0c57f90d98c5b6cb16c627631c4a599e031d6ca8f832d48cb0d972b65ec5ae33

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
17-02-2023 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe
Size

995KB
MD5

4fc302f4104a3a4c95e44d020101e218
SHA1

8adc2c5afe8e3e2439c52949ae64ec99940cf1b9
SHA256

0c57f90d98c5b6cb16c627631c4a599e031d6ca8f832d48cb0d972b65ec5ae33
SHA512

415d2f021ad6a090b39195263a5fd7844e4bdad421f4a1e6e6302c1f14936e106ea98467d8eddd1eb8a6fb7a4687b2d586c1ec1d9d9b5b6aadc50fff4dbd137a
SSDEEP

12288:zSxG0lssKssVs91x888888888888W88888888888X4bHrYc++Vx8eu1A6qmgJvsX:WxGOP4Lp++VCN1GvsvXB+3HI1Vsr3q

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

Processes:

FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmpFreemakeVideoDownloaderFull.exeFreemakeVideoDownloaderFull.tmp

pid	process
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
1392	FreemakeVideoDownloaderFull.exe
1752	FreemakeVideoDownloaderFull.tmp

Loads dropped DLL 56 IoCs

Processes:

FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exeFreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmpFreemakeVideoDownloaderFull.exeFreemakeVideoDownloaderFull.tmpregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

pid	process
860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
1392	FreemakeVideoDownloaderFull.exe
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp
584	regsvr32.exe
584	regsvr32.exe
584	regsvr32.exe
584	regsvr32.exe
584	regsvr32.exe
584	regsvr32.exe
584	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1368	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1772	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe
1664	regsvr32.exe

Drops file in Program Files directory 64 IoCs

Processes:

FreemakeVideoDownloaderFull.tmp

description	ioc	process
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\DVDMenu\is-MU80S.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\es-ES\FreemakeCommon.resources.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-1NL93.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\is-27M31.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\is-43DDU.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\FreemakeCommon\Resources\is-679KQ.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Uploader\is-7F1EH.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\de-DE\is-AJ1D8.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\Resources\ImagesBranding\is-OGR7L.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\System.Runtime.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\System.IO.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-CMSKT.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\is-SANLV.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\is-VCSEF.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\is-V2L0H.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\is-CK3SR.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\Resources\ImagesBranding\is-M9R91.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\ForFlash\is-0HTPF.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\is-ERHKT.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\Visualization\is-R1IMI.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\ja-JP\FreemakeVideoConverter.resources.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\pt-BR\FreemakeVideoConverter.resources.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-KEB30.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\is-JTQ30.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\is-CO1TM.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\da\is-C6572.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\DVDMenu\is-F6V4J.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\FMDownloader.GlobalSettings.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-D56RT.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-HCKHJ.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ja-JP\is-H3BJD.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\is-7LULP.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\System.Threading.Tasks.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\vi\Monetization.resources.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\Analytics.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\FMProfileManager.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Uploader\is-ND5V2.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\YoutubeContentLinksExtractor\is-IA0HD.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\pl\is-K91B4.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\Monetization.Payments.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FileAssociationTool\is-QMMIT.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\DVDMenu\is-08RM2.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\MediaInfo.DotNetWrapper.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-VGCC7.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Downloader\is-ENBTJ.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\is-GHCJ5.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMWeb\Uploader\is-JUJ6M.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Languages\ru-RU\is-LUVD9.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\DVDMenu\is-HDANK.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\fr-fR\FreemakeCommon.resources.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\da\FreemakeCommon.resources.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\SharpRaven.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\is-F22GB.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\FreemakeCommon\Resources\is-RGEGI.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\YoutubeContentLinksExtractor\is-T7A2U.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\Visualization\is-R8CFH.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\SmartThreadPool.dll	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\ConverterCommon\is-9JUEI.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\DVDMenu\is-6QK68.tmp	FreemakeVideoDownloaderFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter\Images\DVDMenu\is-I43A5.tmp	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\FMMediaUtils.dll	FreemakeVideoDownloaderFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Downloader\FMCommon\cs\FreemakeCommon.resources.dll	FreemakeVideoDownloaderFull.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Enumerates processes with tasklist 1 TTPs 6 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid process

1516 tasklist.exe
1224 tasklist.exe
344 tasklist.exe
1912 tasklist.exe
1528 tasklist.exe
912 tasklist.exe

pid	process
1516	tasklist.exe
1224	tasklist.exe
344	tasklist.exe
1912	tasklist.exe
1528	tasklist.exe
912	tasklist.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{baad6aa7-889d-4db4-8666-f71544310e82}\InprocServer32\ = "C:\\Program Files (x86)\\Freemake\\COM\\1.1\\FMMediaFormats.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC36E45-E241-4C33-A81A-A8B9418685B9}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformVisualisation	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e010f47e-ea65-44df-8ff5-baf2c9e102d6}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e3212827-8be8-4af7-b07f-b41bd298866e}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{579c85c1-565d-433d-bab7-6958e4178aad}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CBE0A0CB-38B8-4BA9-BEAC-C26CB95A5C5F}\TypeLib\ = "{21365BB8-55E5-4D5F-8FC9-B56D5A1DE903}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9e161a92-527b-4eab-b44f-741fdefabf16}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8F932824-DAB4-437A-B658-34E7D7355A2E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31A2F737-5656-4751-A50C-6E1747C24DBA}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A3CEA54-A8EA-4A68-8557-AD3C01711AF3}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BB66678B-C7F5-4958-9150-780372B8395C}\ = "IMediaSourceLoop"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4E4C544-E74F-4896-9F6E-A900AB0AAD59}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28c82e28-f87e-45d7-b60a-29d43e68bf05}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e010f47e-ea65-44df-8ff5-baf2c9e102d6}\ProgID\ = "FMMediaSource.DeleteInterval.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4cbc1dd8-4ff7-4da8-9e01-120f69fe17c4}\VersionIndependentProgID\ = "FMMediaSource.MediaSourceAudioSilence"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D09445C-EFDF-4126-AEA3-EE7D35342AA3}\TypeLib\ = "{21365BB8-55E5-4D5F-8FC9-B56D5A1DE903}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CF8DC390-AA77-4989-A7DE-BF06FCE8B18A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{352839CE-8082-4F09-86B7-C6DE1E7215C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{352839CE-8082-4F09-86B7-C6DE1E7215C4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F67ADAE2-607A-455F-8555-FF6E55D64E5E}\ = "IFormatBase"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EE969149-E37F-45C8-A2F6-9784026ED4FA}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{85057B78-5D65-4675-8E35-6A1B0902AC13}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.FormatBase\CLSID\ = "{3e4b14cc-b77a-40da-b6c5-a1361c0cacf1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95BF9905-1825-4B88-B191-2E5E9F81B414}\TypeLib\ = "{8F935BB6-1360-4F01-89BE-8D394CA9E36C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ece91a65-c03b-42af-be5b-0258e47efb7d}\InprocServer32\ = "C:\\Program Files (x86)\\Freemake\\COM\\1.1\\FMMediaSource.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d277bb23-c17d-49c3-9991-052911dbf47a}\InprocServer32\ = "C:\\Program Files (x86)\\Freemake\\COM\\1.1\\FMMediaSource.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A3CEA54-A8EA-4A68-8557-AD3C01711AF3}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22E65E8B-7B25-470B-84AF-60A058C4E9B7}\TypeLib\ = "{E5CD553D-2B25-48E4-A1A8-E685F79A1A54}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.FormatBase.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3e4b14cc-b77a-40da-b6c5-a1361c0cacf1}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2f35f903-fa13-46b9-969e-ddc34a5e73a5}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.MediaDataVideo.1\CLSID\ = "{1e22b14d-d3c8-4b3b-8ecf-8b9589162b60}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{352839CE-8082-4F09-86B7-C6DE1E7215C4}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1c8380dd-db16-4944-8968-dd952037d4e1}\InprocServer32\ = "C:\\Program Files (x86)\\Freemake\\COM\\1.1\\FMTransformBase.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CF40365A-C8C6-4718-90A2-3393E60B26B3}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSource.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d277bb23-c17d-49c3-9991-052911dbf47a}\ProgID\ = "FMMediaSource.MediaSourceFile.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB66678B-C7F5-4958-9150-780372B8395C}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34CC3227-44D6-4710-B086-C8A4B8A581EF}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9620AAE3-7818-422F-B3B3-73699E27F0C3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2336008-3212-4AD6-AE5B-946F70058E38}\ = "IMediaSourceContainer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{84572DBF-EB05-45FD-8206-444A749D7B71}\ = "IFormatCodecVideo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2768C270-27B9-45D0-8C4F-72E6AFE7A67C}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE969149-E37F-45C8-A2F6-9784026ED4FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27cb0cb2-abc2-41a8-8a43-211163a92cd9}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8f75e71d-6ce1-43e2-a8c2-2ef1a320955b}\ = "TransformResize Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceStreams	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{919baa63-7b5b-4f51-bc98-680708477f29}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86f32deb-e004-40d1-a028-0eb23d56f74a}\ = "TransformVisualisation2 Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{375BE98B-6804-43B9-BD47-3C86624B8E37}\TypeLib\ = "{E5CD553D-2B25-48E4-A1A8-E685F79A1A54}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62F85A04-8BF6-4F81-B5D2-20505E719B09}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A3CEA54-A8EA-4A68-8557-AD3C01711AF3}\TypeLib\ = "{21365BB8-55E5-4D5F-8FC9-B56D5A1DE903}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{644CC3C4-0600-45A2-8EE0-577D6149CA9F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1c8380dd-db16-4944-8968-dd952037d4e1}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformVisualisation\ = "TransformVisualisation Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{579c85c1-565d-433d-bab7-6958e4178aad}\VersionIndependentProgID\ = "FMMediaSource.MediaSourceImage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9FBD481C-2888-432B-BAD8-BD4CFED30DC4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D0D4C9C8-6701-4C82-ADFF-3178B47D74DB}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23A93418-2CF0-40F3-BFFE-560E8C1753D6}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F67ADAE2-607A-455F-8555-FF6E55D64E5E}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95BF9905-1825-4B88-B191-2E5E9F81B414}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformQueue\CurVer\ = "FMTransformBase.TransformQueue.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27cb0cb2-abc2-41a8-8a43-211163a92cd9}\ = "TransformAudioFade Class"	regsvr32.exe

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp

Script User-Agent 5 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	5	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	14	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	17	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	23	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmpFreemakeVideoDownloaderFull.tmp

pid	process
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
1752	FreemakeVideoDownloaderFull.tmp
1752	FreemakeVideoDownloaderFull.tmp

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

description	pid	process
Token: SeDebugPrivilege	912	tasklist.exe
Token: SeDebugPrivilege	1516	tasklist.exe
Token: SeDebugPrivilege	1224	tasklist.exe
Token: SeDebugPrivilege	344	tasklist.exe
Token: SeDebugPrivilege	1912	tasklist.exe
Token: SeDebugPrivilege	1528	tasklist.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmpFreemakeVideoDownloaderFull.tmp

pid process

844 FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
1752 FreemakeVideoDownloaderFull.tmp

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 860 wrote to memory of 844	860	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
PID 844 wrote to memory of 1524	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	cmd.exe
PID 844 wrote to memory of 1524	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	cmd.exe
PID 844 wrote to memory of 1524	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	cmd.exe
PID 844 wrote to memory of 1524	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	cmd.exe
PID 844 wrote to memory of 1392	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	FreemakeVideoDownloaderFull.exe
PID 844 wrote to memory of 1392	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	FreemakeVideoDownloaderFull.exe
PID 844 wrote to memory of 1392	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	FreemakeVideoDownloaderFull.exe
PID 844 wrote to memory of 1392	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	FreemakeVideoDownloaderFull.exe
PID 844 wrote to memory of 1960	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 844 wrote to memory of 1960	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 844 wrote to memory of 1960	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 844 wrote to memory of 1960	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 1392 wrote to memory of 1752	1392	FreemakeVideoDownloaderFull.exe	FreemakeVideoDownloaderFull.tmp
PID 844 wrote to memory of 1932	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 844 wrote to memory of 1932	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 844 wrote to memory of 1932	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 844 wrote to memory of 1932	844	FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp	netsh.exe
PID 1752 wrote to memory of 1172	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1172	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1172	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1172	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1172 wrote to memory of 912	1172	cmd.exe	tasklist.exe
PID 1172 wrote to memory of 912	1172	cmd.exe	tasklist.exe
PID 1172 wrote to memory of 912	1172	cmd.exe	tasklist.exe
PID 1172 wrote to memory of 912	1172	cmd.exe	tasklist.exe
PID 1172 wrote to memory of 960	1172	cmd.exe	findstr.exe
PID 1172 wrote to memory of 960	1172	cmd.exe	findstr.exe
PID 1172 wrote to memory of 960	1172	cmd.exe	findstr.exe
PID 1172 wrote to memory of 960	1172	cmd.exe	findstr.exe
PID 1752 wrote to memory of 1988	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1988	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1988	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1988	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1988 wrote to memory of 1516	1988	cmd.exe	tasklist.exe
PID 1988 wrote to memory of 1516	1988	cmd.exe	tasklist.exe
PID 1988 wrote to memory of 1516	1988	cmd.exe	tasklist.exe
PID 1988 wrote to memory of 1516	1988	cmd.exe	tasklist.exe
PID 1988 wrote to memory of 584	1988	cmd.exe	findstr.exe
PID 1988 wrote to memory of 584	1988	cmd.exe	findstr.exe
PID 1988 wrote to memory of 584	1988	cmd.exe	findstr.exe
PID 1988 wrote to memory of 584	1988	cmd.exe	findstr.exe
PID 1752 wrote to memory of 1596	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1596	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1596	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1752 wrote to memory of 1596	1752	FreemakeVideoDownloaderFull.tmp	cmd.exe
PID 1596 wrote to memory of 1224	1596	cmd.exe	tasklist.exe
PID 1596 wrote to memory of 1224	1596	cmd.exe	tasklist.exe
PID 1596 wrote to memory of 1224	1596	cmd.exe	tasklist.exe
PID 1596 wrote to memory of 1224	1596	cmd.exe	tasklist.exe
PID 1596 wrote to memory of 980	1596	cmd.exe	findstr.exe
PID 1596 wrote to memory of 980	1596	cmd.exe	findstr.exe

C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe
"C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:860

C:\Users\Admin\AppData\Local\Temp\is-CUDDK.tmp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
"C:\Users\Admin\AppData\Local\Temp\is-CUDDK.tmp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp" /SL5="$70124,492396,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:844

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" "C:\Windows\system32\cmd.exe" /S /C "ver > "C:\Users\Admin\AppData\Local\Temp\is-CNPJB.tmp\~execwithresult.txt""
3⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
"C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe" /LANG=es /dotnet=0 /custom_install /skip_welcome /file_assoc=0 locale=IN /DIR="C:\Program Files (x86)\Freemake" /autoinstall
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1392

C:\Users\Admin\AppData\Local\Temp\is-EROGS.tmp\FreemakeVideoDownloaderFull.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EROGS.tmp\FreemakeVideoDownloaderFull.tmp" /SL5="$201C6,79778999,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe" /LANG=es /dotnet=0 /custom_install /skip_welcome /file_assoc=0 locale=IN /DIR="C:\Program Files (x86)\Freemake" /autoinstall
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1752

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVD.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1172

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:912

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeVD.exe"
6⤵
PID:960

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVC.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1988

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1516

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeVC.exe"
6⤵
PID:584

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeAC.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1596

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1224

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeAC.exe"
6⤵
PID:980

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeMB.exe"
5⤵
PID:1644

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:344

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeMB.exe"
6⤵
PID:1084

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeYB.exe"
5⤵
PID:1648

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeYB.exe"
6⤵
PID:1852

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-3OFLK.tmp\CheckRunningInstance.cmd""
5⤵
PID:340

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1528

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeAC | FreemakeVD | FreemakeMB | FreemakeVC | FreemakeYC | FreemakeYB"
6⤵
PID:332

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll"
5⤵
- Loads dropped DLL
- Modifies registry class
PID:584

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll"
5⤵
- Loads dropped DLL
- Modifies registry class
PID:1368

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll"
5⤵
- Loads dropped DLL
- Modifies registry class
PID:1772

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMVideoConverter.dll"
5⤵
- Loads dropped DLL
PID:1664

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
3⤵
PID:1960

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
3⤵
PID:1932

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll
Filesize
412KB

MD5
e7a639676a8ac438b1f803c94c0e028f

SHA1
20b85382444f6bc09afedad8d195bab05c9c1ef2

SHA256
d334a3a62bc3e56c1b1541e9153181a69d22d64f2c8f3c800e8cd610fc82079c

SHA512
71abafaad7e65033d54975e5aea291d5913bd133828a00a2474641637d588fccabfc845c4a33dc34db4dfca2af2899a27e6dd9644d4519d2144e392212a71558

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll
Filesize
812KB

MD5
66761118f5efead602bcaf43f3445226

SHA1
17134e600a286c943e7f1100235e6e100a67fe75

SHA256
74b665e49c6cad538244622d0c46c220e7360e9ac81dfa0c09d693c900dc6589

SHA512
e2e5599f0c0df3febe3d18fcd31aca3e5a9891eef0859d0f296c572018495611b164c482d26612b780391302a9b31e1cc373eea4935d1f5d20c6a9daaffd106e

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll
Filesize
459KB

MD5
fd86950306982e65b8448a00fa6ebbd1

SHA1
d66d66dfc57dfaa3c6c5b915d249a956e012b55e

SHA256
fdcebaa740802bfe75e2db40008cf6f66999962f4a9f2ce31a4b6a1436dd1db0

SHA512
88377b594e1257869ec11a971d05b6917105619bacb190d3e185cde6443509593d91eecfec0ba31d9647849769a2469241da27835f403f27e5c6702f5fca9b9b

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\MSVCP100.dll
Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\MSVCR100.dll
Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll
Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll
Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\avresample-1.dll
Filesize
135KB

MD5
6d02a67f1a77371dcf16a3dd70ae3cb8

SHA1
5bdd8a649e35686362ef010420d85eff624d00a5

SHA256
9d23781f9b54a3f37e872ce23df6ac64a695dcadf794d388f9266861ef7f790e

SHA512
bb0c7ddc280d4d518a925e92706d5f567220a07181dedc4c1c3a6a745d567b7461590063304288395fdd61312d121d384568e89e94464ff4937137d9df7f1ea1

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll
Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\swscale-2.dll
Filesize
326KB

MD5
d06d733f491a19bd76379565ffbf0556

SHA1
1125234bc8a4702b515bc0a12c9ca82e9583bd63

SHA256
05cd12a6f470b271cf47bd2637136e8720a00e67668df8d8499f406f0c52ea14

SHA512
e52ff24705db9fcc02571132e4d6debe329031c5c65a70de47e2f163e0c8f6e355d74abb9a24ad3cf888c8e7cf9f3df56df60dba4a87743f362624bf58a97f35

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll
Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5af90b83f133d816aa1a9f19dbf6c095

SHA1
e764c047c568ac9c56f7519411184c48b9d51716

SHA256
7b8e5adf7f2f5dd7b38e014f5a36fc79a755d517d523a30ff63e48bdcc468d43

SHA512
573d3c244483ac2afe0b4fe264bf9f0f5e74a204e86d99ec11dcf6f356daec0f997bc82a94f3fc00565bb53f387d37dcb4c23e16af099b8ab60b004b022fd4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
Filesize
76.6MB

MD5
9431ef431ef048591edb7ab36327af51

SHA1
08ae80b18755c1974789235378a2978c02cf1b5e

SHA256
73b20e4892b3989166b00c71240355071c42ecee31745f4138dee18a88c5d5b5

SHA512
86fc00b8916d6c157c47f2aa3871ada0610dfa04ab4d083b75726e483f9f15e10e8c1a123f38031e14f180db8d5c03c88fb46748a4bc691c66c627ed02d559ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
Filesize
76.6MB

MD5
9431ef431ef048591edb7ab36327af51

SHA1
08ae80b18755c1974789235378a2978c02cf1b5e

SHA256
73b20e4892b3989166b00c71240355071c42ecee31745f4138dee18a88c5d5b5

SHA512
86fc00b8916d6c157c47f2aa3871ada0610dfa04ab4d083b75726e483f9f15e10e8c1a123f38031e14f180db8d5c03c88fb46748a4bc691c66c627ed02d559ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3OFLK.tmp\CheckRunningInstance.cmd
Filesize
96B

MD5
92dbcc7a2f8c552b1f541bd1018b44c5

SHA1
f9956c2066adacbd7cfe80941dabf46a4cc27db7

SHA256
5e314bf3f0a6e062a60d1b009e02f3128132de0206a3d197da27651a3d13fc32

SHA512
d393eb9b228f2ee74172ef28464b5b89daf14abc88135335a5bf364fa7bd4640c3b95c62296c6db15561ee010386a33120cf288446a9ce63a3cee0b3b82b7991

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CNPJB.tmp\~execwithresult.txt
Filesize
40B

MD5
082f2e97e670228e3b323c6a3a874f40

SHA1
e50760edb5e88385449a44818f5726e5beed7aab

SHA256
292bf366a534157e5414f344218c9df828e2f211617fc84352f3ab2564050941

SHA512
ad96826fb4a9ad5296acf1136bd81348492b4e191ba7936fe515a254f7bb789ab7bb3b939a5b9094b0fdaca9b4ad0f0445034a6eb2d78bd1529c2e638eafbe91

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CUDDK.tmp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Filesize
1.4MB

MD5
7e4aa70d53b36013428377346e0e268c

SHA1
b45756feef67b76d1d0caa459f035c3c115d4b0e

SHA256
642553254d18fbca9150d18b8189a502fed5f9e625a7fc58d3aafabb16a76893

SHA512
1b23c1f532327c3006225f345251a907875699c063bc3a47843b8ceb67b473f5404d4df50543a15d6fac002c7109eaa155c0f00c017182b93d71208e6e3180b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EROGS.tmp\FreemakeVideoDownloaderFull.tmp
Filesize
1.4MB

MD5
7e4aa70d53b36013428377346e0e268c

SHA1
b45756feef67b76d1d0caa459f035c3c115d4b0e

SHA256
642553254d18fbca9150d18b8189a502fed5f9e625a7fc58d3aafabb16a76893

SHA512
1b23c1f532327c3006225f345251a907875699c063bc3a47843b8ceb67b473f5404d4df50543a15d6fac002c7109eaa155c0f00c017182b93d71208e6e3180b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EROGS.tmp\FreemakeVideoDownloaderFull.tmp
Filesize
1.4MB

MD5
7e4aa70d53b36013428377346e0e268c

SHA1
b45756feef67b76d1d0caa459f035c3c115d4b0e

SHA256
642553254d18fbca9150d18b8189a502fed5f9e625a7fc58d3aafabb16a76893

SHA512
1b23c1f532327c3006225f345251a907875699c063bc3a47843b8ceb67b473f5404d4df50543a15d6fac002c7109eaa155c0f00c017182b93d71208e6e3180b8

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll
Filesize
412KB

MD5
e7a639676a8ac438b1f803c94c0e028f

SHA1
20b85382444f6bc09afedad8d195bab05c9c1ef2

SHA256
d334a3a62bc3e56c1b1541e9153181a69d22d64f2c8f3c800e8cd610fc82079c

SHA512
71abafaad7e65033d54975e5aea291d5913bd133828a00a2474641637d588fccabfc845c4a33dc34db4dfca2af2899a27e6dd9644d4519d2144e392212a71558

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll
Filesize
412KB

MD5
e7a639676a8ac438b1f803c94c0e028f

SHA1
20b85382444f6bc09afedad8d195bab05c9c1ef2

SHA256
d334a3a62bc3e56c1b1541e9153181a69d22d64f2c8f3c800e8cd610fc82079c

SHA512
71abafaad7e65033d54975e5aea291d5913bd133828a00a2474641637d588fccabfc845c4a33dc34db4dfca2af2899a27e6dd9644d4519d2144e392212a71558

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll
Filesize
412KB

MD5
e7a639676a8ac438b1f803c94c0e028f

SHA1
20b85382444f6bc09afedad8d195bab05c9c1ef2

SHA256
d334a3a62bc3e56c1b1541e9153181a69d22d64f2c8f3c800e8cd610fc82079c

SHA512
71abafaad7e65033d54975e5aea291d5913bd133828a00a2474641637d588fccabfc845c4a33dc34db4dfca2af2899a27e6dd9644d4519d2144e392212a71558

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll
Filesize
812KB

MD5
66761118f5efead602bcaf43f3445226

SHA1
17134e600a286c943e7f1100235e6e100a67fe75

SHA256
74b665e49c6cad538244622d0c46c220e7360e9ac81dfa0c09d693c900dc6589

SHA512
e2e5599f0c0df3febe3d18fcd31aca3e5a9891eef0859d0f296c572018495611b164c482d26612b780391302a9b31e1cc373eea4935d1f5d20c6a9daaffd106e

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll
Filesize
459KB

MD5
fd86950306982e65b8448a00fa6ebbd1

SHA1
d66d66dfc57dfaa3c6c5b915d249a956e012b55e

SHA256
fdcebaa740802bfe75e2db40008cf6f66999962f4a9f2ce31a4b6a1436dd1db0

SHA512
88377b594e1257869ec11a971d05b6917105619bacb190d3e185cde6443509593d91eecfec0ba31d9647849769a2469241da27835f403f27e5c6702f5fca9b9b

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll
Filesize
459KB

MD5
fd86950306982e65b8448a00fa6ebbd1

SHA1
d66d66dfc57dfaa3c6c5b915d249a956e012b55e

SHA256
fdcebaa740802bfe75e2db40008cf6f66999962f4a9f2ce31a4b6a1436dd1db0

SHA512
88377b594e1257869ec11a971d05b6917105619bacb190d3e185cde6443509593d91eecfec0ba31d9647849769a2469241da27835f403f27e5c6702f5fca9b9b

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll
Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll
Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll
Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll
Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll
Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll
Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avresample-1.dll
Filesize
135KB

MD5
6d02a67f1a77371dcf16a3dd70ae3cb8

SHA1
5bdd8a649e35686362ef010420d85eff624d00a5

SHA256
9d23781f9b54a3f37e872ce23df6ac64a695dcadf794d388f9266861ef7f790e

SHA512
bb0c7ddc280d4d518a925e92706d5f567220a07181dedc4c1c3a6a745d567b7461590063304288395fdd61312d121d384568e89e94464ff4937137d9df7f1ea1

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avresample-1.dll
Filesize
135KB

MD5
6d02a67f1a77371dcf16a3dd70ae3cb8

SHA1
5bdd8a649e35686362ef010420d85eff624d00a5

SHA256
9d23781f9b54a3f37e872ce23df6ac64a695dcadf794d388f9266861ef7f790e

SHA512
bb0c7ddc280d4d518a925e92706d5f567220a07181dedc4c1c3a6a745d567b7461590063304288395fdd61312d121d384568e89e94464ff4937137d9df7f1ea1

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll
Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll
Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll
Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcp100.dll
Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcp100.dll
Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcp100.dll
Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll
Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll
Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll
Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
\Program Files (x86)\Freemake\COM\1.1\swscale-2.dll
Filesize
326KB

MD5
d06d733f491a19bd76379565ffbf0556

SHA1
1125234bc8a4702b515bc0a12c9ca82e9583bd63

SHA256
05cd12a6f470b271cf47bd2637136e8720a00e67668df8d8499f406f0c52ea14

SHA512
e52ff24705db9fcc02571132e4d6debe329031c5c65a70de47e2f163e0c8f6e355d74abb9a24ad3cf888c8e7cf9f3df56df60dba4a87743f362624bf58a97f35

Download Submit
\Program Files (x86)\Freemake\COM\1.1\swscale-2.dll
Filesize
326KB

MD5
d06d733f491a19bd76379565ffbf0556

SHA1
1125234bc8a4702b515bc0a12c9ca82e9583bd63

SHA256
05cd12a6f470b271cf47bd2637136e8720a00e67668df8d8499f406f0c52ea14

SHA512
e52ff24705db9fcc02571132e4d6debe329031c5c65a70de47e2f163e0c8f6e355d74abb9a24ad3cf888c8e7cf9f3df56df60dba4a87743f362624bf58a97f35

Download Submit
\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll
Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll
Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll
Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter.exe
Filesize
2.2MB

MD5
dae6ff02849e5e196819e9293a795caa

SHA1
d25a869a4bafcfbc72bf92338e0c5bdc6a02fdb7

SHA256
20bcbf2e4145b2d8d393b3814aa99e8620dedf1142a641d99334cb1b88e7a5dd

SHA512
bf84d34c62ad44bfb48aa378e2bba95b448569c0f370d10afeb9b4eb0e5f34822398fee668c4c774c726069b82c3407a639fb83c46c02126e386644084a1aaa9

Download Submit
\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter.exe
Filesize
2.2MB

MD5
dae6ff02849e5e196819e9293a795caa

SHA1
d25a869a4bafcfbc72bf92338e0c5bdc6a02fdb7

SHA256
20bcbf2e4145b2d8d393b3814aa99e8620dedf1142a641d99334cb1b88e7a5dd

SHA512
bf84d34c62ad44bfb48aa378e2bba95b448569c0f370d10afeb9b4eb0e5f34822398fee668c4c774c726069b82c3407a639fb83c46c02126e386644084a1aaa9

Download Submit
\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter.exe
Filesize
2.2MB

MD5
dae6ff02849e5e196819e9293a795caa

SHA1
d25a869a4bafcfbc72bf92338e0c5bdc6a02fdb7

SHA256
20bcbf2e4145b2d8d393b3814aa99e8620dedf1142a641d99334cb1b88e7a5dd

SHA512
bf84d34c62ad44bfb48aa378e2bba95b448569c0f370d10afeb9b4eb0e5f34822398fee668c4c774c726069b82c3407a639fb83c46c02126e386644084a1aaa9

Download Submit
\Program Files (x86)\Freemake\Freemake Downloader\FreemakeVideoConverter.exe
Filesize
2.2MB

MD5
dae6ff02849e5e196819e9293a795caa

SHA1
d25a869a4bafcfbc72bf92338e0c5bdc6a02fdb7

SHA256
20bcbf2e4145b2d8d393b3814aa99e8620dedf1142a641d99334cb1b88e7a5dd

SHA512
bf84d34c62ad44bfb48aa378e2bba95b448569c0f370d10afeb9b4eb0e5f34822398fee668c4c774c726069b82c3407a639fb83c46c02126e386644084a1aaa9

Download Submit
\Program Files (x86)\Freemake\Freemake Downloader\Uninstall\unins000.exe
Filesize
1.4MB

MD5
970f545667a397a893a3760bffb13112

SHA1
2309742db1ce8c993969db8590832b2952c7f82d

SHA256
46b595587734c2192d57ea68a97969b6a8a5c36423290d067b43fa85e1cba562

SHA512
a0a283fec62e5474c550c27940b903e3a9dc6a69bce1ae19fe3a06b0ae10d535084b2d0337d652af29708f631173735d91d92deabb1ac21c011c47a9ee25d549

Download Submit
\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
Filesize
76.6MB

MD5
9431ef431ef048591edb7ab36327af51

SHA1
08ae80b18755c1974789235378a2978c02cf1b5e

SHA256
73b20e4892b3989166b00c71240355071c42ecee31745f4138dee18a88c5d5b5

SHA512
86fc00b8916d6c157c47f2aa3871ada0610dfa04ab4d083b75726e483f9f15e10e8c1a123f38031e14f180db8d5c03c88fb46748a4bc691c66c627ed02d559ef

Download Submit
\Users\Admin\AppData\Local\Temp\is-3OFLK.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-3OFLK.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-3OFLK.tmp\freemake_dl.dll
Filesize
131KB

MD5
0f7e2755583b0966fdacfad4fbd879ef

SHA1
591e54a4c9c44dbe45acd2c7af5903bf4249d553

SHA256
1d25515b00a83f032a6d4c21b8c374f14a7caf9cab7ade6905d178718552b3ec

SHA512
995af0e78ab959f3c5be29bb26b10df555323884939392627639cad3695545f4452d5e8b084ce3eb97300747d53cf326738d868da2fad2355777ddb77a30bd62

Download Submit
\Users\Admin\AppData\Local\Temp\is-3OFLK.tmp\itdownload.dll
Filesize
77KB

MD5
b4efe1200f09cbf02f0d2ae326a84f3b

SHA1
83102a7f5465a14c78d04ca6d8703c68a5c599ce

SHA256
6bd9984dd28ce8cc13e8eb3b5ee9f6c8a6967e3b2288918665e2ae67fa1eb56b

SHA512
14c83df5ca8ce92efddb07bda1c6fff9cfbbfb1348ff6c2e6b523110bb1fd10023e09986bc7967824a5cf37789080d81f2a5deedc3df3925825f73e2a87b52a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-CNPJB.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-CNPJB.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-CNPJB.tmp\freemake_dl.dll
Filesize
131KB

MD5
0f7e2755583b0966fdacfad4fbd879ef

SHA1
591e54a4c9c44dbe45acd2c7af5903bf4249d553

SHA256
1d25515b00a83f032a6d4c21b8c374f14a7caf9cab7ade6905d178718552b3ec

SHA512
995af0e78ab959f3c5be29bb26b10df555323884939392627639cad3695545f4452d5e8b084ce3eb97300747d53cf326738d868da2fad2355777ddb77a30bd62

Download Submit
\Users\Admin\AppData\Local\Temp\is-CNPJB.tmp\itdownload.dll
Filesize
77KB

MD5
b4efe1200f09cbf02f0d2ae326a84f3b

SHA1
83102a7f5465a14c78d04ca6d8703c68a5c599ce

SHA256
6bd9984dd28ce8cc13e8eb3b5ee9f6c8a6967e3b2288918665e2ae67fa1eb56b

SHA512
14c83df5ca8ce92efddb07bda1c6fff9cfbbfb1348ff6c2e6b523110bb1fd10023e09986bc7967824a5cf37789080d81f2a5deedc3df3925825f73e2a87b52a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-CUDDK.tmp\FreemakeVideoDownloaderSetup_ccdd6c8f-6755-bacf-4ab8-66b08c09392e.tmp
Filesize
1.4MB

MD5
7e4aa70d53b36013428377346e0e268c

SHA1
b45756feef67b76d1d0caa459f035c3c115d4b0e

SHA256
642553254d18fbca9150d18b8189a502fed5f9e625a7fc58d3aafabb16a76893

SHA512
1b23c1f532327c3006225f345251a907875699c063bc3a47843b8ceb67b473f5404d4df50543a15d6fac002c7109eaa155c0f00c017182b93d71208e6e3180b8

Download Submit
\Users\Admin\AppData\Local\Temp\is-EROGS.tmp\FreemakeVideoDownloaderFull.tmp
Filesize
1.4MB

MD5
7e4aa70d53b36013428377346e0e268c

SHA1
b45756feef67b76d1d0caa459f035c3c115d4b0e

SHA256
642553254d18fbca9150d18b8189a502fed5f9e625a7fc58d3aafabb16a76893

SHA512
1b23c1f532327c3006225f345251a907875699c063bc3a47843b8ceb67b473f5404d4df50543a15d6fac002c7109eaa155c0f00c017182b93d71208e6e3180b8

Download Submit
memory/332-112-0x0000000000000000-mapping.dmp

Download
memory/340-109-0x0000000000000000-mapping.dmp

Download
memory/344-104-0x0000000000000000-mapping.dmp

Download
memory/584-171-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-262-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-98-0x0000000000000000-mapping.dmp

Download
memory/584-351-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-349-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-347-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-345-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-343-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-138-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-139-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-140-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-141-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-142-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-143-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-145-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-146-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-148-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-147-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/584-149-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-150-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-188-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-187-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-186-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-185-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-184-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-183-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-182-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-181-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-180-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-179-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-178-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-177-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-176-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-175-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-174-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-173-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-172-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-341-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-170-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-169-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-168-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-167-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-166-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-165-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-164-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-163-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-162-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-161-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-160-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-159-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-158-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-157-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-156-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-155-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-236-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-154-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-153-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-152-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-151-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-238-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-240-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-242-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-244-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-248-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-246-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-252-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-254-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-250-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-256-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-258-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-260-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-122-0x0000000000000000-mapping.dmp

Download
memory/584-264-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-266-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-268-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-270-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-272-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-274-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-276-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-279-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-281-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-283-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-285-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-287-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-289-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-291-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-293-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-295-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-297-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-299-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-301-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-305-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-303-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-307-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-309-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-311-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-315-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-317-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-313-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-319-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-321-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-323-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-325-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-327-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-331-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-329-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-333-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-335-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-337-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/584-339-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/844-58-0x0000000000000000-mapping.dmp

Download
memory/844-75-0x0000000073ED1000-0x0000000073ED3000-memory.dmp

Filesize
8KB

Download
memory/860-55-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/860-61-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/860-69-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/860-89-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/860-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/912-94-0x0000000000000000-mapping.dmp

Download
memory/960-95-0x0000000000000000-mapping.dmp

Download
memory/980-101-0x0000000000000000-mapping.dmp

Download
memory/1084-105-0x0000000000000000-mapping.dmp

Download
memory/1172-93-0x0000000000000000-mapping.dmp

Download
memory/1224-100-0x0000000000000000-mapping.dmp

Download
memory/1368-486-0x0000000000000000-mapping.dmp

Download
memory/1392-102-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1392-83-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1392-71-0x0000000000000000-mapping.dmp

Download
memory/1392-74-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1516-97-0x0000000000000000-mapping.dmp

Download
memory/1524-67-0x0000000000000000-mapping.dmp

Download
memory/1528-111-0x0000000000000000-mapping.dmp

Download
memory/1596-99-0x0000000000000000-mapping.dmp

Download
memory/1644-103-0x0000000000000000-mapping.dmp

Download
memory/1648-106-0x0000000000000000-mapping.dmp

Download
memory/1664-1234-0x0000000000000000-mapping.dmp

Download
memory/1752-80-0x0000000000000000-mapping.dmp

Download
memory/1752-91-0x00000000003D0000-0x00000000003E8000-memory.dmp

Filesize
96KB

Download
memory/1752-113-0x0000000074111000-0x0000000074113000-memory.dmp

Filesize
8KB

Download
memory/1772-866-0x0000000000000000-mapping.dmp

Download
memory/1852-108-0x0000000000000000-mapping.dmp

Download
memory/1912-107-0x0000000000000000-mapping.dmp

Download
memory/1932-87-0x0000000000000000-mapping.dmp

Download
memory/1960-77-0x0000000000000000-mapping.dmp

Download
memory/1988-96-0x0000000000000000-mapping.dmp

Download