f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93

Analysis

max time kernel
151s
max time network
165s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
Size

3.7MB
MD5

1c8054d7d73121f37440aec3f18f0b31
SHA1

4a5c4f00eeb5ba43a108924e577cf47eb963ca4c
SHA256

f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93
SHA512

2baa7f62fd68df2daad50edc72a879f95ad6a6fe79639c5b70f88b5d64699d1f90d033aa3c4a840a84e302d0ef6fd535759c2895f698a872fe3989c245ffb2db
SSDEEP

98304:pXbYse0bLs2VNrt5/nLQOBualSyhFKNGpM0WT+4JJ/:RbYrYLfNrbfBdlSyhFVMpl/

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
1356	FHSev.exe
392	fm4.exe
1224	fm4svr.exe
1612	FHSev.exe
1732	FHSev.exe
1204	FHSev.exe
1676	fm4svr.exe

Loads dropped DLL 17 IoCs

pid	Process
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
392	fm4.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
392	fm4.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\FM4.0_202211261221 = "\"C:\\Program Files (x86)\\FM4.0\\202211261221\\fm4.exe\" -mini"	fm4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\FM4.0_News_202211261221 = "\"C:\\Program Files (x86)\\FM4.0\\202211261221\\fm4svr.exe\" -mini"	fm4.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	FHSev.exe

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\avformat-54.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\client.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\libav.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\avutil-52.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\Data\setup.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\setup.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\DuiLib.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\SysConfig.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\user2.ini	fm4.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\SysConfig.ini	fm4.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\audio.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\channels.xml	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\channels.xml	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\favorfm.xml	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\audio.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\avcodec-54.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\avutil-52.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\avcore.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\Data\version.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\pthreadGC2.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\swresample-0.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\avcodec-54.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\avcore.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\avformat-54.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\Data\client.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\dh.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\DuiLib.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\pthreadGC2.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\Unins.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Unins.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\client.ini	fm4.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\favorfm.xml	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\fm4.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\source.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\source.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\user2.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\Data\dh.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\version.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\fm4.exe	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\libav.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File created	C:\Program Files (x86)\FM4.0\202211261221\swresample-0.dll	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\SysConfig.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
File opened for modification	C:\Program Files (x86)\FM4.0\202211261221\Data\Setup.ini	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	FHSev.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	FHSev.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	FHSev.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
1356	FHSev.exe
1612	FHSev.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
Token: SeDebugPrivilege	1356	FHSev.exe
Token: SeDebugPrivilege	1224	fm4svr.exe
Token: SeDebugPrivilege	1612	FHSev.exe
Token: SeDebugPrivilege	1732	FHSev.exe
Token: SeDebugPrivilege	1204	FHSev.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
392	fm4.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
392	fm4.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1224	fm4svr.exe
1224	fm4svr.exe
1224	fm4svr.exe
1676	fm4svr.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1356	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	30
PID 2028 wrote to memory of 1356	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	30
PID 2028 wrote to memory of 1356	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	30
PID 2028 wrote to memory of 1356	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	30
PID 2028 wrote to memory of 392	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	31
PID 2028 wrote to memory of 392	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	31
PID 2028 wrote to memory of 392	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	31
PID 2028 wrote to memory of 392	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	31
PID 2028 wrote to memory of 1224	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	32
PID 2028 wrote to memory of 1224	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	32
PID 2028 wrote to memory of 1224	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	32
PID 2028 wrote to memory of 1224	2028	f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe	32
PID 392 wrote to memory of 1612	392	fm4.exe	33
PID 392 wrote to memory of 1612	392	fm4.exe	33
PID 392 wrote to memory of 1612	392	fm4.exe	33
PID 392 wrote to memory of 1612	392	fm4.exe	33
PID 392 wrote to memory of 1732	392	fm4.exe	34
PID 392 wrote to memory of 1732	392	fm4.exe	34
PID 392 wrote to memory of 1732	392	fm4.exe	34
PID 392 wrote to memory of 1732	392	fm4.exe	34
PID 392 wrote to memory of 1676	392	fm4.exe	37
PID 392 wrote to memory of 1676	392	fm4.exe	37
PID 392 wrote to memory of 1676	392	fm4.exe	37
PID 392 wrote to memory of 1676	392	fm4.exe	37

C:\Users\Admin\AppData\Local\Temp\f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe
"C:\Users\Admin\AppData\Local\Temp\f55ed6e0ca5b439c7b2b1bad94ec6ea639a8932c5cb64d9d9bdaf5f4e5c18b93.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe
  "C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe" -unst
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1356
- C:\Program Files (x86)\FM4.0\202211261221\fm4.exe
  "C:\Program Files (x86)\FM4.0\202211261221\fm4.exe" -tuopan
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:392
- - C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe
    "C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe" -unst
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1612
- - C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe
    "C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe" -inst
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1732
- - C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe
    "C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
- C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe
  "C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1224

C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe
"C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe" -BG
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FM4.0\202211261221\Data\client.ini

Filesize
36B

MD5
2933cf2480bd8aad5814353782b2449e

SHA1
6318a6aed47cf1f53a558ed3104f8530f539e595

SHA256
9bd81720bf5d45b34fc95c9ac36a17d4fbe66ed6786c657d1eb6a1e5dc75d8f3

SHA512
976353f815561c4e80f435d07f9357c0317a65b0f984aad758091d3e5bd8bac14a539a9f4b44ba197dda7dc101cbb0aed67be84596c8303a30cba2c719fe9059

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\Data\dh.ini

Filesize
56B

MD5
22c7622b3667430abfa772ba95ccaae2

SHA1
66078748feae80eacab80815c8f9cc73d73dd94f

SHA256
ef08ded0e2134b13e2543242bab65a96af7bcd9064b74aa19cd52d126e32e409

SHA512
a873c555e3a033d1989917637e36f54fc2294b7a12bc05661d4a85cf2e5ae378ba1e7037718906952a44788ee5e77fb440122e593dc0996f7baaffd6028915f1

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\Data\setup.ini

Filesize
34B

MD5
3eb36494f1bc8f8c323e01beb01baa0e

SHA1
47caa4c9190dbb0f6716644b9447a071881ebf55

SHA256
7c3e501297508cd49a4ce587012ced88c8a5dc465e366f540bcc79a60da22522

SHA512
c5580041a43db41f184ea8682020c8800f655bc75f10669577638cbe073647b73fb399a55b636ecc6fa2c6050b56b3cb484ee247c9552dfe8cd59484dfc62cc0

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\Data\user2.ini

Filesize
24B

MD5
b23ed73928a7ef0459881e8e5972b5a7

SHA1
b2a1d9b269666a3a81c6de7e74574606c08b1e31

SHA256
190dc42966c26bfd6496a9dbd886c11eef526c84b8d279a3ce4888004e8b985a

SHA512
9097414c0cebeb78bc748b915bbc0060e8174db674fe24764f3496a891bbeab4f337502036dcbc77f305df3e250fa1d45c1b463750daf13355ba2b9acef1942b

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\Data\version.ini

Filesize
32B

MD5
8c6774b4116a9f03ccdafa00174ddc3f

SHA1
6c07131115981ecae3db2e77f9a821636b81e97c

SHA256
6611e5a6a96365d5d5533d062df94f60e9fade1924b42f65ea35ca83a23c4bf1

SHA512
2c67c1dc6624dd4f97a8065deefac0ece654087a83ad8ee6d633600827f7b40cd2d9b23b62d14059bd21ee56321b6ee5d7c270cb2586b3784877419bc5fbd8e6

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\DuiLib.dll

Filesize
457KB

MD5
c00935fa58f07e1912b5403e23b56a03

SHA1
06a481afb18d4004317c816bfa25f97ef520396b

SHA256
0ed58bf3c3b3a81c796ebbd22ddfbdf864090b37e5a6c337754eba71f644b742

SHA512
c87193b554f09ac656905643587d770115c010cc6d6271dd23af7d8f5157a3161616878bae13d92688d48c421c2c63c80cdf486653b141689096da495a992247

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe

Filesize
297KB

MD5
a6aa0ce59d41ae32aacb4870672abce0

SHA1
7c2a5e6c5d6f98e7644778b3f89fb619cb34131e

SHA256
54ba204384db2fa5742c11a655ecf77753b4b72fb255f048df7711dc7fc25b49

SHA512
76c4d44dbbbaee49ae04b63aea01420bc51002197c739210494847527e6a98d3925ea35dcf03e14bc9edcc437d7fd54592e8cf4ae50484d1b573974ccd949a82

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe

Filesize
297KB

MD5
a6aa0ce59d41ae32aacb4870672abce0

SHA1
7c2a5e6c5d6f98e7644778b3f89fb619cb34131e

SHA256
54ba204384db2fa5742c11a655ecf77753b4b72fb255f048df7711dc7fc25b49

SHA512
76c4d44dbbbaee49ae04b63aea01420bc51002197c739210494847527e6a98d3925ea35dcf03e14bc9edcc437d7fd54592e8cf4ae50484d1b573974ccd949a82

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe

Filesize
297KB

MD5
a6aa0ce59d41ae32aacb4870672abce0

SHA1
7c2a5e6c5d6f98e7644778b3f89fb619cb34131e

SHA256
54ba204384db2fa5742c11a655ecf77753b4b72fb255f048df7711dc7fc25b49

SHA512
76c4d44dbbbaee49ae04b63aea01420bc51002197c739210494847527e6a98d3925ea35dcf03e14bc9edcc437d7fd54592e8cf4ae50484d1b573974ccd949a82

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe

Filesize
297KB

MD5
a6aa0ce59d41ae32aacb4870672abce0

SHA1
7c2a5e6c5d6f98e7644778b3f89fb619cb34131e

SHA256
54ba204384db2fa5742c11a655ecf77753b4b72fb255f048df7711dc7fc25b49

SHA512
76c4d44dbbbaee49ae04b63aea01420bc51002197c739210494847527e6a98d3925ea35dcf03e14bc9edcc437d7fd54592e8cf4ae50484d1b573974ccd949a82

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\FHSev.exe

Filesize
297KB

MD5
a6aa0ce59d41ae32aacb4870672abce0

SHA1
7c2a5e6c5d6f98e7644778b3f89fb619cb34131e

SHA256
54ba204384db2fa5742c11a655ecf77753b4b72fb255f048df7711dc7fc25b49

SHA512
76c4d44dbbbaee49ae04b63aea01420bc51002197c739210494847527e6a98d3925ea35dcf03e14bc9edcc437d7fd54592e8cf4ae50484d1b573974ccd949a82

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\SysConfig.ini

Filesize
250B

MD5
d15c053fc5958aff21f5cefe52286c95

SHA1
d1685eab09b885f23e3babcd153273b99c052d3a

SHA256
4b680bea6e229affec5069cbf6b36d2b9f3f092248358e72964bf77d9abd6a2c

SHA512
bf34d673cacf46cf7c86a3d445b8977c8d242199ad4bc194ae93471e4fe264b1e8ab4153da9c5f0f80d8bdc470d5520bd8a14dcad44fe4cac2cf909cff4d2c68

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\audio.dll

Filesize
107KB

MD5
4e21252ab923193b4fda81e4565b5401

SHA1
518bb19e2acb6497a4ec8cd9579a0513495d095c

SHA256
cda9e420c9052bfa0f46a4e6fee9c9e31bcc7693975dbf74e664efd48f57cda0

SHA512
da4f62297f6235679e72d64258f731fc80e7a421aed422a2c1af7a42d5b08f843a3e76e9b4fc0eea5ffd3ff5e471585b503eb9e862dff42dd7befaa5aa7803e4

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\avcodec-54.dll

Filesize
685KB

MD5
626eb51c0d3de4ba871f04a9aca8c5d5

SHA1
34324ce03735777cf513bcf62ec316667a7b1b68

SHA256
bee8163966d61a4801711a18fb54b404ed8d9f6725f4a59c4a13d8d218ebec9f

SHA512
8bfea141b32ccbfa4439f051f076d18a92a32aa17e6af71c2f03ef35fc25b491dde7e9e0d61a1045dcbb1be66fc2ac9310ace0e36b149365af4017b5f4cfaea7

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\avcore.dll

Filesize
76KB

MD5
623fdb29b9965a145eb8bb40327c73a4

SHA1
f07ccf1c75f6647d5f6f21605b74fe841266ed71

SHA256
56133ea7a7435e63bbd392b01c15de9fa9b5112302beae655a76e9085071b196

SHA512
b3ce2997a336c27f70ed8532354c045345007b5850b656f5f647e46b61f49a834e71683a36fc7cbbe305745de2729c538356e09893a22b74a3c188508ae1beb2

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\avformat-54.dll

Filesize
350KB

MD5
41d743562a515aeea619f53ddabb0440

SHA1
bf7eddce5c8b4e463b167bf0a67b82020c2a11dd

SHA256
a04f94a2b0c433c05b6181f8bcd54bfaa942fec60f75dfb9578ecb4af85f3e69

SHA512
0c15f31078f078707fc2bc8b3f504934722aa6870e0c3e9f6500cc5002ce69c3eacd601865931b640428d5530f57cbc9ddbae6822546d618720589485c44eb9f

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\avutil-52.dll

Filesize
151KB

MD5
5c9f02d245994a48af6502be4b40cd1b

SHA1
2fab1d3034e76db67a923c60eb6bd99a96c116b4

SHA256
353bbac9987c8ac2aeea53c6c7680929389f0d9241d5195a8b53bd495d170b07

SHA512
e53f78325944fa7cc74fb1d7ae170a4cbf2720e41dd79a443ae3a84074a6fab6ab3889b1df60046662c4cb1480479b64b22fa922ab29291d1016e99a256bebe8

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\favorfm.xml

Filesize
440B

MD5
9e3ce143f272874a7df3e461c59b0535

SHA1
f1c845f4a6de66411c27a8db819ca3a09012f35a

SHA256
dc59227df83dd9d8f70f44821c2bd82464dde4d288f16515a24ddbfce39ae77d

SHA512
02ab49c0d89d2ad62a6a57004c2b7a2246a46355ef9a4b94e6979d7e51026b844faf5a1df6d83635b5ebcc056dc75a53a8bc66387648347347e200dd990a17c7

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\fm4.exe

Filesize
1.9MB

MD5
f02b692e92c1870071bfe7e7e2ff3948

SHA1
cc5193751bb5eb18722963b6bae9299c84c481fe

SHA256
d63cfc79ccde0405a37c59232f2fb133b2bc627573771b1eea86c38667098fad

SHA512
730162f3ededda60adc7cf1a14ed2ab24d09b3591e727eb41ccfb31607b513490956106a13e234e66af4d2141b4c2d55aa82574bd407e936ede41bec7ce6ecfd

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe

Filesize
676KB

MD5
d2dfe4ef36e03c9d18c333c3e754314a

SHA1
10a7cd54703e0a006ba809de524a5d1926f3e651

SHA256
c63c30f2c98f9c22dbaf30fd6115f854419cc64f48c25428c7eb0c853cc43a66

SHA512
5d4dd7e2850241f7fd744e85c41f5d59c8807c0cc3c0d53e41746e24db4861286f4051a0d15f3b5f6964a7526104a81e26446d4af34930ba64072631e4a82562

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe

Filesize
676KB

MD5
d2dfe4ef36e03c9d18c333c3e754314a

SHA1
10a7cd54703e0a006ba809de524a5d1926f3e651

SHA256
c63c30f2c98f9c22dbaf30fd6115f854419cc64f48c25428c7eb0c853cc43a66

SHA512
5d4dd7e2850241f7fd744e85c41f5d59c8807c0cc3c0d53e41746e24db4861286f4051a0d15f3b5f6964a7526104a81e26446d4af34930ba64072631e4a82562

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\fm4svr.exe

Filesize
676KB

MD5
d2dfe4ef36e03c9d18c333c3e754314a

SHA1
10a7cd54703e0a006ba809de524a5d1926f3e651

SHA256
c63c30f2c98f9c22dbaf30fd6115f854419cc64f48c25428c7eb0c853cc43a66

SHA512
5d4dd7e2850241f7fd744e85c41f5d59c8807c0cc3c0d53e41746e24db4861286f4051a0d15f3b5f6964a7526104a81e26446d4af34930ba64072631e4a82562

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\libav.dll

Filesize
170KB

MD5
d2f7b09bb01aee3366a531acbfe0f131

SHA1
066c5858ce4238bf44cedf4ef867a6695ce06094

SHA256
7fa294fb3ed18bc73320723f1141907873d46002f9f7294219f3ee4be95fa689

SHA512
5426a0d342230ae4757f97e5c74329e2f63cc92aa664010cdf574a983c85dfd1175aa0fe30de1f881c363532e62cc79f8b6768b4ec36c36af77078b252974be6

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\pthreadGC2.dll

Filesize
96KB

MD5
b82801876d49fb80044b84c142746efd

SHA1
7d73d31f40da9dc7070e0ff45d1ff0c389af4e09

SHA256
7e123eb3396e334f963c675c7d6029746a255ee63509d9ba547c971729ed0642

SHA512
db05ab55a18bfaa36f1028c86e51295c7088bf62931c93c0ce2e5212ff6db365745a362fb388c593a3ca18cf9e9cac027492ca0af6e599a2f135a94d20b0b1e7

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\source.dll

Filesize
180KB

MD5
d324717f930dd98013d786fb47d81d3f

SHA1
42f6bcebde96be7ab4b814bfd89bed4d8636239a

SHA256
aea33397317ae89273ee287eeb4bdb8323cfd3c4b96a077308c981637b688961

SHA512
b19998bdb7edb30bc3bd48f7094c1df0ec9ce2b63e93c3e82334f2a3b82d7e45e463242c666403722358a89b70d128f43cb67eae846b8b81d057bd83606c0ae0

Download Submit
C:\Program Files (x86)\FM4.0\202211261221\swresample-0.dll

Filesize
86KB

MD5
0f4aee47b55b4dcbf4a365f2c71de951

SHA1
071eb194720462ea61ea3b5c9500bb7b3dbb8e80

SHA256
348e57fc2e967f42db4fa4d0b77e789ea9de6eed1096e8be0400f2e46f663cc4

SHA512
2d2e7c93e73ef10cc11a2ea8bbd770f874aff9262168de7d92b11fb2f881339cf3f7ae01d59788b87817b43e83dc1da324f1442226c44e1c858bedc6e2e4bc88

Download Submit
\Program Files (x86)\FM4.0\202211261221\DuiLib.dll

Filesize
457KB

MD5
c00935fa58f07e1912b5403e23b56a03

SHA1
06a481afb18d4004317c816bfa25f97ef520396b

SHA256
0ed58bf3c3b3a81c796ebbd22ddfbdf864090b37e5a6c337754eba71f644b742

SHA512
c87193b554f09ac656905643587d770115c010cc6d6271dd23af7d8f5157a3161616878bae13d92688d48c421c2c63c80cdf486653b141689096da495a992247

Download Submit
\Program Files (x86)\FM4.0\202211261221\FHSev.exe

Filesize
297KB

MD5
a6aa0ce59d41ae32aacb4870672abce0

SHA1
7c2a5e6c5d6f98e7644778b3f89fb619cb34131e

SHA256
54ba204384db2fa5742c11a655ecf77753b4b72fb255f048df7711dc7fc25b49

SHA512
76c4d44dbbbaee49ae04b63aea01420bc51002197c739210494847527e6a98d3925ea35dcf03e14bc9edcc437d7fd54592e8cf4ae50484d1b573974ccd949a82

Download Submit
\Program Files (x86)\FM4.0\202211261221\Unins.exe

Filesize
258KB

MD5
299d4ccd683231974ba6e2dc9b3ed79c

SHA1
f485395c6a165aad2b6c936418dfada3cf530e83

SHA256
fc3358faa6b3b3eff3d4fa08e8de2f7eeae87ed93c8563f82c0c71e3946a7661

SHA512
4d0a43a4983a047fa19c022666b637bf844470a47282eca41fa0c5d6a5e9f17dfb7c8da7abe2cfcf33d838f7384b8a23719f728da43e571553fef4d4fd5569b2

Download Submit
\Program Files (x86)\FM4.0\202211261221\audio.dll

Filesize
107KB

MD5
4e21252ab923193b4fda81e4565b5401

SHA1
518bb19e2acb6497a4ec8cd9579a0513495d095c

SHA256
cda9e420c9052bfa0f46a4e6fee9c9e31bcc7693975dbf74e664efd48f57cda0

SHA512
da4f62297f6235679e72d64258f731fc80e7a421aed422a2c1af7a42d5b08f843a3e76e9b4fc0eea5ffd3ff5e471585b503eb9e862dff42dd7befaa5aa7803e4

Download Submit
\Program Files (x86)\FM4.0\202211261221\avcodec-54.dll

Filesize
685KB

MD5
626eb51c0d3de4ba871f04a9aca8c5d5

SHA1
34324ce03735777cf513bcf62ec316667a7b1b68

SHA256
bee8163966d61a4801711a18fb54b404ed8d9f6725f4a59c4a13d8d218ebec9f

SHA512
8bfea141b32ccbfa4439f051f076d18a92a32aa17e6af71c2f03ef35fc25b491dde7e9e0d61a1045dcbb1be66fc2ac9310ace0e36b149365af4017b5f4cfaea7

Download Submit
\Program Files (x86)\FM4.0\202211261221\avcore.dll

Filesize
76KB

MD5
623fdb29b9965a145eb8bb40327c73a4

SHA1
f07ccf1c75f6647d5f6f21605b74fe841266ed71

SHA256
56133ea7a7435e63bbd392b01c15de9fa9b5112302beae655a76e9085071b196

SHA512
b3ce2997a336c27f70ed8532354c045345007b5850b656f5f647e46b61f49a834e71683a36fc7cbbe305745de2729c538356e09893a22b74a3c188508ae1beb2

Download Submit
\Program Files (x86)\FM4.0\202211261221\avformat-54.dll

Filesize
350KB

MD5
41d743562a515aeea619f53ddabb0440

SHA1
bf7eddce5c8b4e463b167bf0a67b82020c2a11dd

SHA256
a04f94a2b0c433c05b6181f8bcd54bfaa942fec60f75dfb9578ecb4af85f3e69

SHA512
0c15f31078f078707fc2bc8b3f504934722aa6870e0c3e9f6500cc5002ce69c3eacd601865931b640428d5530f57cbc9ddbae6822546d618720589485c44eb9f

Download Submit
\Program Files (x86)\FM4.0\202211261221\avutil-52.dll

Filesize
151KB

MD5
5c9f02d245994a48af6502be4b40cd1b

SHA1
2fab1d3034e76db67a923c60eb6bd99a96c116b4

SHA256
353bbac9987c8ac2aeea53c6c7680929389f0d9241d5195a8b53bd495d170b07

SHA512
e53f78325944fa7cc74fb1d7ae170a4cbf2720e41dd79a443ae3a84074a6fab6ab3889b1df60046662c4cb1480479b64b22fa922ab29291d1016e99a256bebe8

Download Submit
\Program Files (x86)\FM4.0\202211261221\fm4.exe

Filesize
1.9MB

MD5
f02b692e92c1870071bfe7e7e2ff3948

SHA1
cc5193751bb5eb18722963b6bae9299c84c481fe

SHA256
d63cfc79ccde0405a37c59232f2fb133b2bc627573771b1eea86c38667098fad

SHA512
730162f3ededda60adc7cf1a14ed2ab24d09b3591e727eb41ccfb31607b513490956106a13e234e66af4d2141b4c2d55aa82574bd407e936ede41bec7ce6ecfd

Download Submit
\Program Files (x86)\FM4.0\202211261221\fm4.exe

Filesize
1.9MB

MD5
f02b692e92c1870071bfe7e7e2ff3948

SHA1
cc5193751bb5eb18722963b6bae9299c84c481fe

SHA256
d63cfc79ccde0405a37c59232f2fb133b2bc627573771b1eea86c38667098fad

SHA512
730162f3ededda60adc7cf1a14ed2ab24d09b3591e727eb41ccfb31607b513490956106a13e234e66af4d2141b4c2d55aa82574bd407e936ede41bec7ce6ecfd

Download Submit
\Program Files (x86)\FM4.0\202211261221\fm4svr.exe

Filesize
676KB

MD5
d2dfe4ef36e03c9d18c333c3e754314a

SHA1
10a7cd54703e0a006ba809de524a5d1926f3e651

SHA256
c63c30f2c98f9c22dbaf30fd6115f854419cc64f48c25428c7eb0c853cc43a66

SHA512
5d4dd7e2850241f7fd744e85c41f5d59c8807c0cc3c0d53e41746e24db4861286f4051a0d15f3b5f6964a7526104a81e26446d4af34930ba64072631e4a82562

Download Submit
\Program Files (x86)\FM4.0\202211261221\fm4svr.exe

Filesize
676KB

MD5
d2dfe4ef36e03c9d18c333c3e754314a

SHA1
10a7cd54703e0a006ba809de524a5d1926f3e651

SHA256
c63c30f2c98f9c22dbaf30fd6115f854419cc64f48c25428c7eb0c853cc43a66

SHA512
5d4dd7e2850241f7fd744e85c41f5d59c8807c0cc3c0d53e41746e24db4861286f4051a0d15f3b5f6964a7526104a81e26446d4af34930ba64072631e4a82562

Download Submit
\Program Files (x86)\FM4.0\202211261221\fm4svr.exe

Filesize
676KB

MD5
d2dfe4ef36e03c9d18c333c3e754314a

SHA1
10a7cd54703e0a006ba809de524a5d1926f3e651

SHA256
c63c30f2c98f9c22dbaf30fd6115f854419cc64f48c25428c7eb0c853cc43a66

SHA512
5d4dd7e2850241f7fd744e85c41f5d59c8807c0cc3c0d53e41746e24db4861286f4051a0d15f3b5f6964a7526104a81e26446d4af34930ba64072631e4a82562

Download Submit
\Program Files (x86)\FM4.0\202211261221\libav.dll

Filesize
170KB

MD5
d2f7b09bb01aee3366a531acbfe0f131

SHA1
066c5858ce4238bf44cedf4ef867a6695ce06094

SHA256
7fa294fb3ed18bc73320723f1141907873d46002f9f7294219f3ee4be95fa689

SHA512
5426a0d342230ae4757f97e5c74329e2f63cc92aa664010cdf574a983c85dfd1175aa0fe30de1f881c363532e62cc79f8b6768b4ec36c36af77078b252974be6

Download Submit
\Program Files (x86)\FM4.0\202211261221\pthreadGC2.dll

Filesize
96KB

MD5
b82801876d49fb80044b84c142746efd

SHA1
7d73d31f40da9dc7070e0ff45d1ff0c389af4e09

SHA256
7e123eb3396e334f963c675c7d6029746a255ee63509d9ba547c971729ed0642

SHA512
db05ab55a18bfaa36f1028c86e51295c7088bf62931c93c0ce2e5212ff6db365745a362fb388c593a3ca18cf9e9cac027492ca0af6e599a2f135a94d20b0b1e7

Download Submit
\Program Files (x86)\FM4.0\202211261221\source.dll

Filesize
180KB

MD5
d324717f930dd98013d786fb47d81d3f

SHA1
42f6bcebde96be7ab4b814bfd89bed4d8636239a

SHA256
aea33397317ae89273ee287eeb4bdb8323cfd3c4b96a077308c981637b688961

SHA512
b19998bdb7edb30bc3bd48f7094c1df0ec9ce2b63e93c3e82334f2a3b82d7e45e463242c666403722358a89b70d128f43cb67eae846b8b81d057bd83606c0ae0

Download Submit
\Program Files (x86)\FM4.0\202211261221\swresample-0.dll

Filesize
86KB

MD5
0f4aee47b55b4dcbf4a365f2c71de951

SHA1
071eb194720462ea61ea3b5c9500bb7b3dbb8e80

SHA256
348e57fc2e967f42db4fa4d0b77e789ea9de6eed1096e8be0400f2e46f663cc4

SHA512
2d2e7c93e73ef10cc11a2ea8bbd770f874aff9262168de7d92b11fb2f881339cf3f7ae01d59788b87817b43e83dc1da324f1442226c44e1c858bedc6e2e4bc88

Download Submit
memory/392-92-0x0000000069900000-0x000000006995D000-memory.dmp

Filesize
372KB

Download
memory/392-91-0x0000000069900000-0x000000006995D000-memory.dmp

Filesize
372KB

Download
memory/392-90-0x0000000069900000-0x000000006995D000-memory.dmp

Filesize
372KB

Download
memory/392-89-0x0000000069900000-0x000000006995D000-memory.dmp

Filesize
372KB

Download
memory/392-88-0x0000000069900000-0x000000006995D000-memory.dmp

Filesize
372KB

Download
memory/1204-126-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1204-125-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1224-102-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1224-101-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1224-98-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1356-62-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1356-72-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1612-112-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1676-134-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1732-124-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1732-119-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/2028-63-0x0000000003830000-0x00000000038F0000-memory.dmp

Filesize
768KB

Download
memory/2028-54-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download