e2b6c61998bc569a11863097cdfc06e892d477f2e312f6d28c90a9383a207a21

Analysis

max time kernel
65s
max time network
65s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe
Size

993KB
MD5

703dc7e738a27f02121af311c981b976
SHA1

c44fa3e35d25020667a27d9895079d2cb396f1dd
SHA256

e2b6c61998bc569a11863097cdfc06e892d477f2e312f6d28c90a9383a207a21
SHA512

e4bbde5f8774b15c44aaf4619b5b3eac7115c2994c93151c6d4dfc0c03232d30246e5f763aac89bef6cbf3f9b30d494b450ffb96ab3f975499bd14a854547f27
SSDEEP

12288:YSxG0wgUF888888888888W88888888888V32izEabYenR5TyeaDvsvXBIJ3HW05L:nxGxvhko5TyeWvsvXB+3HI1Vsr3V

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2560	FreemakeVideoConverterFull.exe
2428	FreemakeVideoConverterFull.tmp
896	FileAssociationTool.exe
3416	FreemakeVideoConverter.exe
3440	FreemakeVC.exe

Loads dropped DLL 64 IoCs

pid	Process
1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2560	FreemakeVideoConverterFull.exe
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp
2352	regsvr32.exe
2352	regsvr32.exe
2352	regsvr32.exe
2352	regsvr32.exe
2352	regsvr32.exe
2352	regsvr32.exe
2352	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
2072	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
1260	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
2472	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe
968	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-FDMV1.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Core.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-H5LOR.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-VN8K5.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-QFE93.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\System.Threading.Tasks.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\System.Net.Http.Extensions.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x86\is-ARMI8.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\pt-BR\Monetization.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.HtmlParser.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-ONA2J.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-9I30L.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x86\libcrypto-1_1.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\FFMPEG_43\is-IGRE3.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-UMIRS.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-CBJKQ.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-G12RL.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\da\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\is-MD2NB.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-34TFM.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\is-T75JO.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-9JA0L.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-LV4AV.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-5QDBS.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\is-7U80B.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\uk\is-ADQ6L.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\swresample-0.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-5TRDC.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-86PPA.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\avfilter-3.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-IVI6O.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-NM1OO.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x64\is-4T94Q.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-TRFKM.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\cs\is-REEQD.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x64\is-DHMQ3.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\YoutubeContentLinksExtractor\is-L60HA.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ja-JP\Monetization.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Detector.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\YoutubeContentLinksExtractor\is-4LTQ3.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\pl\is-ORBGQ.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\el-GR\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\YoutubeContentLinksExtractor\Jint.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\System.Net.Http.WebRequest.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-G5518.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\de-DE\is-D2DCO.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\MediaInfo.DotNetWrapper.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\it\Monetization.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x64\libcrypto-1_1-x64.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-QE8CA.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\uk\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ja-JP\FreemakeConverterCommon.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\fr-FR\FreemakeConverterCommon.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FmUpdater.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-TSTMH.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-LOTO1.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ru-RU\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-JPE9O.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-QVK6M.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\is-GCCSA.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\Toggling.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ja-JP\is-2E0J9.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\NLog.dll	FreemakeVideoConverterFull.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 6 IoCs

Process Discovery

T1057

pid	Process
796	tasklist.exe
2732	tasklist.exe
2036	tasklist.exe
2152	tasklist.exe
540	tasklist.exe
1720	tasklist.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95BF9905-1825-4B88-B191-2E5E9F81B414}\TypeLib\ = "{8F935BB6-1360-4F01-89BE-8D394CA9E36C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{36BC61DD-C4F5-481F-A29D-4AEB4968340C}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\FMMediaUtils.DLL\AppID = "{7d3b747c-1cc0-40f3-89b3-d8ccd95dde12}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ffm\ = "FreemakeVideoConverter.ffm"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pva	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6870c3b7-4b37-4de7-a5db-f0b51ac0c9b8}\TypeLib\ = "{8f935bb6-1360-4f01-89be-8d394ca9e36c}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceAudioSilenc.1\CLSID\ = "{4cbc1dd8-4ff7-4da8-9e01-120f69fe17c4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ffm	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.pgm\shell\Convert with Freemake\command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -ConvertWithCommand"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{baad6aa7-889d-4db4-8666-f71544310e82}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.MediaDataVideo.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23A93418-2CF0-40F3-BFFE-560E8C1753D6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.film\Shell\Open\Command	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaUtils.DetectAverageFormat\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.svi\shell\Convert with Freemake\command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -ConvertWithCommand"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.MediaData.1\CLSID\ = "{6496aa7f-81b2-4530-80b8-1f9b6d4c151e}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{27F29E96-6CD1-45A4-9BD4-C4F5BB4D8EB6}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformResize.1\ = "TransformResize Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23A93418-2CF0-40F3-BFFE-560E8C1753D6}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28be759f-b95f-4ad5-8748-0550cf9f9a0b}\VersionIndependentProgID\ = "FMMediaSource.MediaSourceSyncReader"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A107A839-47EB-4B43-9101-81B0EAA893FC}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{22E65E8B-7B25-470B-84AF-60A058C4E9B7}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4812405D-07C3-4717-8FE3-25D7B8867718}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A468C52-785F-4E0B-95A4-74DE9081D283}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dv1394\shell\Convert with Freemake\command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -ConvertWithCommand"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ac3	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A107A839-47EB-4B43-9101-81B0EAA893FC}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mkm\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -OpenWithCommand"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2768C270-27B9-45D0-8C4F-72E6AFE7A67C}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34828d7b-dc12-4ab8-8c44-87282f920d34}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.m2ts\Shell\Open\Command	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mts	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28c82e28-f87e-45d7-b60a-29d43e68bf05}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{dc3e97dd-3607-4915-a2d0-0afbbd73c2d1}\ProgID\ = "FMTransformBase.TransformVisualisati.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9620AAE3-7818-422F-B3B3-73699E27F0C3}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2c69b6b7-7c30-47df-b341-f6e679442021}\ = "MediaSourceContainer Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rv	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3118ED38-33E7-4EED-9EA0-0EBC0B746236}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.h261\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.bik\Shell\Open	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.asf\Shell	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.m4p\ = "FreemakeVideoConverter.m4p"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceCache\ = "MediaSourceCache Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.avs\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -OpenWithCommand"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.f4b\DefaultIcon	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ca42aba-47bb-43da-9ad2-a7c125a31f3d}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35C5B631-A8A0-490A-8BB7-B723710E8DA2}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.f4b\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.mp4\Shell\Open	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mpg\DefaultIcon\ = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.webm\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6870c3b7-4b37-4de7-a5db-f0b51ac0c9b8}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.pgm\shell\Convert with Freemake\command	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e3212827-8be8-4af7-b07f-b41bd298866e}\InprocServer32\ = "C:\\Program Files (x86)\\Freemake\\COM\\1.1\\FMMediaSource.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dpx\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceStreams\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.r3d\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.ea\DefaultIcon\ = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.flx\Shell	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.tod\Shell\Open\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformVisualisation\ = "TransformVisualisation Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{375BE98B-6804-43B9-BD47-3C86624B8E37}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE2BE5BD-32C2-44D6-8F7E-81AFDBB3AF66}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wv	FileAssociationTool.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp

Script User-Agent 4 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	18	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	11	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	13	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2428	FreemakeVideoConverterFull.tmp
2428	FreemakeVideoConverterFull.tmp

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	796	tasklist.exe
Token: SeDebugPrivilege	2732	tasklist.exe
Token: SeDebugPrivilege	2036	tasklist.exe
Token: SeDebugPrivilege	2152	tasklist.exe
Token: SeDebugPrivilege	540	tasklist.exe
Token: SeDebugPrivilege	1720	tasklist.exe
Token: SeDebugPrivilege	3440	FreemakeVC.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
2428	FreemakeVideoConverterFull.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3416	FreemakeVideoConverter.exe
3416	FreemakeVideoConverter.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 1760 wrote to memory of 2476	1760	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe	28
PID 2476 wrote to memory of 2700	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	29
PID 2476 wrote to memory of 2700	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	29
PID 2476 wrote to memory of 2700	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	29
PID 2476 wrote to memory of 2700	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	29
PID 2476 wrote to memory of 2560	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	33
PID 2476 wrote to memory of 2560	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	33
PID 2476 wrote to memory of 2560	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	33
PID 2476 wrote to memory of 2560	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	33
PID 2476 wrote to memory of 2632	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	34
PID 2476 wrote to memory of 2632	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	34
PID 2476 wrote to memory of 2632	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	34
PID 2476 wrote to memory of 2632	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	34
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2560 wrote to memory of 2428	2560	FreemakeVideoConverterFull.exe	36
PID 2476 wrote to memory of 2964	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	37
PID 2476 wrote to memory of 2964	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	37
PID 2476 wrote to memory of 2964	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	37
PID 2476 wrote to memory of 2964	2476	FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp	37
PID 2428 wrote to memory of 1288	2428	FreemakeVideoConverterFull.tmp	39
PID 2428 wrote to memory of 1288	2428	FreemakeVideoConverterFull.tmp	39
PID 2428 wrote to memory of 1288	2428	FreemakeVideoConverterFull.tmp	39
PID 2428 wrote to memory of 1288	2428	FreemakeVideoConverterFull.tmp	39
PID 1288 wrote to memory of 796	1288	cmd.exe	41
PID 1288 wrote to memory of 796	1288	cmd.exe	41
PID 1288 wrote to memory of 796	1288	cmd.exe	41
PID 1288 wrote to memory of 796	1288	cmd.exe	41
PID 1288 wrote to memory of 1608	1288	cmd.exe	42
PID 1288 wrote to memory of 1608	1288	cmd.exe	42
PID 1288 wrote to memory of 1608	1288	cmd.exe	42
PID 1288 wrote to memory of 1608	1288	cmd.exe	42
PID 2428 wrote to memory of 1804	2428	FreemakeVideoConverterFull.tmp	44
PID 2428 wrote to memory of 1804	2428	FreemakeVideoConverterFull.tmp	44
PID 2428 wrote to memory of 1804	2428	FreemakeVideoConverterFull.tmp	44
PID 2428 wrote to memory of 1804	2428	FreemakeVideoConverterFull.tmp	44
PID 1804 wrote to memory of 2732	1804	cmd.exe	46
PID 1804 wrote to memory of 2732	1804	cmd.exe	46
PID 1804 wrote to memory of 2732	1804	cmd.exe	46
PID 1804 wrote to memory of 2732	1804	cmd.exe	46
PID 1804 wrote to memory of 2924	1804	cmd.exe	47
PID 1804 wrote to memory of 2924	1804	cmd.exe	47
PID 1804 wrote to memory of 2924	1804	cmd.exe	47
PID 1804 wrote to memory of 2924	1804	cmd.exe	47
PID 2428 wrote to memory of 1952	2428	FreemakeVideoConverterFull.tmp	48
PID 2428 wrote to memory of 1952	2428	FreemakeVideoConverterFull.tmp	48
PID 2428 wrote to memory of 1952	2428	FreemakeVideoConverterFull.tmp	48
PID 2428 wrote to memory of 1952	2428	FreemakeVideoConverterFull.tmp	48
PID 1952 wrote to memory of 2036	1952	cmd.exe	50
PID 1952 wrote to memory of 2036	1952	cmd.exe	50
PID 1952 wrote to memory of 2036	1952	cmd.exe	50
PID 1952 wrote to memory of 2036	1952	cmd.exe	50
PID 1952 wrote to memory of 628	1952	cmd.exe	51
PID 1952 wrote to memory of 628	1952	cmd.exe	51

C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe
"C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\is-0R6AQ.tmp\FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0R6AQ.tmp\FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp" /SL5="$400F4,492653,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" "C:\Windows\system32\cmd.exe" /S /C "ver > "C:\Users\Admin\AppData\Local\Temp\is-TDUQ2.tmp\~execwithresult.txt""
    3⤵
    PID:2700
- - C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe
    "C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe" /LANG=en /dotnet=0 /skip_welcome locale=GB /DIR="C:\Program Files (x86)\Freemake" /autoinstall
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\is-HEV2H.tmp\FreemakeVideoConverterFull.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HEV2H.tmp\FreemakeVideoConverterFull.tmp" /SL5="$301EA,80886473,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe" /LANG=en /dotnet=0 /skip_welcome locale=GB /DIR="C:\Program Files (x86)\Freemake" /autoinstall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2428
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVD.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1288
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:796
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeVD.exe"
        6⤵
        
        PID:1608
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVC.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1804
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2732
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeVC.exe"
        6⤵
        
        PID:2924
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeAC.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1952
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeAC.exe"
        6⤵
        
        PID:628
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeMB.exe"
        5⤵
        
        PID:572
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2152
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeMB.exe"
        6⤵
        
        PID:2148
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeYB.exe"
        5⤵
        
        PID:684
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:540
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeYB.exe"
        6⤵
        
        PID:2060
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-FJ1DJ.tmp\CheckRunningInstance.cmd""
        5⤵
        
        PID:3004
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1720
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeAC | FreemakeVD | FreemakeMB | FreemakeVC | FreemakeYC | FreemakeYB"
        6⤵
        
        PID:1300
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:2352
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:2072
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:1260
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMVideoConverter.dll"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:2472
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMDVDMenu.dll"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:968
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaUtils.dll"
        5⤵
        Modifies registry class
        
        PID:3300
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMPlayerLib.dll"
        5⤵
        
        PID:2476
    - - C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
        5⤵
        
        PID:3216
    - - C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
        5⤵
        
        PID:3268
    - - C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe
        
        "C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe" --installPath "C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe" --isNeedToAssociate true
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:896
    - - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
        
        "C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe" --AutoRunType=AfterInstall
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3416
      - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
        
        "C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe" --AutoRunType=AfterInstall
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3440
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
    3⤵
    PID:2632
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
    3⤵
    PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll

Filesize
412KB

MD5
0ac5a856face52e1ca502fc2622e1a00

SHA1
00db588293376a8ad8f1416debb9265f77acaaf0

SHA256
82fab0ac64e4dd2bad4b8f5ba2ec7ea3f791f9328a602253502ecb15f83fd0f8

SHA512
720e8783df9b999a004aa53302261117d3129fed9284c917bef40df9326e7faa3d7e20dcab8232016b831a08a9088ec0fb78f8b66108f1eff7ef6933402c2c95

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll

Filesize
812KB

MD5
4c76d6323d45710948e755ec1c6759a7

SHA1
dec7bd7f789cdef7222746fe8611cf81c3b04f2b

SHA256
70cb0b13f3cf4c71658541ffcc1c35f03077c6dd10ce4c0ef67c9181d6d6954b

SHA512
e01fa0f0d1be81ce462a1dff1a1b809a73bb02d6c7fd7bbdda20e1fab46442ddce281473fcd80e38ab9ef01ddb073e657e48e1201d021885094c90485eb05923

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-189JC.tmp

Filesize
137KB

MD5
be699c034e6b71c5d10bfda969e16879

SHA1
43f8d7929fc02a3a1e34725dbbd16232cfbcf740

SHA256
d3a31f2c4382f3d22462053569e18bdc682afacf3aaff3d05dfe266b748be583

SHA512
b613d5ba95c0ccd29d4e1d239ef07e1a7b30a6c303f0b6604cf5caa51078e59c31c9b33dfa014187ad90883d27126043eb9dabf65e7c9375a55d9e59cc1e254d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-1RFMM.tmp

Filesize
30KB

MD5
6208604d0df4178afc9efb579956847c

SHA1
78bbd56304eab76a1d5e7f9082cdb799b1f6a942

SHA256
dbbb962393acf058a16cc568c12fe34f348e249d65a8c86f11eaa18416ff7479

SHA512
6d6568f862fa75a0c5e3369b125fe8d0d3b9ea12817bbed2336c2eee7f693158cba78029ae8fb63a0790b63b68925a1486cad845475e6cd2f4f59e04f31b74b8

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-5HRE1.tmp

Filesize
560KB

MD5
8f81c9520104b730c25d90a9dd511148

SHA1
7cf46cb81c3b51965c1f78762840eb5797594778

SHA256
f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886

SHA512
b4a66389bf06a6611df47e81b818cc2fcd0a854324a2564a4438866953f148950f59cd4c07c9d40cc3a9043b5ce12b150c8a56cccdf98d5e3f0225edf8c516f3

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-7BHJH.tmp

Filesize
21KB

MD5
8e4e0ea396b5452bed54e6888cb07ca1

SHA1
1a7afcdd7f118b3ef8f1d9761fa71faeee16fd2c

SHA256
dfeab83e6a9555a6c18070c611d868e117fa2fef6f815da26e622feb2e610254

SHA512
e160570f598d5fdd637725a70595a7ddc247c20aed66c031ff9816142231c8ea58c69fef7f5eb8e10120e5e5ad68ececb1b584054832464046209c9e04cc1aae

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-AD18P.tmp

Filesize
2.0MB

MD5
3b3eeb0337c92baac12497a2498de0d4

SHA1
81eace931b0e85a3a7a9fe553c52044a6e41b0ab

SHA256
1acb31648cc71bb579315e9b3d1bcc2faf3c877137be33fcb72348aee15a6313

SHA512
5211f92a0adaaa44aaba70144d256ccce9e569cc9fee962addfe3b11cf12dffcf8c29152c3ea4e6c03e9d910e720271f68ab8cca2aca248c44420873de4f61fb

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-BCAVI.tmp

Filesize
367KB

MD5
313defd8ed9a742af1ff8a16fd508f3f

SHA1
ab14db48b983fd431eefb2ad98613ab2ce90cd8e

SHA256
e608a0c3236e6a833a994a3d251d85fb12648b76f834d0d9fd9786dcc613a368

SHA512
462125725a7954bda2032cb4f54324e892869ddd01f9355a13b32d394d70a6e2858a49aa27f8f7770dc9d6d77c4d2da8bde337a1c6cefd63643820914954056c

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-DA1B4.tmp

Filesize
56KB

MD5
849f91a42091424435791aea5e257885

SHA1
c49cbc0843855cf5cdb148e64f608173187f6b22

SHA256
8ee6163b5d9ad5b8def2f3bbaea74633018c23dd6b4d310e92fa9717423a0452

SHA512
aba906b45b51cae71ad343d90b8c446268d038997f7fd918751d41d7f9650bc698eb7e76d19501a8e14d130b0e8dbab1fafc2a0059aa5b57b84dab880832d8a7

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-HLR8Q.tmp

Filesize
26KB

MD5
1925e1654510ee0914ff3360c6c94765

SHA1
a032c1456dc199189310ef4df533bceeb6c41a92

SHA256
6e599d81a2b8d803ca794c25111fea54c34356c4ed853b926c9ab42a4b0d6454

SHA512
1995a5f16aaa62d23d69022b613362b7cf952059cc9c4fbddfcbe0905b94b02599dd4b5a784344a2b541457ec255b8f38baccb7919f04f323d35b59b2e10d0d1

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-P8QFC.tmp

Filesize
34KB

MD5
85f6f590b5c4b8c7253e9c403c9be607

SHA1
d5a9db942a50c8821bacd7f6030202c57ec4708b

SHA256
d20552fd5c8c8c9759608a84db1e216da738f5e9f46de9e8a3f39a0d6265cb8b

SHA512
9c78cb444e28618d44e9deb23571fc7bbce268882c2803e0ccc0e84b3e6eab89c6af2aac0d81ef0d2c9fd1e9611cb35334ef3304fb16c5ba0481f6a7273c3660

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-QFE93.tmp

Filesize
100KB

MD5
fc3bd6e569eca92b5c57aa67b9ccaf7e

SHA1
1ae7cd63a312146d467180ec2a092a109802bb77

SHA256
4a6da21b14f87a4b829ba8a1e6c0857df777b024d578319dda5b2686af8aa10e

SHA512
c1f4698cb4d689f810abc6a0c43040461fcfe80aadaeaa13543e52c20cad8c18a33340e1b071db54e3c97f5773768ec0daca4500f1f8ba19b12b9b86ed9ecb0b

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-QLDD6.tmp

Filesize
186KB

MD5
3002e884c5c15a15b68eaef3c62ff254

SHA1
d7e053ac51f562b92fd4032ad769adea7255230c

SHA256
3e71eb02ae8d01cb8159cc5f9ff3ff1976aec5872298ed45310b58f18708eac0

SHA512
0789fb15f8e062ac2af6785a240b9b7d482b5f179fdb2e6b5ef9f841092c1a631b27f3db7738163f73cb609d8f5918fe2bb166731107061ece21c7a18a2a3989

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-S69DA.tmp

Filesize
21KB

MD5
018841345cfbf45eda4cd1adb74fd68b

SHA1
f9928ef8b78f7cf2d3eb3ec68d28f36c89fff3da

SHA256
acf0e0555afed095cf12f719a3cd0e745435ced2575840a46a40ec61ed632265

SHA512
7dd159dc1d64e49a9106c2f04a46643c9aafb83fc017d4f98f63b63d6317fc4ab370fafb63bb512bfb6b4ec7ef2b2e6b362bb7f035a23dd1046d6dc2499ea5ff

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-SHD7B.tmp

Filesize
20KB

MD5
d552de7d39179b914db7cc2dbdd005c2

SHA1
044329c6c335224ba05a4e398a5fcb204f13ac36

SHA256
24bd076d31dc9d363eb2adb8b27a7d45d9f975aeec565132d27901537e31f239

SHA512
b82cbd6c4b3d378fba1793858c556ea1fdaa405905686ce219f192d16041e79aa063145c6d469aa7c15aa945d3ef344618fa0996d6611282a8718dd0de77d64d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-UE52C.tmp

Filesize
11KB

MD5
5cbe82ed3a02f62d0335c0332a61b46a

SHA1
e3abeb16508ac8912305791c8e41d5909bcb00c8

SHA256
44c0a4c46e14d32e6bcadbc8d138c561e378a98e481423a4e4a87711b551c93b

SHA512
52411d7cd2ca9d4225820a12f1c4177746ef1602c6e56836dac86b88b9b16a05731da2b05e5d21480309fe1a6823ca105c38bedccbc5c6396a4156a279953c5f

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-4BL9J.tmp

Filesize
2KB

MD5
4b6e75d7e279366baa742e583ce67d92

SHA1
1ca1c479a9143e2fff78ec6606df187c7e60e53a

SHA256
d0f1a3b3c161971280ed90f3b8b77a1018bcc5f8302ebd4bfb01c3fa3d50a7a7

SHA512
6efac695278fc675d6d6f0edc20b020c9b7b409b6abafb021ed5761e2ee4b1f348b4a3677f97397cd4177271e5dd51212bac6666cbfed4213502651c5a4b7298

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-B5V1V.tmp

Filesize
19KB

MD5
ee1055420c68b4ccc06208b0cf4c654e

SHA1
c278771d201c5ad909a138ed4c48e6bfc0e9ed85

SHA256
28b5b021325cbbb1e180dad3135410de1cd7538add4ca3e12eaaaefa94294a5a

SHA512
60ab74bc60436a3910a070f7eddd54cf9126e83e126972ce432ef30e5a7f4077dc6107ec0511e260fa4504070ab1387c5df1fccee87240c7144b67e9da9e7160

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-EHBJE.tmp

Filesize
145KB

MD5
159436ab11f4366ef25d589552f58f86

SHA1
aefbb3bcf720cdc51d3293a139e99ec57efd0f9c

SHA256
5fe7f69c0eb8c4aed4cc839dd183849ceb1f9f6007305b88b3f47cf15bd36e0f

SHA512
96feeae387464f75a78fa1239e6f9d7b1589b3e0e05f1f983023f3c85f2c2bcec888bdb1f0537253b8c7fa59bef8df0d5960a003bedf8bb27c0f36bdb837bb59

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-ONA2J.tmp

Filesize
27KB

MD5
44fdf719cd03db4410c946a86ca5c9e3

SHA1
a88d1437c30a0935739a42b753b4bb28d5ebbfeb

SHA256
8368f2b7db4b454e770a150de40321bac420d52d2f8b71379767178d242790e1

SHA512
7e0e50550d139cea471af5f598ba8899ff614208fd788dc86bce37233e25b07a42d2e474dd58ddc886d78c4d91c912034e9d9c71856a23a30da5335edd29d656

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-SNML8.tmp

Filesize
8KB

MD5
d2687fb5cc9fcc588816f53b1e3c6289

SHA1
3447db47af12dcb4359b5f19eb44d095737ea55e

SHA256
676b414d52f50df1fc59e20cbde2add918731a14aae3a69882a1562f1526014b

SHA512
887ed96f26459f9a117eb6904ae664c708af06bb7838e9d208777909a2b31ec70c3f47e075299dc8c1e602f3a53ce9d3ac626f92611c54cd81d097f3c967f4d0

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-0F47P.tmp

Filesize
432B

MD5
1f3aba959f7a154afb38dffb9068f028

SHA1
76d525771144cff4f89dc63ad5885d28752bade4

SHA256
85bc6b1493da8cba9ea57f9328a4066e8c5ace3b6fe8503244c5cd05f1ef000f

SHA512
77c38e7f3c2abac0e66321f8cd9d8046fa6df6699fb7e7417e7a9dc8765b0c6b0824e895617d6915e49293ffa115ae29ab318a18207aa9551dee871152c1cf41

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-TVBSJ.tmp

Filesize
36KB

MD5
d01819bfe03222dfa9e35a36555b6b6c

SHA1
25f8069590b14724f28e6a04b8a42e4ef4a8562d

SHA256
5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94

SHA512
e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe

Filesize
34KB

MD5
adbe6332a385e01ccbff422fb0387d3f

SHA1
64743334654af23baaaad414a889494cb45ac4ea

SHA256
4bd31790e926009f95fbddab5f1fb7e4d313e0dd8b22c735048c2ed36e75c0b4

SHA512
81f67b54e621160f5bfd5357c6847e1181d44a307a0995b9e180213e232950b15aab28bea40d981a48f78de39c4483d88e01d56715b2ef85ec41f1b25b559448

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FoxSDK\msvcp100.dll

Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\YoutubeContentLinksExtractor\is-626DK.tmp

Filesize
21KB

MD5
7f86a47acd4d810ad673af81369f2f26

SHA1
cea8da1478f2dee41ed2ecd2059b73d1c161734e

SHA256
9c8b87e9a950deb7f28752f875ea82f1b55a70996ac8c12073fcea33664b2048

SHA512
372a61489665bd37c552c383faff971fdb2d581d45664a37e5d58dbd894b26b5cc8403800a559f489bb4fa47f088e6e06553eca65efb16ab9867e5a80a0a7aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1576.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1579.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FJ1DJ.tmp\CheckRunningInstance.cmd

Filesize
96B

MD5
92dbcc7a2f8c552b1f541bd1018b44c5

SHA1
f9956c2066adacbd7cfe80941dabf46a4cc27db7

SHA256
5e314bf3f0a6e062a60d1b009e02f3128132de0206a3d197da27651a3d13fc32

SHA512
d393eb9b228f2ee74172ef28464b5b89daf14abc88135335a5bf364fa7bd4640c3b95c62296c6db15561ee010386a33120cf288446a9ce63a3cee0b3b82b7991

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TDUQ2.tmp\~execwithresult.txt

Filesize
40B

MD5
082f2e97e670228e3b323c6a3a874f40

SHA1
e50760edb5e88385449a44818f5726e5beed7aab

SHA256
292bf366a534157e5414f344218c9df828e2f211617fc84352f3ab2564050941

SHA512
ad96826fb4a9ad5296acf1136bd81348492b4e191ba7936fe515a254f7bb789ab7bb3b939a5b9094b0fdaca9b4ad0f0445034a6eb2d78bd1529c2e638eafbe91

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll

Filesize
459KB

MD5
7dd0eb997a6e125e8f9f8b430f303ff9

SHA1
a187b80e5c81cc6ce5becd748cbe67385787f016

SHA256
f35540e90f5b09123882c84eb0b70f7c3a9bb22a0d578d6990159fddda97a595

SHA512
dcd32721f5b686d572fe4a01f943e64142ad036c8f1fe87d7ab3aa30e19ff6bcb69d0d2c2f563903ee8de4970ff973d984f3778b067810efc62d11fd17b73bfe

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll

Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll

Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avresample-1.dll

Filesize
135KB

MD5
6d02a67f1a77371dcf16a3dd70ae3cb8

SHA1
5bdd8a649e35686362ef010420d85eff624d00a5

SHA256
9d23781f9b54a3f37e872ce23df6ac64a695dcadf794d388f9266861ef7f790e

SHA512
bb0c7ddc280d4d518a925e92706d5f567220a07181dedc4c1c3a6a745d567b7461590063304288395fdd61312d121d384568e89e94464ff4937137d9df7f1ea1

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll

Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
\Program Files (x86)\Freemake\COM\1.1\libdvdnav.dll

Filesize
229KB

MD5
915547ec7701be659cc21452a1258b2b

SHA1
e0056e9ef53fa9714c0ddea1f069da07e502e85e

SHA256
6d63a4ed2c0226024b69bb27267488a43e5fd3ad5b2e342abfba3e55bc95884f

SHA512
617743e696090eb9eb42d38157bf216ee5e214e300c0db8b95a9614d372953f472bc7922676995b6bcd4247b8d506f0972af385b9e7e554a5dfff5e06cf081cb

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll

Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
\Program Files (x86)\Freemake\COM\1.1\swscale-2.dll

Filesize
326KB

MD5
d06d733f491a19bd76379565ffbf0556

SHA1
1125234bc8a4702b515bc0a12c9ca82e9583bd63

SHA256
05cd12a6f470b271cf47bd2637136e8720a00e67668df8d8499f406f0c52ea14

SHA512
e52ff24705db9fcc02571132e4d6debe329031c5c65a70de47e2f163e0c8f6e355d74abb9a24ad3cf888c8e7cf9f3df56df60dba4a87743f362624bf58a97f35

Download Submit
\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll

Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe

Filesize
2.2MB

MD5
2d4d74d386176b336e99452417ec73a2

SHA1
860e8744a297eefdb00e1a582e533e0b7e001e4c

SHA256
06492ab77da4a0279a7b53e7936fcd17158979805ea94b42bad47ddf3b366f57

SHA512
5e2486102302208975623485262e6528c960493ac9bab3049838fb0d5593a3c6ac6624fee43b9e9abd765c314627e1b5511f08eebebf64a0562e30e06a826928

Download Submit
\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe

Filesize
1.4MB

MD5
6173ec8b839f624919ae7abd573efac8

SHA1
c94fa23e6dd281e5f46086d4a540c9d9e168ff68

SHA256
01ff314d9faed4ef45eba717a8cfd999884a94cb513ded6cb6f077d235ce99f4

SHA512
013efbe1fe7e1b3a0cfe4df60feb736f1e772b8f368a8b81026490180b4b0a3a87377587f3c714c923159b08980aaaab76c81cf4099da76b3974892d11d210ef

Download Submit
\Users\Admin\AppData\Local\Temp\is-0R6AQ.tmp\FreemakeVideoConverterSetup_0712ab07-b646-faeb-d405-80360bd41b22.tmp

Filesize
1.4MB

MD5
14f5c8abebd8e51360030d1ae3137669

SHA1
1c72106cc170fe5b2bd20b9e59584af989fff486

SHA256
c9ba417f020aef7547038326d6892d1b4967634c7bb7068ed6498e8256546d46

SHA512
d575db9a4aac597751ccc5a524a8f5972298786c5f17713fc4072f2a84c0a7cade8e442c3737fb9e8879d5cd403788a638fe59821eb390b5d85e50fd9886ba32

Download Submit
\Users\Admin\AppData\Local\Temp\is-TDUQ2.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-TDUQ2.tmp\freemake_dl.dll

Filesize
131KB

MD5
af56804db5beb8ac95199798f54f461b

SHA1
6065bc502b623deda68d17f6b7b1aa470bd5c42d

SHA256
6524c505e4c2b74dbb3c9470abaa4a09a71931cd973a74a5c54926537c2d26cb

SHA512
5bdd0f72cb0ff639ed806894800791bdd611c280624d3da5a3048727ec4466b3e3fe8e1f5f0748ae6cf1d84524001a24fcd7258aec41242d6b113552c83f5686

Download Submit
\Users\Admin\AppData\Local\Temp\is-TDUQ2.tmp\itdownload.dll

Filesize
77KB

MD5
b4efe1200f09cbf02f0d2ae326a84f3b

SHA1
83102a7f5465a14c78d04ca6d8703c68a5c599ce

SHA256
6bd9984dd28ce8cc13e8eb3b5ee9f6c8a6967e3b2288918665e2ae67fa1eb56b

SHA512
14c83df5ca8ce92efddb07bda1c6fff9cfbbfb1348ff6c2e6b523110bb1fd10023e09986bc7967824a5cf37789080d81f2a5deedc3df3925825f73e2a87b52a6

Download Submit
memory/896-3061-0x0000000000300000-0x0000000000314000-memory.dmp

Filesize
80KB

Download
memory/896-3060-0x0000000000030000-0x000000000003C000-memory.dmp

Filesize
48KB

Download
memory/1760-65-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1760-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/1760-25-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1760-0-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2352-1236-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1245-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1209-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1207-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1211-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1213-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1210-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1208-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1206-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1205-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1212-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2352-1218-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1223-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1231-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1237-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1238-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1235-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1234-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1233-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1232-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1230-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1229-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1228-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1227-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1226-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1225-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1224-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1222-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1221-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1220-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1219-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1217-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1216-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1215-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1214-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1250-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1251-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1249-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1248-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1247-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1246-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1239-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1244-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1243-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1242-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1241-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2352-1240-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2428-75-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2428-68-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/2428-76-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/2476-17-0x00000000031D0000-0x00000000031E8000-memory.dmp

Filesize
96KB

Download
memory/2476-8-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2476-63-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2476-54-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2476-55-0x00000000031D0000-0x00000000031E8000-memory.dmp

Filesize
96KB

Download
memory/2476-2856-0x0000000011000000-0x0000000011065000-memory.dmp

Filesize
404KB

Download
memory/2476-26-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2476-27-0x00000000031D0000-0x00000000031E8000-memory.dmp

Filesize
96KB

Download
memory/2560-37-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2560-74-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/3440-3234-0x0000000004F50000-0x0000000004F68000-memory.dmp

Filesize
96KB

Download
memory/3440-3070-0x0000000005670000-0x00000000057DE000-memory.dmp

Filesize
1.4MB

Download
memory/3440-3233-0x0000000004F30000-0x0000000004F44000-memory.dmp

Filesize
80KB

Download
memory/3440-3240-0x0000000005000000-0x0000000005028000-memory.dmp

Filesize
160KB

Download
memory/3440-3239-0x0000000006A10000-0x0000000006B6E000-memory.dmp

Filesize
1.4MB

Download
memory/3440-3227-0x0000000004E10000-0x0000000004E2A000-memory.dmp

Filesize
104KB

Download
memory/3440-3228-0x0000000004EE0000-0x0000000004F12000-memory.dmp

Filesize
200KB

Download
memory/3440-3229-0x0000000004DA0000-0x0000000004DAE000-memory.dmp

Filesize
56KB

Download
memory/3440-3230-0x0000000004E30000-0x0000000004E3E000-memory.dmp

Filesize
56KB

Download
memory/3440-3069-0x00000000009D0000-0x0000000000A32000-memory.dmp

Filesize
392KB

Download
memory/3440-3071-0x0000000000500000-0x0000000000514000-memory.dmp

Filesize
80KB

Download
memory/3440-3072-0x00000000057E0000-0x00000000059E0000-memory.dmp

Filesize
2.0MB

Download
memory/3440-3068-0x0000000000B70000-0x00000000012FA000-memory.dmp

Filesize
7.5MB

Download
memory/3440-3241-0x00000000053D0000-0x00000000053FA000-memory.dmp

Filesize
168KB

Download
memory/3440-3252-0x00000000073D0000-0x0000000007460000-memory.dmp

Filesize
576KB

Download
memory/3440-3255-0x0000000008200000-0x000000000843E000-memory.dmp

Filesize
2.2MB

Download
memory/3440-3256-0x0000000006080000-0x000000000608C000-memory.dmp

Filesize
48KB

Download
memory/3440-3257-0x00000000061E0000-0x00000000061EA000-memory.dmp

Filesize
40KB

Download
memory/3440-3258-0x0000000006200000-0x0000000006216000-memory.dmp

Filesize
88KB

Download
memory/3440-3259-0x0000000006640000-0x0000000006648000-memory.dmp

Filesize
32KB

Download
memory/3440-3260-0x0000000006660000-0x000000000666A000-memory.dmp

Filesize
40KB

Download