe

YTD Video Downloader

GreenTree Applications srl

The application ytd-video-downloader-5.7.3.exe by GreenTree Applications srl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.cbsi.com and multiple other hosts. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.
Publisher:
GreenTree Applications srl  (signed and verified)

Product:
YTD Video Downloader

Version:
5.7.4

MD5:
9de8176ce33477fcf94b2db71d770a46

SHA-1:
42b125697dee71fa3b7e99327f6790d136db4b67

SHA-256:
7cef800dbdd593276acd733691e2b359c0324cd8a6f367dfe494f86822fc0a3f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 1:34:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Greentree.YTD.Installer (M)
16.9.27.14

File size:
9.7 MB (10,205,552 bytes)

Product version:
5.7.4.0.1

Copyright:
Copyright © 2007-2015 GreenTree Applications SRL

Original file name:
Uninstall.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ytd-video-downloader-5.7.3.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
7/27/2016 11:55:38 AM

Valid to:
11/18/2016 6:32:14 PM

Subject:
CN=GreenTree Applications srl, O=GreenTree Applications srl, L=Bucuresti, C=RO

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B06D48A15E485DEF

File PE Metadata
Compilation timestamp:
2/24/2012 10:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:er4eYxgFd1mpoVpGSBDOJFIeTxOQJrCB0HuUX/p9um0LgLUGz5TmdKMVQaDx7gJJ:DeKgFd1mRS5OJFIeVOICBSDX/eLt65Tb

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9992

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file ytd-video-downloader-5.7.3.exe has been seen being distributed by the following 50 URLs.

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=3a9f59a0e6c17bb506ef6270&viewguid=fkwGZNuOwOn56BxsrsyEazb1Zrb6HiJbumch&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://files.downloadnow.com/s/software/14/47/48/.../YTDSetup.exe

http://www.applicationconecptclean.com/G0evmN_2MxNX02Q8iX7REBC1pmg5wbJOR7LI6qFXzY_zE1zPWXak54AmaLOPzGAe4Fz905l8wvBQFBJSQoqHhx SWI9Kxw5yTJ41FPjtT3kcHHtiOOtZ0O6tu4SB SCUS2SVrpNA_33tVvR_eQHt7H7XbDFNzMVXNpWZK_a1UK_vX7xuGB0Survd03PWkhGDZDmwjJRLAvGpBgTZ01KiCjG7Uk99MlwsGcOh_gbbU_IfXcOjWuh8k dbuQho11V0xzR1b0qp4CACk4W8zKAX3wPcemCZQfMf2QhDpGuQIG I1oe3Ac5jZCbqwrGhIYAMCEvCKExCEHAh 9rq0vMHNOLxDqfjV GZf2gKyNDiHG78TK5mWF2u3uIHlz7ek7aaLO0TF3joytlqEnwp0Jeg1COaO9hKUJT9aWRaOdaPQlLG5L3uw0Hni6tj6g989Y6 qGlEwL8MFOhyeTHUg6MgjdN_BANKBImMzuAB46HZnWWoss__DZV0DfKSPQhVrS5mLb0EDnbWxN5gLG6U3_mF36tWP_Rhbp4OkdtJHO8qUyq6DhuEJn7qnrNu9a26Xxz2UVtZseOHboaElyK9vSF_orqpX7oi9DXHJYK8k54FcCj_hJI4zo0=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.applicationconecptclean.com/mddbAQYmWX6yS8wZn9tC2c9M4AZMBIIKVujYkcu0CfnIaBjtbg2ti2tu6IIbzosFbAuasbasU6H_NueNqkV1IEJ8EyG9T_HAu70f oS_1HuzR5g2x3g04Thqibevs4ZYvo4DsvV5EuCbzmnmm70aUOErWqG6zrWy8oLjhWcLTPogSQosG2cYtUu7Qvkx6JK8qk1Pm1G0fy96mcBwLwJZmrHhYpMDF6ABEINTgfonMnJXdvYzVxA9Lv_bv6nrL2QGTqcsmfawU8FOklzw3bngLw2RhtUNmiQYmXltutCWRZigGQTh2uVslhoBkYmJ5zscXvzOBnyUwry_lDvlNOu9beRkKgNB8Q5t9V1mK4pQ2 6cdNzI8FC kzxSXv6kwnBMxRyUKk p6587SWbLr6nlYmV3X3Zk1XZM5BmvuolD tE28FCzMclpB4PU2GKgmGMt ZblGQxARZRf3a0h780lEHuU5Tfl_MtLWnDyREPrIoaqL2Xk95UixXnKIG4Nxz0l54wJStTEyDaMRTzjyTY7KBGr1hMdMitJpF2Bocn6hTBFoTBOqVcaqhxIunas3jc4tqDh_6PrL32Ee1JsdSlxQE3E2L6gANe6H3Gtqavq6pwQHavcBio=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.applicationconecptclean.com/kKNCiKjhGRV3yGWsFEGQ 5jkcrtLho1XLOOUCBIEDUUPqGiHk9LqABUnIUlnB9c6U0twtwiwb9SImDCE1ntK25t0Q SlrS7 tm66IWlptkInu2HPLIc2_zDzxQo Ud1VV22uA_6jm4rCp812HI2FqBtNZycYNGx0JGQfmC1F3gXyw87eFD5KqJLO_WIbhL7OlcG6Ju8dCti mFde7mje3UiejEONarVIbiLw293vhWEw XUI74Ar4PWmet1MUSLbFirnY VMyxqpLDKNUuxx2VgDWd5T5YJRjHoXegPibmyFFxBzKlHZJSwcgC6Ch5EgpNK01LUXDwOu_N4RqgwAoo6ZMXWKMF8 a2siIvBFWcvC5OGUtLfu6ycKEiSpu8rcj3H9gq0u958hromXEASD1 1iBqX85nb01LCk3SgUAmBoEV9FIluxfK40kgVb7CEryjI_Z0V1EHV6xwoeONzUuzjlaidExLvZ1qiJ1mf FYnKaJ1LK7oxMFXdLlXKjHNmgVo_4b_HgGJrcnT62hZaPkQbioGXVDmY4AhyqIvGlCthDwCg5iCPmEMxLW4EOsfHaDKuH5qf53qxiV9FyhKRV5C9Cdmvfi x9jfGOVS2asa6h1Bu1wQ=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.youtubedownloadersite.com/.../stub.php?alt

http://www.applicationconecptclean.com/dPLXYSbrlvetb5ZOCpgNZnAIYUIbToz9xxPf8hvCGTT24HYK6kdRTKjzeEqx5JSUC UjFiaSvbnfnvy1 6xvQBAxmvCYHosOeyGuKaKgVwISY7cppyLaGo5EkSggWlvDqE31s73wyrKD6gMB3KUg8ARktWyaJXK4kTPu4D0d0SzPgwNldLryX8WVD27ORIhCXIlEA3NnuXkP7dywKS9iytjG 9p8q4nBikDrjmOTfdQCANTkkH2KgFWy_jx2MifDyP22bMmADnXYB51f0a8NPki973keBkR1Zjdx6QVJKjjLTz_SmuX9ItsOQFUnGwLkFCLilN3IAt7yERPH6Bc8Fu9TQZ izJ7_mL7pK47LthBk0oZgUgwcbXrp4nD8gda2PDQZlSWMrpDX8KYiBgxiMD3knbWD5kaxOom_Uq0biCH8FrLHhDJcfl1qxZ2T4GJAf Xyv75PeqZMAIZY04yRi gIQzWvCl7wvLy e5RNE7FzM7gHjnJY6TYnGGsgQgb0WgK 85DjddLAXvkHiHLC8aoFsOWSmqdA5OuoUIyFOaOFX2na6_IogeCvTjSgC16TYetERaIMEioTkNzY3UFh4b_6dfWMM3GlXVL73od8udJrdh05NiE=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.applicationconecptclean.com/Toxnd3MtWQoazRzYkdY_Kel2A0sjoyNY2G2f7IIEyL5C6g6lHT5v1PpKYg4duLnO5IMBffRjZEelrEj2L5aMrivymIdpU4rANZFJyn0m4ezm8my9i4dbQvo7YOlyxCZk_reOXDfLaojwMo4fNvLRGs vzoja2LGv04I1OY0uyZ GKrpJGCIs5PskF2fR4JtSelF0yxP7epVU4PIgZ_QNlTWxLIqZ6WDp_2G7CESFSo_nAp7nENQ=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==

http://www.applicationconecptclean.com/OhxUlpiRBpMccT5DVJ yA1SahqCE9qEmmaFNkU6uyVfnxd0Gcf1j8wP6SYgWDyl3xLi3gVHE32MqgX0jfdkiEJ49pmvyhYvnZLKj3EdrJtMkVfULzSdCMzZG_EeM16dBwfJOihXfsX8u5NhBnMmLXJ7lHoJkynYZ Z45TvybwkDLG3yjL KMPZML3v5NUF7wPypZdAS85113YJuEhL9x0qB0LYuChlyvjiIWYjIiaiNPSYURRDvlMpdrrz1G0WE6XKlgza8m2Esxn8qIgC9OD9hOgkSjqbHRMdh1vHypCWMF4lk_Fkdu9c2zV19r5Y_CxVc92LEwX52bbKr3jJrk yklwfG1IfSpSAlwyQuoKXTeM55b mkpzdCUMTO22JkGRp98K6hPc8eSVD5gDt8ApRTveCRpO4fy TDfJjhy_R1okWXrNBV2YKirSLWkrwo m_4iiTYvFALSTdtViBGC1m8szK6yPCea34XIRZSvl49zeEd7aE_2vVpXnzWoKtEB 6YrlnqCFiceUly0RZ34PGz_pDJElKZNQkJXJ4F2Wq0MmfydFpLCedfKszw5KCL8Zq0bAM4RaZ2Arq3PMXe8lwHWrSpCemlXSHP8XLXH_WvGJniH2Z4=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.downloadpresentcity.com/T8JQr2D Jbjl7SXjlFfVbbINbCJdKo9 VdTOMP1GlcMAzmP3R_IQ18 bulWlqZLitPTaYFweNco5sbA_Ew4x umulWxGNhxenOjwtjq89kTZEdZqJ6DJbqEaLaGHOwj2GB5wAktTKDH7qY51P2uWkZGL4XUNxHk4KG072cBmXf58TqC6txeUE6HrjqBXybGjnuJvj_pPlU1O7ytDQgNLbClx7QU a6qAAKOkJBxg_CKUxV ukP1UVq5VQ zdwKHEzMnFokRoy2aOK_LWaSxl4Vqron0lz84h Jo1cvQ2fRd8GtT3CaRJgl8y0gDDr28BpK3P Kh0pq7YNQYbidICUlOB hpkjx9RraapQqAFuySsxxWz6ZYs U1Cp3vy5Ks oAdL0gonb4NT_3bXj 02SSAx2Oey77HNmPyhpdzxcDts2BKpsaTIJE1MTJcbIxsmgtQZ25 lxaquyC5dM4 BHvqbLVag1klEyiYKVW24YwRRgWctxIM9 hIpjr AXjCrQANBb2F_k1zDJnXTAzg8Ivt0mNeRVep2wuJIqeTNa8ACknIVr4qP86un50wAnMHdphctWk9Eh5NtBZTpkhg9xEKH6ELOWxO9y1Y6Ybim c9B4SJxyY=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.downloadpresentcity.com/S1biogEjin20fzLtUksgCjNNPdX0gbSEcTNigd8vMfVmYsHp9afS_fCDdFnv3ZQSFzdR87W3IAnnRDvaKNGat95Lnx0d0HsssFgWGKywXXjyKQNm4t_aoBS4DNhPTwNuswDad08REjBF1DVsC0KrFNEkKf raZ0MF3kHftiUPURT7QvEnLnni3IILiHwku it3kk6y0AIXZ OoXt7UPGfxwdN R77g5yGo5iNXa9 71YXP4z DIay6t4XOKliniWBVjCVSSfWtLSagsLGfjeRLYM2mmNBiirb7De3IUyPY3uLJKZsOzNlSJt4dB5cbwAHVpS9i0Kcu2VBlPiNKzHoMZA60Ym9yKMIylJ GESBFHR0efqOVexACKq8kCkXeBLWAmItp7 0JyHscqsR1GUtkfNymSHwPrOvS8gTn04llb_JKzrnmzr3wBZNlFJIYRN80Dl0c r8VOhZXkffna9p6aksLdQUJ1FzJx6zyufiGcmjNRzJN9IXbce3 Id4VfNSaCoCl typAJBXbEFTHszgZZSIwUzKt3b l1r620gXygqht47vv2g1ZNE3IcLD7K0A5RfYNRV1qKXv5d_URqjHPIOkf2e4ugmD9Hkkalivxp2U1pc24=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.ranchmetabits.com/WiD7TIpGWOm0tlBeLcpBxJR6wH4YAMYJg2Ozydo_Hb2NOpjQsN3CYNgVBlVd7 f91p74HaEjreYAP1FDaxp K9R6cBquxOMMApThIUAA 4uyVzDsND dN kN3hJoq8pFC5RyXl1BdoKIs7A9Ydp6lSZ4TKlRPV TW5W4IxiJvMMpVSPVKsTcFFp29m4DT9V4UzMosjDCkBhQ4oS4nvgylj2wy8QavWG6yLz01gPCIQp6h cwomZSYKWi8najEsNmP9otmDh4xDtNdJYJhiFEKW3Q_kwST92jiyUg15lH9rGbgYEUpqGb5u_X_uA0p_Ceg8GlsZUdXRdGNTXbIGemwoS8mWg27_15_WRkGOK3qD_nQ nKupknvXPNNWNENr5399xDVh2OY7OwLW3R5s9TpzbUlYh58ZH5Hga0M3Zn5LeEAVisOZV7ru7OhpiisDC89d7buau18QUGl tEnT8AcvMaVAUFobndcVz3 hOBcS8ScQnH4fySQjZ8sjpFMQDroSFoemRqbEUR_OjWozpjtS4evRukhUBXYqyAqWPJa_AuK4iIwK1lh1g4dUqJSePC3yEmfreuVbHrqvzS81fnf3TLeMkkr jKxcn3UEQsJJDBXhW vlo=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

https://ytddownloader.com/.../stub.php?ytddgcie

http://get.ytddownloader.com/kits/.../YTDSetupPRO-620067590.exe

http://www.ranchmetabits.com/23Sxpt0y cIj0zdw9ASl5msgf8I4zbTRP0lxoXZ7xIPR7Xg0bW erU9Ewp0wgjBVds5a 0LO622XnGsNzDD0EFLKjUH554S YY5qBlHqbCV0aqXNmVdI2voYUpF3eYH_xbK8b_7Pd3Sh8UEb3tcQ8lOS3I_Pph14 R wLjfjWXujlMmAFUUt8_8GZMp8owycVO74QK7aFJqEaclmuDPAGdvh5lxM5EtBN5WMgKMG8dmGxT7CXFC2Z6aCboOXS8KaZmoPoRaij80FBYNPSmHDVu8Cpczx6Jne3nPsKhGlmxQeAGqpBVtUXYGyA38pZJl NN_KAbS1KdHjrMzmeXuFiFAYYyl0gnrbmSmNyEONMevv Xn_vkODgRn n8oVdSrZZRkzh8I3m2b9NID0Hztt9Ct0V4_afEbuHXW9Swf1BmK3txatlK3dissWGEpa8R_svtbeRHDVjfrDRKaXyxmhjY7MdafkAzh_knSlsx2D285EkhZd4h5LkCOX5K0nSt625XhmeF1RmO4E18pcP EgbXPS9xah_FUBBAHLaHW1yyQ0rWD1WlBRnOpfkjYK63E7xkrRzzOaVmsv1SiKxECefEhwGP6hUE4IxLxXdE482ZhOTXH_Eqk=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.downloadpresentcity.com/Fa3VWawQSarWJpeU46QLHxjSvBf73UXKgLVDFOjLrB5JPLt_RK I3j5dZX6QsN2dNzd XsSg2kNh38Wl392x3fQ0KzC0FHcuqrA_DOXhWzXYwMgYrBnjZ5PVzgkYEXg_F8TONYPvkVdgtbL9v8v_aFOESGzYLAhEl5tEK5zx54FNfLZYpazHCbxEyR0cHD9_oG40IrybstU1QOPHa0CkPXlOf65R2LqB6W9zwsCQQGbKkE4KqdXBkoP4o3nSLJydg4yaLeLGdBPrq8qoQHr8NrT05XbBwc9U0yZtQW9w83zzT37jkvXz41lG9M kXyqp6OFaLA658q U9 g9Y_YOhPQcfF_lXePzuW_NEQkZtTQUZifKWyYkHmmWODi2b8spERv5mVr4NKITAPU44AMzfN7Jt375TE3ziWZ8YwKrf3NUN5JvU9cbPJ5Q8tOHb3fYGOyWuqySWJBDUJXK4q9Gc8v1B8fwFPoPA CvRSeBcurUQDR39kmcR_NQ1qlUKCjgabJ7yHc7eqTh0LKJamJCsO4GHg5M6rdHEuRiiwevx65ncHWfoR9kfexqmn1I60rdnXqzW4nlROcfpsGcw1QDm73 4j7oHE9Zh6kqEzTbqVbnBX_mh4=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://get.ytddownloader.com/kits/.../YTDSetupPRO-2039501325.exe

http://www.ranchmetabits.com/ogPeHBMiiPwGCAUNXxDg1SrIcjW9I9l7VqxKmuaeXR1tllS3LG_Z4icxpptQcF_HsdvngGpIn5GRMZeaOJ5WrUocnmWzSZOfOgj9kPGMryghq6SQE8j8WLa 5fjnnOI72yDkYSyqMDSZhw0gbmgMXsd4ppr9zbUUcjoSd5FuEVMTQ_YkTGeUwR2LWi9B8UMyxWUem53w1QbuhChKtUt3cXLjUBh_qg==-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==

http://www.ranchmetabits.com/6qHkLjBxF0HHu_lkQTVLIWD XYn2FQd4UotYeHRDw5OK6Am7bt2ot7ITy0LXfCGbFeQIOzphZolF NsDh9bqI3xDhkIbZ6p6pD7kTdo0e9_ROke_rTuVgqkg5c9P8kqSKXcB9VkAJCTtJtjU2y9k MgYk9jiCI2mCLsmIRGPhX3uKODMCskiILImRYLXxMb3lSihh8vYvMoqMYsUGbh0YhxpbNPTrw==-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==

about:internet

http://www.downloadpresentcity.com/2UhVkOq_oLSBzRK8lZ5p79XtRE oPbkBV9B4feq_vtvFPmi DvOYXZtZotIKEgfTgU_gqIXDAeAHUcxcLp3hvuqipssKdoNtLDoYbWnQrbaA3Rp0v79f0l8s3RfAX6 auECUa8vFJA1WVMiuuivxAtXhT9uYbVqBAI2Q9EEqce7SRcDYQq8nLqfaoLOy3qyzUkHReGLi-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==

http://software-files-a.cnet.com/s/software/13/48/52/.../YTDSetup.exe

http://www.downloadpresentcity.com/HB 9x02TPPnp37V8eZ6QwEr1QjrJjz4o_svBLMbqfozWce6FJFMHtw0nCgt3uYSjpKSGYszSbgBLdqqmY75KBdZs3Uot0jtHx27Xr_7l1zYaiTG7aszlDQ86y14DR01A2qylzibFw05JeXnLymLKb8EkP_XUVtkFqcC6e3ZUYhtHetDt8w0nuFjnQYNCV8VVj_FWn6NPcrUabf3StjUTlcjW9bi_Kg==-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==

http://www.ranchmetabits.com/NUxKWx7jZY4G4Tz4jXkIZptbBcTbMHJCltdrbI9my9nyo76VW1C1fLR 5E69UZ2c0o7nmOj49IQGWRS5LeWTIVWjs0fXMgobExGbBdsd6Ce6oQGS9TahWjQE_My4AB9o2tUFGKlzY_Yb5iWb8UeWb7uGg9okFUzwIlAAsgY6k8xIUj7xPUSHza7ltHeEpKgH5jOa5DcNQoAOg6q43lm8haHePpu209DxPDdN1BafCCpefvZAMD2b_kiJ2gFWYDsbIc5ctdhJz_GqmFQyELXE5a JeCgBh 4DLte1jwQug4dbrhjQFhvSVIJSLPIZT8Tn nPJYALX6V6_pd5tXr3DJ20vRSsDevW2vkrw0krgY0qc53yNWUNb4OOx0ppNDYkdxx8FywD7_ZTcjSOiDGbRKOrzdMBelhfWbz4El5X8fA1lFC1xx2YuMoPh1kQgPGfGs dC_o_4RO4PBH7q2oePX_aDhWJpi tDDsBSbjrLH3M0auJtAM2pENfWZmtV4btt3E7T937mR5mMX4i0 ipPhQIVTPSBZrjvPAqpatL67n3nq6r0PBrKUQJxKEsIRrPgLTT1JTTZmf4LMrM8X 3yd_8NMIVVNmUYXwXYSnnVRRNNVmvMWd0=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.downloadpresentcity.com/mOeIwEPimMH3CU8yoLm5cNhnN4yGiHW4EhEVbyyR3NzXZJ4lHMXXH1IHsrgNmU3TVKjhjXm8ovOPEXqfucLBII2s5p7CZxaBXKO5CohyQiUGr3B tHDEcmJHe5QjIdJc_3z103nghMEoDBbXoo_F31PbwfPsXPpDXxmzETV5SNfGSqmc2wJU6z8z3Qp7lQ8khE Sgupy-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==

http://www.ranchmetabits.com/eNBsDLC8npbYOPOLJbbREgTEiui3kuonul8r12Oe62MtspwimIr u1ULRsfr3sSPuTfzYOtfabXffDh4Zkar3s3tLBCsqRUQk2O7rg7xcXB8ur76p_SEUQj 1wV_KOVxnaG6bHq1tlXMf_7ppuddAI0r_0s24ts6C51Ttmn1RUOEC bf7 Rm pc7AiY_y4K2HCIZ0iUmdxpLCPUwH tFAnKmiQPMDjyCQN9iY9EKrrxyCtVrX7y3gcDx1n0vFVi8En9ACjhax8qWQ0viNqMB8keNzKXjYLriovDphjIhF9pmVlm1bv3QpNmqF5jM2lXPENzhsRa9RdIRUdw3r_srp2HmZ_ n3wHHSZr w49TFunPnliE3tBUc8qh0NQv0cbzHkqo187Qzd03Zpz2eOnokytJJQZJ7BA3clNHc__6Cx1nCapKAmrPPORL2fbegVq01dMpUK83zKidhfDJ0DmldGUJ1OVCSk65 ghHr tIksj2Z9OWD2lE4DebXSOefmAGAXQyLfj2f3jfWpZ_RrMkk2aSLfFzLEAY25CMF bY_DmzOBqSpneg0dK5CpTr3d9VyrmQdFlK30OCro1ubGJRNc2hFotGdI3t6_xEUMx9rMsZMG B5l0=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://software-files-a.cnet.com/s/software/13/70/30/.../YTDSetup.exe

http://www.ranchmetabits.com/eX3H0Ej3LW8U4tC6zylg8goIsCQK_ZR0F2t4Mu6vJgL08pfWIYsCymAm88Hfd7rBtqK3lh1wD0tyyg51wrxMlZKn5hAQURB5vkRnZgMSAJlcXPMm PWvHdYvRGKevNFDB9 4_Sr0q_5LhynIe7aUQOMI1Xf8AeEtIkAxelQ wdbyyXKP9ONyOyRzxKDcRQDti8qRplRxzvUUVh6EFbNgx8or1VkGunACsOfW4Q3edmXCD1xZxtQvGow2vHGiEE2ZtvxJ6WHMDpvY9SikF2xw53FBjmDY6KpiYAPsQG2Gn9Sb2jkIH7GHMl_ff5b9 Uof1w7hSVtBa6xIHwcMm9csr9h1wVjlOKwldSRxLz4W539IoY1YKWpTVE8OwOexOj_M4vq0o3cTo0mIu3 V EyzCh_CZlSpguO_ZMuOfidbCBG9YxHaL6V0oa9KY8jJArTCDZyLa3r YtoAGDNhuwPz5bzOeCaMD0y5Jjd3p1I4x3k96OPVHNjc05K3ozeOS2rmetF02jC1l6AdWvqZ6wBg4PnoUlNozfTVBd_lrG0lOoGSHotRHxEAPbemMBdfVT9a29vJC_agQBVuEKRed8si6FoAQ_GVXravAZ7dU8jQObXZHJ7XLGo=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://www.ranchmetabits.com/EUxhO7s4cLGi9snKwowQawXlaO0HJGjpltgBSviRAlvThGWeYR6D5sO5EQPI2n1KV3eJUT1_xdMvZLv rHkcmBFjjNZUlHmQPrq82kK1TBsFTCOEOV6DM2WzQtgDinYX0azNFO2xLdbDVkMUX 7R3OyaJc Oo6pZ1n ktV2 0GTIMMaNCXnf9eFWS bNLsSNmNRSLNMbB3T6TL8LHvXk1DD97 MxTybEejo14Tyw3rQNwJ4HGF8zC0Y7m7qeYHiQKkdNZSkG kJQm 4F85gM7fvaWiU eh3ba0G0FIerGWdCU76DYs7LMnKNixsJfBhX1Rjz1_7IPisB5of8pnRrAlgwWUrsGPg0H2VioH5BOVW9lTAA3f18uOA47QnIpPI1hSRGKtHxAUZ8p_6JExkZBirqKud_bObWEvBh88LDRv93rtAXfBMlidhZkr6CxL0t XDcQ1f5X7DAyUNkTOdHy_CXgjGUfomPuBijWVL604vgaa _NO4HzK f1KuWx_MG2QL6HC fbYUl7LkGZ_gLEBZoKm0hckm22quhpEW2pIH3PgjV0jeM8 m8R9jzWvCZCkgTVxTg kHvDj73gQ1uJcAvQ1ZHAvQ90HbtIAmH lz_1F314p8=-GzwAAGS9xfbvNhOK0CiyHwW23wY45PTAklBLEs2tFjrwpBoP0_TN8XhQEhRC4L1MI_rvwW_cK5YcEwV5Ag==-e

http://software-files-a.cnet.com/s/software/14/33/09/.../YTDSetup.exe

Latest 30 of 83 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (95.211.187.107:80)

TCP (HTTP):
Connects to rs7.websitehostserver.net  (99.198.99.122:80)

TCP (HTTP):
Connects to 74-115-2-240.anchorfree.com  (74.115.2.240:80)

Remove ytd-video-downloader-5.7.3.exe - Powered by Reason Core Security