zloader | 084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2

Analysis

max time kernel
120s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
30-05-2022 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
Size

6.3MB
MD5

91944610aa2f3b1f939739be42a99a3f
SHA1

f712fca98067978b136329ff9662b3b02460ee6c
SHA256

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2
SHA512

81b5a435438a745d5526e0abd2fe3d33fce99590ed42ce911c34f4d3bfa574c1412b5e9142c7e26bef4031224279570fadb9530be2021a8c756b8397a1b2e716

Score

10^/10

zloader botnet cryptone packer trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

CryptOne packer 2 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
C:\Program Files (x86)\DVDFab Downloader\DVDFab Downloader.exe	cryptone
C:\Program Files (x86)\DVDFab Downloader\DVDFab Downloader.exe	cryptone

Executes dropped EXE 1 IoCs

Processes:

DVDFab Downloader.exe

pid process

1084 DVDFab Downloader.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

Loads dropped DLL 18 IoCs

Processes:

DVDFab Downloader.exe

pid	process
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe
1084	DVDFab Downloader.exe

Drops file in Program Files directory 64 IoCs

Processes:

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\system\players\dvdplayer\etc\fonts\fonts.conf	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\styles	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\email\_parseaddr.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\msgs\da.msg	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Extras\designer\images\gauge-icon.png	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\xml\etree\cElementTree.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\safe.tcl	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tix8.4.3\pref\WmDefault.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QLanguage\ReportQt_BRA.qm	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\dbghelp.dll	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\idlelib\AutoCompleteWindow.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\locales\sw.pak	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\crashers\borrowed_ref_2.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\msgs\ms.msg	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Controls\Private\MenuContentItem.qmlc	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Dialogs\images\window_border.png	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tk8.5\ttk\altTheme.tcl	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Tools\Scripts\ifdef.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Dialogs\images\warning.png	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Extras\designer\images\delaybutton-icon.png	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\idlelib\Debugger.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\msgs\pt_br.msg	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\avutil-56.dll	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Extras\designer\DialSpecifics.qmlc	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\xml\sax	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\email\test\data\msg_15.txt	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\test_with.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Tools\pynche\ChipViewer.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Controls\Private\ColumnMenuContent.qml	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tk8.5\demos\items.tcl	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tk8.5\license.terms	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QLanguage\Downloader_NOR.qm	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\locales\en-GB.pak	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\ctypes\test\test_struct_fields.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\SimpleHTTPServer.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\test_posix.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tix8.4.3\ComboBox.tcl	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\encodings\cp864.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\decimaltestdata\ddAdd.decTest	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Tools\Scripts\byteyears.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\tzdata\Egypt	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Tools\pynche\__init__.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Templates.2\qtquicktemplates2plugin.dll	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\decimal.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\distutils\tests\test_config.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\idlelib\ReplaceDialog.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\lib2to3\fixes\fix_raw_input.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\decimaltestdata\clamp.decTest	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tix8.4.3\bitmaps\harddisk.xbm	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Controls\Styles\Base\GaugeStyle.qml	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\tzdata\America\Mazatlan	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\platforms\qminimal.dll	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Shapes	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\encodings\cp865.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\tzdata\Asia\Qyzylorda	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Controls.2\Fusion\ApplicationWindow.qml	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\tzdata\Canada\Newfoundland	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File opened for modification	C:\Program Files (x86)\DVDFab Downloader\QtQuick\Controls\Styles\Desktop\MenuBarStyle.qmlc	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\test_crypt.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\test\test_functools.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\tcl\tcl8.5\tzdata\America\Guatemala	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Tools\i18n\makelocalealias.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\idlelib\idle.bat	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
File created	C:\Program Files (x86)\DVDFab Downloader\Python27\Lib\multiprocessing\managers.py	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 1 IoCs
evasion

Processes:

TASKKILL.exe

pid process

1960 TASKKILL.exe

pid	process
1960	TASKKILL.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

Processes:

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

pid	process
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

description	pid	process
Token: SeRestorePrivilege	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
Token: 35	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
Token: SeSecurityPrivilege	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
Token: SeSecurityPrivilege	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exemsedge.exe

description	pid	process	target process
PID 4624 wrote to memory of 2316	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe	msedge.exe
PID 4624 wrote to memory of 2316	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe	msedge.exe
PID 4624 wrote to memory of 1084	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe	DVDFab Downloader.exe
PID 4624 wrote to memory of 1084	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe	DVDFab Downloader.exe
PID 4624 wrote to memory of 1084	4624	084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe	DVDFab Downloader.exe
PID 2316 wrote to memory of 2248	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 2248	2316	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe
"C:\Users\Admin\AppData\Local\Temp\084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dvdfab.cn/thankyou.htm?client_m=YzYtMTgtZWUtODAtZmMtNDM=&s=downloader&downloadmode=1&v=3.0.0.2
2⤵
- Suspicious use of WriteProcessMemory
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ffb0b4e46f8,0x7ffb0b4e4708,0x7ffb0b4e4718
3⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
3⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
3⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
3⤵
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
3⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
3⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 /prefetch:8
3⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
3⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
3⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,4955360331055705417,13337382936732930589,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 /prefetch:8
3⤵
PID:4208

C:\Program Files (x86)\DVDFab Downloader\DVDFab Downloader.exe
"C:\Program Files (x86)\DVDFab Downloader\DVDFab Downloader.exe" /install /add_plan /ID:2bcabe577ad22e751a998b7955129e57 /new /time:41
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1084

C:\Windows\SysWOW64\TASKKILL.exe
TASKKILL /IM YoutubeToMP3Service.exe /F
3⤵
- Kills process with taskkill
PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DVDFab Downloader\CrashRpt.dll
Filesize
279KB

MD5
5c43fa1843c64023b2b6bc34eff8ef31

SHA1
630fdf49dce88eeadc9b62127a42ef32440785c8

SHA256
4292056a677250932383a31967c7dea06404b499e8007bb7bdd473e649921112

SHA512
955b503f987a19e89b6dcc379b613afe599b734227844a227f8614745bcd8e888e8d63e8d5ac87ab1615150edaee8de6200df593882ad8e7de0d4586a18ad17f

Download Submit
C:\Program Files (x86)\DVDFab Downloader\CrashRpt.dll
Filesize
279KB

MD5
5c43fa1843c64023b2b6bc34eff8ef31

SHA1
630fdf49dce88eeadc9b62127a42ef32440785c8

SHA256
4292056a677250932383a31967c7dea06404b499e8007bb7bdd473e649921112

SHA512
955b503f987a19e89b6dcc379b613afe599b734227844a227f8614745bcd8e888e8d63e8d5ac87ab1615150edaee8de6200df593882ad8e7de0d4586a18ad17f

Download Submit
C:\Program Files (x86)\DVDFab Downloader\DVDFab Downloader.exe
Filesize
11.1MB

MD5
067959ec65e4f72b484332da0bb80812

SHA1
e3b12632da7e0a4321966cb759b736f2d230059a

SHA256
b92f2400cc581bbb3e3789314f133b1848cd418242c5672477dfabe5f16af44d

SHA512
f1ba9e5ab70bd0471eb6ad73866a9a8b855eef95d3acc309f41ff1e99f11163c3a0bd61277d3b18b18cd35ebc9665ee2b9ae8fcad6988170bf69f785f54183a4

Download Submit
C:\Program Files (x86)\DVDFab Downloader\DVDFab Downloader.exe
Filesize
11.1MB

MD5
067959ec65e4f72b484332da0bb80812

SHA1
e3b12632da7e0a4321966cb759b736f2d230059a

SHA256
b92f2400cc581bbb3e3789314f133b1848cd418242c5672477dfabe5f16af44d

SHA512
f1ba9e5ab70bd0471eb6ad73866a9a8b855eef95d3acc309f41ff1e99f11163c3a0bd61277d3b18b18cd35ebc9665ee2b9ae8fcad6988170bf69f785f54183a4

Download Submit
C:\Program Files (x86)\DVDFab Downloader\LIBEAY32.dll
Filesize
1.2MB

MD5
67fdf922a35b3ec0b607f87985926730

SHA1
3667ceddd985f7d720108276038666c619ee219a

SHA256
773468cb5e1dfdcb70974b2537170871e6a31379323cab8a8be68d1b14ca10b0

SHA512
169822be70705cef14c13cc279e3e5993b6da9cea01604032074bd58803acd5aa4ab359fbb40613c7919e3f7c4a229f23ff49d2a7ad76f78100b6d6714edfb2a

Download Submit
C:\Program Files (x86)\DVDFab Downloader\MSVCP140.dll
Filesize
439KB

MD5
ae1ca6f2ff8f0824e7bde921265c3e89

SHA1
1d054b34665fba895a4612ae141cee5f994a40d5

SHA256
4518d0b0d11c462fcc97156bfab338512c5c4a0da17db032cb365b2fc74448f2

SHA512
976277d328e3032b08e068e39b64be1ec7fd1566979f6eead138a07b6b2dab7652f09fe5171ada107f56b9ed841dcc5aa61ac9a0b08b7e753bf6397d13976805

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Core.dll
Filesize
4.9MB

MD5
98c0e98be71aec6733f014b938991bd2

SHA1
93fa97561542d2ce05c52dcbe1a5121e4b49c86e

SHA256
ccbe74cf22c52781dbe36a29db6c6393c33c645227d746d4fe4ef648580455ac

SHA512
3c951a2f64a968c36da627cbfc3334d8a1c446769a9113d81469706edef99a0c36e0e037f13a6a5f5199738fd33562560449a0481a41617bea897825437ba08d

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Core.dll
Filesize
4.9MB

MD5
98c0e98be71aec6733f014b938991bd2

SHA1
93fa97561542d2ce05c52dcbe1a5121e4b49c86e

SHA256
ccbe74cf22c52781dbe36a29db6c6393c33c645227d746d4fe4ef648580455ac

SHA512
3c951a2f64a968c36da627cbfc3334d8a1c446769a9113d81469706edef99a0c36e0e037f13a6a5f5199738fd33562560449a0481a41617bea897825437ba08d

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Gui.dll
Filesize
5.1MB

MD5
d3e21d1e5026bd339e779ee25fe72f7d

SHA1
b34f5f700de519bfcca0064364d766773d7ffe61

SHA256
9f51d202d77c322e13b6a49ddf663be8ceee659167743af87eece3442d47e818

SHA512
90c5dd952bf05fbb5e4b078348017476d833ebb871f935b9c13f7ec2c8d11060eeff33745610ac150ff86b592b87e81f469d69ccec0698d9336c85cf6679b0a7

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Gui.dll
Filesize
5.1MB

MD5
d3e21d1e5026bd339e779ee25fe72f7d

SHA1
b34f5f700de519bfcca0064364d766773d7ffe61

SHA256
9f51d202d77c322e13b6a49ddf663be8ceee659167743af87eece3442d47e818

SHA512
90c5dd952bf05fbb5e4b078348017476d833ebb871f935b9c13f7ec2c8d11060eeff33745610ac150ff86b592b87e81f469d69ccec0698d9336c85cf6679b0a7

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Network.dll
Filesize
1.0MB

MD5
ca4d919105dd3e2f3c34d4c0306d7a59

SHA1
9a99c96f2c61835c0d6f93e000f3a6e186e17152

SHA256
663178951fc5116077055e3e5431f0b2a60e7213cefc078efcfa309fd0425e04

SHA512
cdbb81e6fc6122d5ded6efd6cba94b0d17f4bea209139455ddd712af194a1d4a8bcf9669209a86e2f1bf4afba4b821d0ba23c1a3f0dae41493ae96c9bbd954fd

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Network.dll
Filesize
1.0MB

MD5
ca4d919105dd3e2f3c34d4c0306d7a59

SHA1
9a99c96f2c61835c0d6f93e000f3a6e186e17152

SHA256
663178951fc5116077055e3e5431f0b2a60e7213cefc078efcfa309fd0425e04

SHA512
cdbb81e6fc6122d5ded6efd6cba94b0d17f4bea209139455ddd712af194a1d4a8bcf9669209a86e2f1bf4afba4b821d0ba23c1a3f0dae41493ae96c9bbd954fd

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Widgets.dll
Filesize
4.3MB

MD5
1487cd890a497f9f98243d86774f4dff

SHA1
fe0468501afdc7d294fea3c156dc6f2b5f48cb49

SHA256
c1ae2210a17fa2aefb879404a6eb26a307495bf578c1a49387be44a2036a2384

SHA512
4071645abcedff1452726dd75fceedf177948f3cd17f9268605dca53ed5bf4f085fe154f41e0420b83ff7c59817e193f8733eeee01d8dc9405a15c5998a4a2a9

Download Submit
C:\Program Files (x86)\DVDFab Downloader\Qt5Widgets.dll
Filesize
4.3MB

MD5
1487cd890a497f9f98243d86774f4dff

SHA1
fe0468501afdc7d294fea3c156dc6f2b5f48cb49

SHA256
c1ae2210a17fa2aefb879404a6eb26a307495bf578c1a49387be44a2036a2384

SHA512
4071645abcedff1452726dd75fceedf177948f3cd17f9268605dca53ed5bf4f085fe154f41e0420b83ff7c59817e193f8733eeee01d8dc9405a15c5998a4a2a9

Download Submit
C:\Program Files (x86)\DVDFab Downloader\SSLEAY32.dll
Filesize
275KB

MD5
75fb8b879d9d43cc82e8e1d1686d6aff

SHA1
8b45b6cbd6492d185a7860c66cbac6baf8a6917c

SHA256
9e9c420100c21db4b344d8bf1afaf517238faae0beeb36619eececd6597e80ee

SHA512
5dc83dccddfb32536c7a54dc357ff5d05421552748b28c09a54a42c7d72715e6027b6840046a09c62c89ec8e4e6ad776be8c09e1a4348844c0705b0226d10bc3

Download Submit
C:\Program Files (x86)\DVDFab Downloader\VCRUNTIME140.dll
Filesize
78KB

MD5
a3677cdbe6b4e6d57e2927b53d105ac7

SHA1
b5fc836566ee64df6995bc30ded944fe69f8c243

SHA256
1af1a4dd8a5b5f7b7654cb7044e4acb727568ac26fbb353343e0e670f2610330

SHA512
948588e73d0943aa4c1a6bcb5d39415e30da6337575eee3e1eaf40746c3febacd751f8ef612503f4149fe3bf8662ecbe41196523f172ef7505a846c49beea7cb

Download Submit
C:\Program Files (x86)\DVDFab Downloader\VMProtectSDK32.dll
Filesize
68KB

MD5
1924db6d1e23f11e3067f76b9f10416a

SHA1
fbc397f52953921b2b05968e1dd343892c30b7a4

SHA256
934c029e4680044f6f8b52402382da8c832e30001593a772e9429af24b787daa

SHA512
af9642a2be644ebed232ed9100e87893c1057e5fe6900777e8c37f52bd93672814b7df22f64352fff455f20d2f2f6acb817e82981025ba562d6cfe25396ae1d0

Download Submit
C:\Program Files (x86)\DVDFab Downloader\VMProtectSDK32.dll
Filesize
68KB

MD5
1924db6d1e23f11e3067f76b9f10416a

SHA1
fbc397f52953921b2b05968e1dd343892c30b7a4

SHA256
934c029e4680044f6f8b52402382da8c832e30001593a772e9429af24b787daa

SHA512
af9642a2be644ebed232ed9100e87893c1057e5fe6900777e8c37f52bd93672814b7df22f64352fff455f20d2f2f6acb817e82981025ba562d6cfe25396ae1d0

Download Submit
C:\Program Files (x86)\DVDFab Downloader\avcodec-58.dll
Filesize
39.1MB

MD5
295147f4d1721e93b2c1824a90d9477a

SHA1
96eb5ae0c86d567cf2a34263ea42473d2461136b

SHA256
07e78208da19f950f5aa408c9fd2f3fa06bc57dd762b7d869e0d7d1edebb2711

SHA512
9db75b1d07608c567234c8a18642fb197f995784119a86dfd74905eaf5b7adc1967fe675f636cee018d193b441a1f63f8d35e1668f420f3a298fc72cfdf8e013

Download Submit
C:\Program Files (x86)\DVDFab Downloader\avcodec-58.dll
Filesize
39.1MB

MD5
295147f4d1721e93b2c1824a90d9477a

SHA1
96eb5ae0c86d567cf2a34263ea42473d2461136b

SHA256
07e78208da19f950f5aa408c9fd2f3fa06bc57dd762b7d869e0d7d1edebb2711

SHA512
9db75b1d07608c567234c8a18642fb197f995784119a86dfd74905eaf5b7adc1967fe675f636cee018d193b441a1f63f8d35e1668f420f3a298fc72cfdf8e013

Download Submit
C:\Program Files (x86)\DVDFab Downloader\avformat-58.dll
Filesize
10.7MB

MD5
ce1e722eeec342a84a58098d0200a211

SHA1
eafd3121d1f4a1d4f7262c5be4b8b89963331c5c

SHA256
e367ed9b498552986bcbc5b99188f1d6d20067e00430e5a04f531c184f03961d

SHA512
6ecf2aba1fda7f4fc9e99bb4734cea019713a1354ccdabf8c9baaa17d84c0e96c7f06f86ba3fbd5ffa7efbbe8ec27f016513a7cfc7eab4c2952cde477eedb7f5

Download Submit
C:\Program Files (x86)\DVDFab Downloader\avformat-58.dll
Filesize
10.7MB

MD5
ce1e722eeec342a84a58098d0200a211

SHA1
eafd3121d1f4a1d4f7262c5be4b8b89963331c5c

SHA256
e367ed9b498552986bcbc5b99188f1d6d20067e00430e5a04f531c184f03961d

SHA512
6ecf2aba1fda7f4fc9e99bb4734cea019713a1354ccdabf8c9baaa17d84c0e96c7f06f86ba3fbd5ffa7efbbe8ec27f016513a7cfc7eab4c2952cde477eedb7f5

Download Submit
C:\Program Files (x86)\DVDFab Downloader\avutil-56.dll
Filesize
804KB

MD5
60ead33afa27dc9c347e715170cda215

SHA1
9e8ee07a7ea2d518a1143e49a4d471fe25b32711

SHA256
86c71810c584048c9c8c39c76374349e42c50c36c2945afaadca572770b93c51

SHA512
879abee6782e9752d81402f17c259575c5b43b81828379b897ba61591bae51ccc1672f3598152916e6b065ff4bce28f28aef292d7110adb81ac9d821e445ac23

Download Submit
C:\Program Files (x86)\DVDFab Downloader\avutil-56.dll
Filesize
804KB

MD5
60ead33afa27dc9c347e715170cda215

SHA1
9e8ee07a7ea2d518a1143e49a4d471fe25b32711

SHA256
86c71810c584048c9c8c39c76374349e42c50c36c2945afaadca572770b93c51

SHA512
879abee6782e9752d81402f17c259575c5b43b81828379b897ba61591bae51ccc1672f3598152916e6b065ff4bce28f28aef292d7110adb81ac9d821e445ac23

Download Submit
C:\Program Files (x86)\DVDFab Downloader\chrome_elf.dll
Filesize
822KB

MD5
ec97c9df6d9aadca2cf2530a21a1dea2

SHA1
c412f71f862a50a93d26daad007475669ff14252

SHA256
ea8be3c1c33654cbb7779b8492b9d1aeff4d2a591f09a78e6b6512437ed2f29f

SHA512
c499e59032d63d2ab972e12bf0d4792b05b44e659ca5bfda0ea59832b8e8299a342049a7ca53d8a3752ca9119aff6e5683af4d1ee1df8552796294df2d45e367

Download Submit
C:\Program Files (x86)\DVDFab Downloader\chrome_elf.dll
Filesize
822KB

MD5
ec97c9df6d9aadca2cf2530a21a1dea2

SHA1
c412f71f862a50a93d26daad007475669ff14252

SHA256
ea8be3c1c33654cbb7779b8492b9d1aeff4d2a591f09a78e6b6512437ed2f29f

SHA512
c499e59032d63d2ab972e12bf0d4792b05b44e659ca5bfda0ea59832b8e8299a342049a7ca53d8a3752ca9119aff6e5683af4d1ee1df8552796294df2d45e367

Download Submit
C:\Program Files (x86)\DVDFab Downloader\com.dvdfab.downloader.firefox.json
Filesize
249B

MD5
156dfb692c0c8fdf9b9037ee214f48c4

SHA1
94ac89cc3a9fc8870977f1019fb71bb89e942ce7

SHA256
5b7aa6894e6ab7adc42ee203a5526ba59fa11a07700ae32a5ca8a34ea7e35e98

SHA512
d58ff18daaeda6b62351bc37571c1a225c4cf868b0cad2eb6cf652e15ac3a833967f22713b8f5917f8f90aacd1461f639b6c03dd28ab4f31d9610a5a09b647c9

Download Submit
C:\Program Files (x86)\DVDFab Downloader\com.dvdfab.downloader.json
Filesize
352B

MD5
dd4ea114cceaba22fd4f9cac7cc276af

SHA1
60f00d6592ead87954476eabf9d5600225c4374c

SHA256
f4b46509e859e759dc6618ab984d04ea1c4f4c970e4ae79448fd454620e9ba6a

SHA512
877d36c1270584464250b957bf0f6d64f023f9a59e6ceae710557205932cd889e36fffc3cd99a8b08616b5abe6029a1a2ece0fe10dbafab4f96e15cddfeb932b

Download Submit
C:\Program Files (x86)\DVDFab Downloader\dbghelp.dll
Filesize
1.0MB

MD5
84ee40783263644246606631870d8062

SHA1
dca78d1af64240ff47496498236b6782d0a43789

SHA256
7df81ec9897c8e828a16371dcbf55659a464ba308f50112921a893bb1106be42

SHA512
cc2d5ccb3c1a8e4ae1a413d4363a00694456ca566fd2b89a5fa297d2f2e1be385022c5aa56fcbd2563420097d627511c5e3c2e54bb06b4085fa43e7c8b44ee5d

Download Submit
C:\Program Files (x86)\DVDFab Downloader\dbghelp.dll
Filesize
1.0MB

MD5
84ee40783263644246606631870d8062

SHA1
dca78d1af64240ff47496498236b6782d0a43789

SHA256
7df81ec9897c8e828a16371dcbf55659a464ba308f50112921a893bb1106be42

SHA512
cc2d5ccb3c1a8e4ae1a413d4363a00694456ca566fd2b89a5fa297d2f2e1be385022c5aa56fcbd2563420097d627511c5e3c2e54bb06b4085fa43e7c8b44ee5d

Download Submit
C:\Program Files (x86)\DVDFab Downloader\libcef.dll
Filesize
45.5MB

MD5
b37482c5c8aed0823157644a6c723540

SHA1
1567c22f5f2f46286c67c1fa48f09de5db546df8

SHA256
dfb2e0d88daaf4feea3f8e22ed8c0d0cf99c8de16bddba11a83b27e5d91158f5

SHA512
c50adf0d6ab975423f0b68970a8b72be65447ac2114e20162b6a7d4fab7c22ff557303ff04ea16c8af2aaebdda5cae72fab3898a85ef2a623fa12d717df29fd8

Download Submit
C:\Program Files (x86)\DVDFab Downloader\libcef.dll
Filesize
45.1MB

MD5
2a0abcda20391f57f6b5222fcc5ae589

SHA1
98a51698ba0e2577c80ad4161ef2b746a5514016

SHA256
738aca52242efffd55ca50f083b0620d703e677eeb42ebcb943880d28af92c36

SHA512
083aea49a161987f0e531d3eacf051a8d16f1fc6071c11c03431796d3e26ecddefb71dab095d4cc334da2017902f4164b510a54eeacdd7b28b5fdced5f7f47c1

Download Submit
C:\Program Files (x86)\DVDFab Downloader\libcurl.dll
Filesize
348KB

MD5
e2d53b421ce05e70f4be6360e14b8b7b

SHA1
ec8edb7be6b98796132af756b0f340ed83c66881

SHA256
f59ab531915de96965bf39c9395c18df3f21c392f984c15a29bbd2716bded382

SHA512
d79cb57b81aaceb7f32aaffffeb709d2ea0d27752b7f767f0b544246dfc103ee82b81e564a222a1e3e1260aa05cf99b7e8abba818dd3a736620a5864ca879e0d

Download Submit
C:\Program Files (x86)\DVDFab Downloader\libcurl.dll
Filesize
348KB

MD5
e2d53b421ce05e70f4be6360e14b8b7b

SHA1
ec8edb7be6b98796132af756b0f340ed83c66881

SHA256
f59ab531915de96965bf39c9395c18df3f21c392f984c15a29bbd2716bded382

SHA512
d79cb57b81aaceb7f32aaffffeb709d2ea0d27752b7f767f0b544246dfc103ee82b81e564a222a1e3e1260aa05cf99b7e8abba818dd3a736620a5864ca879e0d

Download Submit
C:\Program Files (x86)\DVDFab Downloader\libeay32.dll
Filesize
1.2MB

MD5
67fdf922a35b3ec0b607f87985926730

SHA1
3667ceddd985f7d720108276038666c619ee219a

SHA256
773468cb5e1dfdcb70974b2537170871e6a31379323cab8a8be68d1b14ca10b0

SHA512
169822be70705cef14c13cc279e3e5993b6da9cea01604032074bd58803acd5aa4ab359fbb40613c7919e3f7c4a229f23ff49d2a7ad76f78100b6d6714edfb2a

Download Submit
C:\Program Files (x86)\DVDFab Downloader\msvcp140.dll
Filesize
439KB

MD5
ae1ca6f2ff8f0824e7bde921265c3e89

SHA1
1d054b34665fba895a4612ae141cee5f994a40d5

SHA256
4518d0b0d11c462fcc97156bfab338512c5c4a0da17db032cb365b2fc74448f2

SHA512
976277d328e3032b08e068e39b64be1ec7fd1566979f6eead138a07b6b2dab7652f09fe5171ada107f56b9ed841dcc5aa61ac9a0b08b7e753bf6397d13976805

Download Submit
C:\Program Files (x86)\DVDFab Downloader\msvcp140.dll
Filesize
439KB

MD5
ae1ca6f2ff8f0824e7bde921265c3e89

SHA1
1d054b34665fba895a4612ae141cee5f994a40d5

SHA256
4518d0b0d11c462fcc97156bfab338512c5c4a0da17db032cb365b2fc74448f2

SHA512
976277d328e3032b08e068e39b64be1ec7fd1566979f6eead138a07b6b2dab7652f09fe5171ada107f56b9ed841dcc5aa61ac9a0b08b7e753bf6397d13976805

Download Submit
C:\Program Files (x86)\DVDFab Downloader\my_resource\website_home\css\style.css
Filesize
6KB

MD5
7ad2c65254f2500ea603c80c1f33073b

SHA1
f909769560863139b367cb73757dea2a629702f1

SHA256
cf620efb75ea748796708935e81bb0fb898ead3414bdf86ff1ef26403d10e2af

SHA512
33cd606c4045a3767384b9cedc8c7f945dcc9e9c4a7a4930dc4bcb0826242b880d925e2e2a7e9cc1dece0a98c3a1964e61f80fc852ada69b47fe36278fc1fdab

Download Submit
C:\Program Files (x86)\DVDFab Downloader\my_resource\website_home\imgs\audible.png
Filesize
731B

MD5
5471bf64c701620f6338cb53fcbedcd9

SHA1
192b9327fc7616b97be17844be9e7ddb336042af

SHA256
d55ee31c9a022421bd6f0427d150dc94cdaa28d43c077b93fd870064046020dc

SHA512
e7c794d0556d9cb9e991702336f9116bfe879288c0a62efe7e748c1c843ed3b90a4f35483bfc5d39d394ec0d600cb43eaee2a7dc48a02b073ecf7abd0855021a

Download Submit
C:\Program Files (x86)\DVDFab Downloader\my_resource\website_home\imgs\bbc.png
Filesize
503B

MD5
cefcce763d93d9fcade42c0eb7644498

SHA1
050a96ecdeb8cb8a5dede1126b67f1976476e8da

SHA256
218eb71f8a4b6cd56cc33b4d76fac9ec694ee78cf4a05ce01a73e92895f0b967

SHA512
6a564cdc758127a7b0426bd88c6ce97f1350fefcc70425b3b642ff4db9a7f8570c177fe24f158309304a13af8246a07ed972a3d0c8b9e7b90930caa180acc60a

Download Submit
C:\Program Files (x86)\DVDFab Downloader\my_resource\website_home\imgs\facebook.png
Filesize
347B

MD5
1b2821fff281e9491c0206f40ffc24e6

SHA1
f940aeaaad604bd72df26b4ddeadfd8801c4f075

SHA256
77e7f26fb48321505ca37e925e0586da2bbcc813f1373f2116f0eb0f2aa2375f

SHA512
e925fdf30752927e769271a9c7431fb06d26b1ee2030d4fb3ec49f134c571a85ed084a132852e5065de7fd5a28ab96eac2d973a7151e10da5e3e6a151b0dccb1

Download Submit
C:\Program Files (x86)\DVDFab Downloader\my_resource\website_home\imgs\icon.png
Filesize
3KB

MD5
5ab70ddc4c532aa9286904a2c345e7dc

SHA1
6235fb0f399103f9c885ca741d76d5e26db9d79c

SHA256
33ca4eda1389b09205b624903e86a207dc58133d10a7ba0bbb7a4ba812002eff

SHA512
70256a8cc6cb0283c252ebc2e6e4c4b2291065dacf38f30b7856ddfc18cefcbc0f2c1a4c65f69db1ef79ac5ab55351d8fa3cf589db15e8d97621a4711fde446b

Download Submit
C:\Program Files (x86)\DVDFab Downloader\platforms\qminimal.dll
Filesize
680KB

MD5
e0058f66e2961f778c68261e2c459e91

SHA1
4eb3d152966a16ea1abc7a9626058f7e4345fb5b

SHA256
c83c66b05aba6ea4a867e42988f7b8ae168682cdba53e714d687f1ec75283189

SHA512
6187b20a329300c1ed72366d0e0d50dd457e1c8c08c8394c07ecfb007fb2358af486341443933b5f58cc2b2bc2e6ac23f64aed843bd1c8a9604de619d471b96e

Download Submit
C:\Program Files (x86)\DVDFab Downloader\platforms\qoffscreen.dll
Filesize
604KB

MD5
cfbaec7844ef5939e26f843607ad0f9f

SHA1
ee47fb1c1e4cb355634f6ff5ea9233b0b7f0c464

SHA256
3bbc4b9ec7a00ffec8dab23e8680a70fbaa4aa0cdf4f1ab3b8ad4be744f88596

SHA512
e0dce922440cd61e7a6d273929626500e7a22ec296f711d5f1e852adccbd1cfc16f29d66f3c6353341a5ab8a7b52cfa7093fade2d7b00b52799cd83fe0e86bc4

Download Submit
C:\Program Files (x86)\DVDFab Downloader\platforms\qwebgl.dll
Filesize
546KB

MD5
b0ea0eefd186e6a6ce060f9316038972

SHA1
c36daf29accff2a32f92f0e098d55a3af744e8bc

SHA256
9a964f47507f1939a655874a388ae36ebaa6dc95df7237e8ba43c6a48db7e61f

SHA512
66fa1fbaec8b6ccf2909591bc659fd41155fc1a7d1edb3415401f4a63fa66105d381a854551caed28e5b585bd216b1dbe9943b96c1c55cc6f70904e65784b58e

Download Submit
C:\Program Files (x86)\DVDFab Downloader\platforms\qwindows.dll
Filesize
1.2MB

MD5
d4dbe5bba78f6eb9783b211ca8a6e09c

SHA1
c01badcfac49fcede2d29c32ff21b08271ec5b65

SHA256
9fb913481f8a7b2fba4760ff38d4a1ebacc3fe7955fcb81d6f41f2903bfe8ff9

SHA512
b4b88f24ba3e0e6ce4c4d0e50363d3c049c284f5b346c69885ae812bea942c9ca8703d1e55408b9480db128c3d72d407cd6ad3efbbfc95701cc82f476f400657

Download Submit
C:\Program Files (x86)\DVDFab Downloader\platforms\qwindows.dll
Filesize
1.2MB

MD5
d4dbe5bba78f6eb9783b211ca8a6e09c

SHA1
c01badcfac49fcede2d29c32ff21b08271ec5b65

SHA256
9fb913481f8a7b2fba4760ff38d4a1ebacc3fe7955fcb81d6f41f2903bfe8ff9

SHA512
b4b88f24ba3e0e6ce4c4d0e50363d3c049c284f5b346c69885ae812bea942c9ca8703d1e55408b9480db128c3d72d407cd6ad3efbbfc95701cc82f476f400657

Download Submit
C:\Program Files (x86)\DVDFab Downloader\ssleay32.dll
Filesize
275KB

MD5
75fb8b879d9d43cc82e8e1d1686d6aff

SHA1
8b45b6cbd6492d185a7860c66cbac6baf8a6917c

SHA256
9e9c420100c21db4b344d8bf1afaf517238faae0beeb36619eececd6597e80ee

SHA512
5dc83dccddfb32536c7a54dc357ff5d05421552748b28c09a54a42c7d72715e6027b6840046a09c62c89ec8e4e6ad776be8c09e1a4348844c0705b0226d10bc3

Download Submit
C:\Program Files (x86)\DVDFab Downloader\styles\qwindowsvistastyle.dll
Filesize
125KB

MD5
092089e39f2743d38eeb594903bebe77

SHA1
e0d4af37cd50e2f263af7b5a4aee5cf03494ee31

SHA256
406364064d82ec2773f6d48cbe7250d72e8407265e2a2fb50d4be6ad792a868a

SHA512
4620082bd921f3549bb64af5a03a9f90106f753e640ba8d712ed2fc4d907c1155c077ea960b40ec18fc6ae70faa9d45f2db913669a9c4dead3ab059f2d291570

Download Submit
C:\Program Files (x86)\DVDFab Downloader\styles\qwindowsvistastyle.dll
Filesize
125KB

MD5
092089e39f2743d38eeb594903bebe77

SHA1
e0d4af37cd50e2f263af7b5a4aee5cf03494ee31

SHA256
406364064d82ec2773f6d48cbe7250d72e8407265e2a2fb50d4be6ad792a868a

SHA512
4620082bd921f3549bb64af5a03a9f90106f753e640ba8d712ed2fc4d907c1155c077ea960b40ec18fc6ae70faa9d45f2db913669a9c4dead3ab059f2d291570

Download Submit
C:\Program Files (x86)\DVDFab Downloader\styles\qwindowsvistastyled.dll
Filesize
302KB

MD5
2d25ad7b99a982cbea55f2d05f9e6630

SHA1
d178209a43b506cbcbf62d13e2d9cd82da9a38d4

SHA256
b4d9f963c7887a761514c1f5857c139e5fbc49af5a8dd3027fddb54735b6bc26

SHA512
1d20054ed243fa6ffe412dde26d1faa8b90665aca490070fb0908b0d62686ec73c29f935fa6272714a827238b2eccf2bd65b55a3f3bded9d738d984cfe4a0e09

Download Submit
C:\Program Files (x86)\DVDFab Downloader\swresample-3.dll
Filesize
323KB

MD5
33368c2d4ecfcd440d8258c515cf188a

SHA1
09996430d47775599c63ca235b07f442cc44d498

SHA256
b359894387748ac97b535c8931370976f8a4b53029d4673f0ae6ef3020f13854

SHA512
1b6005febd7a2c3274a7608697864156d4408d9462a621e8fd9c3f74b5b563311332a4e0adddaf2ff2691e084015db1543ce3596df049c89f53117de2fea5295

Download Submit
C:\Program Files (x86)\DVDFab Downloader\swresample-3.dll
Filesize
323KB

MD5
33368c2d4ecfcd440d8258c515cf188a

SHA1
09996430d47775599c63ca235b07f442cc44d498

SHA256
b359894387748ac97b535c8931370976f8a4b53029d4673f0ae6ef3020f13854

SHA512
1b6005febd7a2c3274a7608697864156d4408d9462a621e8fd9c3f74b5b563311332a4e0adddaf2ff2691e084015db1543ce3596df049c89f53117de2fea5295

Download Submit
C:\Program Files (x86)\DVDFab Downloader\vcruntime140.dll
Filesize
78KB

MD5
a3677cdbe6b4e6d57e2927b53d105ac7

SHA1
b5fc836566ee64df6995bc30ded944fe69f8c243

SHA256
1af1a4dd8a5b5f7b7654cb7044e4acb727568ac26fbb353343e0e670f2610330

SHA512
948588e73d0943aa4c1a6bcb5d39415e30da6337575eee3e1eaf40746c3febacd751f8ef612503f4149fe3bf8662ecbe41196523f172ef7505a846c49beea7cb

Download Submit
C:\Program Files (x86)\DVDFab Downloader\zlib.dll
Filesize
71KB

MD5
248cd42db8ef98adcaf91a60ca3558bf

SHA1
fda5ef90fe575d3a96aa5f4db50940dc6da12552

SHA256
473bd94e83ce765f01e7400ad4c6ba881385d44428729f88aab4f6ee863f78de

SHA512
5a0087effeb79286cc49451b804a537fc566b46d11e0408f424fe148d27f30a2c172317eac4de9771bfe40210f01ec4f01ad5e1a4e454556095dd6a981a17de2

Download Submit
C:\Program Files (x86)\DVDFab Downloader\zlib.dll
Filesize
71KB

MD5
248cd42db8ef98adcaf91a60ca3558bf

SHA1
fda5ef90fe575d3a96aa5f4db50940dc6da12552

SHA256
473bd94e83ce765f01e7400ad4c6ba881385d44428729f88aab4f6ee863f78de

SHA512
5a0087effeb79286cc49451b804a537fc566b46d11e0408f424fe148d27f30a2c172317eac4de9771bfe40210f01ec4f01ad5e1a4e454556095dd6a981a17de2

Download Submit
\??\pipe\LOCAL\crashpad_2316_CJKEKISEBYKCSPBN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/376-213-0x0000000000000000-mapping.dmp

Download
memory/1084-196-0x0000000071620000-0x000000007168F000-memory.dmp

Filesize
444KB

Download
memory/1084-218-0x0000000075820000-0x0000000075845000-memory.dmp

Filesize
148KB

Download
memory/1084-194-0x0000000072930000-0x0000000072E19000-memory.dmp

Filesize
4.9MB

Download
memory/1084-195-0x0000000075FC0000-0x000000007603A000-memory.dmp

Filesize
488KB

Download
memory/1084-181-0x0000000000C00000-0x000000000171A000-memory.dmp

Filesize
11.1MB

Download
memory/1084-197-0x0000000072400000-0x000000007292A000-memory.dmp

Filesize
5.2MB

Download
memory/1084-198-0x0000000073B70000-0x0000000073C74000-memory.dmp

Filesize
1.0MB

Download
memory/1084-199-0x0000000073710000-0x0000000073B69000-memory.dmp

Filesize
4.3MB

Download
memory/1084-200-0x000000006DFE0000-0x000000006E115000-memory.dmp

Filesize
1.2MB

Download
memory/1084-201-0x000000006DF90000-0x000000006DFD9000-memory.dmp

Filesize
292KB

Download
memory/1084-202-0x00000000717F0000-0x000000007184A000-memory.dmp

Filesize
360KB

Download
memory/1084-203-0x000000006E120000-0x000000006E1AD000-memory.dmp

Filesize
564KB

Download
memory/1084-205-0x0000000010000000-0x0000000010049000-memory.dmp

Filesize
292KB

Download
memory/1084-132-0x0000000000000000-mapping.dmp

Download
memory/1084-206-0x0000000000C00000-0x000000000171A000-memory.dmp

Filesize
11.1MB

Download
memory/1084-180-0x0000000000C00000-0x000000000171A000-memory.dmp

Filesize
11.1MB

Download
memory/1084-210-0x00000000716D0000-0x00000000717EE000-memory.dmp

Filesize
1.1MB

Download
memory/1084-217-0x0000000065F40000-0x00000000660CF000-memory.dmp

Filesize
1.6MB

Download
memory/1084-212-0x0000000071690000-0x00000000716A6000-memory.dmp

Filesize
88KB

Download
memory/1084-214-0x0000000066A30000-0x0000000067A30000-memory.dmp

Filesize
16.0MB

Download
memory/1168-175-0x0000000000000000-mapping.dmp

Download
memory/1960-226-0x0000000000000000-mapping.dmp

Download
memory/2248-131-0x0000000000000000-mapping.dmp

Download
memory/2316-130-0x0000000000000000-mapping.dmp

Download
memory/3044-185-0x0000000000000000-mapping.dmp

Download
memory/3392-207-0x0000000000000000-mapping.dmp

Download
memory/4020-183-0x0000000000000000-mapping.dmp

Download
memory/4100-173-0x0000000000000000-mapping.dmp

Download
memory/4112-172-0x0000000000000000-mapping.dmp

Download
memory/4188-209-0x0000000000000000-mapping.dmp

Download
memory/4208-216-0x0000000000000000-mapping.dmp

Download