He ran a full scan. His machine was clean—his security settings had been high enough to stop the script's secondary payload—but the attempt was there in the logs.
A GitHub gist, posted by a user named d3c0der_gh0st . Barely 200 lines of Python. The description: "savefrom net helper script – no ads, no trackers, just the engine." savefrom net helper script