54551f4b39f9045379c4ff93e0a8f81f2c3900b5157eeab6b41ff3f13e743372

Analysis

max time kernel
268s
max time network
260s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe
Size

993KB
MD5

e4996114d73b1bb24b7e67b034e24822
SHA1

d52043af823c2a6f7cb27dfd278638e4abd652b5
SHA256

54551f4b39f9045379c4ff93e0a8f81f2c3900b5157eeab6b41ff3f13e743372
SHA512

a5f67e60415450c11bc04744a45309abb0bbed4d733e3705b772d3d7d2424d2bf4f1976a4ef1b22e5a2df169f82fa2846e38fb2abd78508c3d2491201d264b7e
SSDEEP

12288:rSxG0wgUF888888888888W88888888888BAOeFC0bYgVa/ebO+08WLfvsvXBIJ3R:exGlPeFC0kq9IvsvXB+3HI1Vsr3Vd

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

Processes:

FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmpFreemakeVideoConverterFull.exeFreemakeVideoConverterFull.tmpFileAssociationTool.exeFreemakeVideoConverter.exeFreemakeVC.exe

pid	process
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
1196	FreemakeVideoConverterFull.exe
1056	FreemakeVideoConverterFull.tmp
3684	FileAssociationTool.exe
3904	FreemakeVideoConverter.exe
3916	FreemakeVC.exe

Loads dropped DLL 64 IoCs

Processes:

FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exeFreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmpFreemakeVideoConverterFull.exeFreemakeVideoConverterFull.tmpregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

pid	process
2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
1196	FreemakeVideoConverterFull.exe
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
620	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2124	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
2944	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe
924	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates processes with tasklist 1 TTPs 6 IoCs
discovery

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid process

1000 tasklist.exe
1584 tasklist.exe
2356 tasklist.exe
1556 tasklist.exe
1648 tasklist.exe
1964 tasklist.exe

pid	process
1000	tasklist.exe
1584	tasklist.exe
2356	tasklist.exe
1556	tasklist.exe
1648	tasklist.exe
1964	tasklist.exe

Drops file in Program Files directory 64 IoCs

Processes:

FreemakeVideoConverterFull.tmp

description	ioc	process
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\zh-CN\is-4K07L.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ja-JP\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-9PT29.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-9GF33.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x86\is-JERGU.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ja-JP\is-43EN9.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-FTPTN.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-B24LL.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-B32KU.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-7O09S.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-K9TLQ.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-FN34N.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-3JTE8.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x64\libcurl.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\ForFlash\is-CUDRJ.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-PV6J1.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-6KCAE.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-Q2VEJ.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\FMProfileManager.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x64\is-ULHAS.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\it\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\is-8TOL2.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-A9JQS.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-NFK61.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.TrackDownloaderLib.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-9R4VR.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-514LP.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-ITC1O.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\CommandLine.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-G0U86.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-A9SMA.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\is-TBA2N.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\Monetization.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-KVU0I.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-SAS5G.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\System.Net.Http.WebRequest.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\es-ES\Monetization.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-CE8UA.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\pl\is-E67AA.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\Microsoft.Threading.Tasks.Extensions.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x86\is-2HGM4.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\is-NNF5E.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-CRE99.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-42PPI.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-RASTG.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\System.Net.Http.Primitives.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\pl\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-6V2I8.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\NLog.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-7G2BK.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-INDFB.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-GR3QA.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-FDERS.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-GAVHO.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-BOBPJ.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-VAV3B.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\ForFlash\is-VB6K5.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-HURRH.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\FMVisualization.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ru-RU\FreemakeConverterCommon.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-6HLCR.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Common Files\Freemake Shared\Curl\is-50SBC.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-8H6D8.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-LGPF3.tmp	FreemakeVideoConverterFull.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exenetsh.exenetsh.exenetsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 37 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

FreemakeVideoConverterFull.exenetsh.exeFreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmpregsvr32.execmd.execmd.execmd.exeFreemakeVideoConverter.exefindstr.exetasklist.exefindstr.exetasklist.exeregsvr32.exeFileAssociationTool.exeFreemakeVideoConverterFull.tmptasklist.exetasklist.exeregsvr32.exenetsh.execmd.exetasklist.exefindstr.exeregsvr32.exeFreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exefindstr.exetasklist.exeregsvr32.exeregsvr32.execmd.exefindstr.execmd.execmd.exefindstr.exeregsvr32.exeFreemakeVC.exenetsh.exenetsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterFull.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileAssociationTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterFull.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeFileAssociationTool.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceFile\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mjpg\DefaultIcon	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vro\ = "FreemakeVideoConverter.vro"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformOrderedQueue\ = "TransformOrderedQueue Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34CC3227-44D6-4710-B086-C8A4B8A581EF}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A107A839-47EB-4B43-9101-81B0EAA893FC}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.avi\Shell\Open\Command	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{27F29E96-6CD1-45A4-9BD4-C4F5BB4D8EB6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B444E952-E506-47EF-AF88-CAF57EF05BD8}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformRotate.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.thp	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e010f47e-ea65-44df-8ff5-baf2c9e102d6}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B7DFFEF3-A081-4A27-A949-C57022D2CE46}\ = "IFMCudaStatus"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpe\shell\Convert with Freemake\command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -ConvertWithCommand"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ts	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95B9901A-E176-409D-A104-0445AE7FF716}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CB2EBB6-1056-42CC-8054-8EE89A0DC21B}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{13AF8BBE-0396-4817-A08F-8D0F25AF3288}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.rtsp\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE969149-E37F-45C8-A2F6-9784026ED4FA}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43893394-e5d0-4890-9cc4-54c173a51b0d}\ProgID\ = "FMTransformBase.TransformBase.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceContainer\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28be759f-b95f-4ad5-8748-0550cf9f9a0b}\ = "MediaSourceSyncReader Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4812405D-07C3-4717-8FE3-25D7B8867718}\TypeLib\ = "{21365BB8-55E5-4D5F-8FC9-B56D5A1DE903}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5BB007DD-D51E-4127-96E0-C5E66E37C154}\TypeLib\ = "{89AE5069-13AA-4660-9F9F-C130596B8320}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.dpg\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.flc\Shell\Open\Command	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1e22b14d-d3c8-4b3b-8ecf-8b9589162b60}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5AF3FFE5-3895-4C06-ACF6-D3CF9D591C7F}\TypeLib\ = "{E5CD553D-2B25-48E4-A1A8-E685F79A1A54}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22E65E8B-7B25-470B-84AF-60A058C4E9B7}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mov\DefaultIcon\ = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0E6A82FB-E403-482F-9793-14E96FBEF369}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{13AF8BBE-0396-4817-A08F-8D0F25AF3288}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ca1283bb-3d5d-4067-bcc6-b6fd49154f3d}\TypeLib\ = "{8f935bb6-1360-4f01-89be-8d394ca9e36c}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.MediaData\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.h264\shell\Convert with Freemake	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mxf\Shell\Open	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{644CC3C4-0600-45A2-8EE0-577D6149CA9F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformFrameRate\CLSID\ = "{a539dc29-fe52-433b-81d7-34d79149e534}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7d331115-ab8c-4405-a1bb-75119ad96d84}\ = "FMDecoder Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1c8380dd-db16-4944-8968-dd952037d4e1}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{579c85c1-565d-433d-bab7-6958e4178aad}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28c82e28-f87e-45d7-b60a-29d43e68bf05}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformRotate.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1c8380dd-db16-4944-8968-dd952037d4e1}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35C5B631-A8A0-490A-8BB7-B723710E8DA2}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.smk\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{352839CE-8082-4F09-86B7-C6DE1E7215C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{21365BB8-55E5-4D5F-8FC9-B56D5A1DE903}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSource.1\ = "MediaSource Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceAudioSilence	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B16EB613-B4C0-4798-95D9-113DA6DAF6F3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ppm\shell\Convert with Freemake\command	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.f4v\shell\Convert with Freemake	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mp1\shell	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m2a\shell\Convert with Freemake\command	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7dbbe840-4e63-48f8-8688-a88babc05740}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.flv\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m4a\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.roq\DefaultIcon\ = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9e161a92-527b-4eab-b44f-741fdefabf16}\ = "MediaDataSubtitle Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC36E45-E241-4C33-A81A-A8B9418685B9}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{579c85c1-565d-433d-bab7-6958e4178aad}\VersionIndependentProgID\ = "FMMediaSource.MediaSourceImage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{25B18B5D-F441-4713-9E25-2DCC22A6102B}\TypeLib	regsvr32.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp

Script User-Agent 4 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	11	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	13	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	22	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmpFreemakeVideoConverterFull.tmp

pid	process
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
1056	FreemakeVideoConverterFull.tmp
1056	FreemakeVideoConverterFull.tmp

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exeFreemakeVC.exe

description	pid	process
Token: SeDebugPrivilege	1000	tasklist.exe
Token: SeDebugPrivilege	1584	tasklist.exe
Token: SeDebugPrivilege	2356	tasklist.exe
Token: SeDebugPrivilege	1556	tasklist.exe
Token: SeDebugPrivilege	1648	tasklist.exe
Token: SeDebugPrivilege	1964	tasklist.exe
Token: SeDebugPrivilege	3916	FreemakeVC.exe
Token: SeDebugPrivilege	3916	FreemakeVC.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmpFreemakeVideoConverterFull.tmpFreemakeVC.exe

pid process

2228 FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
1056 FreemakeVideoConverterFull.tmp
3916 FreemakeVC.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

FreemakeVideoConverter.exe

pid process

3904 FreemakeVideoConverter.exe
3904 FreemakeVideoConverter.exe

pid	process
3904	FreemakeVideoConverter.exe
3904	FreemakeVideoConverter.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2704 wrote to memory of 2228	2704	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
PID 2228 wrote to memory of 2556	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	cmd.exe
PID 2228 wrote to memory of 2556	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	cmd.exe
PID 2228 wrote to memory of 2556	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	cmd.exe
PID 2228 wrote to memory of 2556	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	cmd.exe
PID 2228 wrote to memory of 1196	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	FreemakeVideoConverterFull.exe
PID 2228 wrote to memory of 1196	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	FreemakeVideoConverterFull.exe
PID 2228 wrote to memory of 1196	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	FreemakeVideoConverterFull.exe
PID 2228 wrote to memory of 1196	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	FreemakeVideoConverterFull.exe
PID 2228 wrote to memory of 2012	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 2228 wrote to memory of 2012	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 2228 wrote to memory of 2012	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 2228 wrote to memory of 2012	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 1196 wrote to memory of 1056	1196	FreemakeVideoConverterFull.exe	FreemakeVideoConverterFull.tmp
PID 2228 wrote to memory of 2532	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 2228 wrote to memory of 2532	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 2228 wrote to memory of 2532	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 2228 wrote to memory of 2532	2228	FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp	netsh.exe
PID 1056 wrote to memory of 2152	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 2152	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 2152	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 2152	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 2152 wrote to memory of 1000	2152	cmd.exe	tasklist.exe
PID 2152 wrote to memory of 1000	2152	cmd.exe	tasklist.exe
PID 2152 wrote to memory of 1000	2152	cmd.exe	tasklist.exe
PID 2152 wrote to memory of 1000	2152	cmd.exe	tasklist.exe
PID 2152 wrote to memory of 2112	2152	cmd.exe	findstr.exe
PID 2152 wrote to memory of 2112	2152	cmd.exe	findstr.exe
PID 2152 wrote to memory of 2112	2152	cmd.exe	findstr.exe
PID 2152 wrote to memory of 2112	2152	cmd.exe	findstr.exe
PID 1056 wrote to memory of 2188	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 2188	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 2188	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 2188	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 2188 wrote to memory of 1584	2188	cmd.exe	tasklist.exe
PID 2188 wrote to memory of 1584	2188	cmd.exe	tasklist.exe
PID 2188 wrote to memory of 1584	2188	cmd.exe	tasklist.exe
PID 2188 wrote to memory of 1584	2188	cmd.exe	tasklist.exe
PID 2188 wrote to memory of 1752	2188	cmd.exe	findstr.exe
PID 2188 wrote to memory of 1752	2188	cmd.exe	findstr.exe
PID 2188 wrote to memory of 1752	2188	cmd.exe	findstr.exe
PID 2188 wrote to memory of 1752	2188	cmd.exe	findstr.exe
PID 1056 wrote to memory of 1896	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 1896	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 1896	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1056 wrote to memory of 1896	1056	FreemakeVideoConverterFull.tmp	cmd.exe
PID 1896 wrote to memory of 2356	1896	cmd.exe	tasklist.exe
PID 1896 wrote to memory of 2356	1896	cmd.exe	tasklist.exe
PID 1896 wrote to memory of 2356	1896	cmd.exe	tasklist.exe
PID 1896 wrote to memory of 2356	1896	cmd.exe	tasklist.exe
PID 1896 wrote to memory of 2412	1896	cmd.exe	findstr.exe
PID 1896 wrote to memory of 2412	1896	cmd.exe	findstr.exe

C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe
"C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\is-JVUAM.tmp\FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JVUAM.tmp\FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp" /SL5="$7014E,492628,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2228

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" "C:\Windows\system32\cmd.exe" /S /C "ver > "C:\Users\Admin\AppData\Local\Temp\is-8MDI7.tmp\~execwithresult.txt""
3⤵
- System Location Discovery: System Language Discovery
PID:2556

C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe
"C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe" /LANG=en /dotnet=0 /skip_welcome locale=GB /DIR="C:\Program Files (x86)\Freemake" /autoinstall
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1196

C:\Users\Admin\AppData\Local\Temp\is-0KL40.tmp\FreemakeVideoConverterFull.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0KL40.tmp\FreemakeVideoConverterFull.tmp" /SL5="$70184,80952626,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe" /LANG=en /dotnet=0 /skip_welcome locale=GB /DIR="C:\Program Files (x86)\Freemake" /autoinstall
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1056

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVD.exe"
5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2152

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1000

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeVD.exe"
6⤵
- System Location Discovery: System Language Discovery
PID:2112

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVC.exe"
5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2188

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeVC.exe"
6⤵
- System Location Discovery: System Language Discovery
PID:1752

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeAC.exe"
5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1896

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2356

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeAC.exe"
6⤵
- System Location Discovery: System Language Discovery
PID:2412

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeMB.exe"
5⤵
- System Location Discovery: System Language Discovery
PID:828

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1556

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeMB.exe"
6⤵
- System Location Discovery: System Language Discovery
PID:1796

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeYB.exe"
5⤵
- System Location Discovery: System Language Discovery
PID:2440

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1648

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeYB.exe"
6⤵
- System Location Discovery: System Language Discovery
PID:924

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-V5GVQ.tmp\CheckRunningInstance.cmd""
5⤵
- System Location Discovery: System Language Discovery
PID:1492

C:\Windows\SysWOW64\tasklist.exe
tasklist
6⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1964

C:\Windows\SysWOW64\findstr.exe
findstr "FreemakeAC | FreemakeVD | FreemakeMB | FreemakeVC | FreemakeYC | FreemakeYB"
6⤵
- System Location Discovery: System Language Discovery
PID:2292

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll"
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2288

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll"
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:620

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll"
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2124

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMVideoConverter.dll"
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2944

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMDVDMenu.dll"
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:924

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaUtils.dll"
5⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1096

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMPlayerLib.dll"
5⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2112

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
5⤵
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:3584

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
5⤵
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:3632

C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe
"C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe" --installPath "C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe" --isNeedToAssociate true
5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3684

C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
"C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe" --AutoRunType=AfterInstall
5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3904

C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
"C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe" --AutoRunType=AfterInstall
6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3916

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
3⤵
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:2012

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
3⤵
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll

Filesize
412KB

MD5
ce9c709a62ac85067989790bc39422e4

SHA1
485a1adfd5c027e91ed75b9a2673b10aba4f09dd

SHA256
21fb768dce87a2745af66a068061e360be2e7fd2fcd57fd1924a222130a50990

SHA512
ac88768279641724d8698ad156054e1f8e456e3d5e961c59efdcec2440cac19879ccfe9715af03c4cd2b479d5bd2ebdae41d406a273bee664f00841cd61030af

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\libdvdnav.dll

Filesize
229KB

MD5
915547ec7701be659cc21452a1258b2b

SHA1
e0056e9ef53fa9714c0ddea1f069da07e502e85e

SHA256
6d63a4ed2c0226024b69bb27267488a43e5fd3ad5b2e342abfba3e55bc95884f

SHA512
617743e696090eb9eb42d38157bf216ee5e214e300c0db8b95a9614d372953f472bc7922676995b6bcd4247b8d506f0972af385b9e7e554a5dfff5e06cf081cb

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-37P9N.tmp

Filesize
186KB

MD5
3002e884c5c15a15b68eaef3c62ff254

SHA1
d7e053ac51f562b92fd4032ad769adea7255230c

SHA256
3e71eb02ae8d01cb8159cc5f9ff3ff1976aec5872298ed45310b58f18708eac0

SHA512
0789fb15f8e062ac2af6785a240b9b7d482b5f179fdb2e6b5ef9f841092c1a631b27f3db7738163f73cb609d8f5918fe2bb166731107061ece21c7a18a2a3989

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-3INVT.tmp

Filesize
21KB

MD5
8e4e0ea396b5452bed54e6888cb07ca1

SHA1
1a7afcdd7f118b3ef8f1d9761fa71faeee16fd2c

SHA256
dfeab83e6a9555a6c18070c611d868e117fa2fef6f815da26e622feb2e610254

SHA512
e160570f598d5fdd637725a70595a7ddc247c20aed66c031ff9816142231c8ea58c69fef7f5eb8e10120e5e5ad68ececb1b584054832464046209c9e04cc1aae

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-3JTE8.tmp

Filesize
560KB

MD5
8f81c9520104b730c25d90a9dd511148

SHA1
7cf46cb81c3b51965c1f78762840eb5797594778

SHA256
f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886

SHA512
b4a66389bf06a6611df47e81b818cc2fcd0a854324a2564a4438866953f148950f59cd4c07c9d40cc3a9043b5ce12b150c8a56cccdf98d5e3f0225edf8c516f3

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-72077.tmp

Filesize
34KB

MD5
85f6f590b5c4b8c7253e9c403c9be607

SHA1
d5a9db942a50c8821bacd7f6030202c57ec4708b

SHA256
d20552fd5c8c8c9759608a84db1e216da738f5e9f46de9e8a3f39a0d6265cb8b

SHA512
9c78cb444e28618d44e9deb23571fc7bbce268882c2803e0ccc0e84b3e6eab89c6af2aac0d81ef0d2c9fd1e9611cb35334ef3304fb16c5ba0481f6a7273c3660

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-DLHAF.tmp

Filesize
56KB

MD5
e33a3e4e2ee59a622f07815dafb139e2

SHA1
99a0940ca8ea8c202d6f241c7ed6050e5c5523d6

SHA256
d3102299820373869e1093469305e26e1903778667efce7130524a493657ccac

SHA512
483f07aaac30f353d6d81a653ac8d59166661491c019398e4037c7ad03ed1407f083040bb3e4df026e8b553be098320f7189e112af631f55f3d98cda8e1db92d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-DM132.tmp

Filesize
20KB

MD5
d552de7d39179b914db7cc2dbdd005c2

SHA1
044329c6c335224ba05a4e398a5fcb204f13ac36

SHA256
24bd076d31dc9d363eb2adb8b27a7d45d9f975aeec565132d27901537e31f239

SHA512
b82cbd6c4b3d378fba1793858c556ea1fdaa405905686ce219f192d16041e79aa063145c6d469aa7c15aa945d3ef344618fa0996d6611282a8718dd0de77d64d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-FBKKG.tmp

Filesize
26KB

MD5
1925e1654510ee0914ff3360c6c94765

SHA1
a032c1456dc199189310ef4df533bceeb6c41a92

SHA256
6e599d81a2b8d803ca794c25111fea54c34356c4ed853b926c9ab42a4b0d6454

SHA512
1995a5f16aaa62d23d69022b613362b7cf952059cc9c4fbddfcbe0905b94b02599dd4b5a784344a2b541457ec255b8f38baccb7919f04f323d35b59b2e10d0d1

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-FIUQF.tmp

Filesize
21KB

MD5
018841345cfbf45eda4cd1adb74fd68b

SHA1
f9928ef8b78f7cf2d3eb3ec68d28f36c89fff3da

SHA256
acf0e0555afed095cf12f719a3cd0e745435ced2575840a46a40ec61ed632265

SHA512
7dd159dc1d64e49a9106c2f04a46643c9aafb83fc017d4f98f63b63d6317fc4ab370fafb63bb512bfb6b4ec7ef2b2e6b362bb7f035a23dd1046d6dc2499ea5ff

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-FNEIO.tmp

Filesize
367KB

MD5
313defd8ed9a742af1ff8a16fd508f3f

SHA1
ab14db48b983fd431eefb2ad98613ab2ce90cd8e

SHA256
e608a0c3236e6a833a994a3d251d85fb12648b76f834d0d9fd9786dcc613a368

SHA512
462125725a7954bda2032cb4f54324e892869ddd01f9355a13b32d394d70a6e2858a49aa27f8f7770dc9d6d77c4d2da8bde337a1c6cefd63643820914954056c

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-HHQ1H.tmp

Filesize
137KB

MD5
4121b366895116acaadca2adfb59ac21

SHA1
f790ecf47b9b9f80fc1572e3b96bc46eae99a244

SHA256
445fa3a7a40ecf0d24c1125d0a550537a0000187de23f7fd8d39f6a28e32320a

SHA512
bdc9757304de0771b3ac8aeac8630e5f67d76bb5ab3434cd37263a9bd1465ddea5933e7e1564cd752c5805c615a3f3df34b6caac10ae22fd01cc9dbb196c710f

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-JU6KL.tmp

Filesize
30KB

MD5
a56072ffc624339c31d7e205570788ac

SHA1
68947a16950d05eea8ad474f561d54fb6a5a3be6

SHA256
e3a81a23400db10f69acbbbe431bdb7be163723d6b47d9bf623e6adbe9ceed0c

SHA512
ff5fa57d85c2baca402eb856e2e3e763e50cbe4898a1656a233534ba0dc4c24825c31371fd37ea4b4eba2647122d5564bb19ee9e0bce9870c220e1ce72fc2843

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-L9OQ7.tmp

Filesize
11KB

MD5
7dd26c3dcef3e5bd5a3822ca2e22a87d

SHA1
7edbe81d96ea24484b3cf0dc6539203d3b81cf12

SHA256
4c479afa2f7cde4ba9029a5a8934736c62cd7396c37ee4aae8c0ce9a74517d10

SHA512
cb474a71ce1bc36c0c62bfcf66ec94b2be48dad93d8060dcdf812b807177abf3d3b142157d599e26bcbb51e07d2996548b7b9a378bf8fd89f5c89e8df1ddc56c

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-MLFFJ.tmp

Filesize
2.0MB

MD5
66ca6655fdb4c256e5772bd620fc775a

SHA1
fae38455aca483010be3ab922534603da6dd39a9

SHA256
464cba755dff10abb52f8213c0b36588a3790ef365cbcacb8d9bfd0d92d1e786

SHA512
13a7c4e47e01b707065992016d9d431c7239c4c596425bd0459516d26935b71a268ae494725069e152a4270147c24f8fa195863c9b9cbf80243ed0d6d26a84da

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-U1MAB.tmp

Filesize
100KB

MD5
fc3bd6e569eca92b5c57aa67b9ccaf7e

SHA1
1ae7cd63a312146d467180ec2a092a109802bb77

SHA256
4a6da21b14f87a4b829ba8a1e6c0857df777b024d578319dda5b2686af8aa10e

SHA512
c1f4698cb4d689f810abc6a0c43040461fcfe80aadaeaa13543e52c20cad8c18a33340e1b071db54e3c97f5773768ec0daca4500f1f8ba19b12b9b86ed9ecb0b

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-4Q05H.tmp

Filesize
145KB

MD5
766192bc12a0135ec8ff1dcc1a0d0334

SHA1
1e3f8ab6c8013691394f03d493d6aaca10bf9947

SHA256
4cce036c1c942bc7db60006e3db936cfc75dc15c6c4bf694645e3bc703f73798

SHA512
a119a429abcac8bc3083e0a11b209cbb56c0c57e8425f599b69e089380aeb9b1aab6353bbaef1a8e17415768e1c572707d87adc8a81de308c5e512c73662812e

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-LESTP.tmp

Filesize
2KB

MD5
4b6e75d7e279366baa742e583ce67d92

SHA1
1ca1c479a9143e2fff78ec6606df187c7e60e53a

SHA256
d0f1a3b3c161971280ed90f3b8b77a1018bcc5f8302ebd4bfb01c3fa3d50a7a7

SHA512
6efac695278fc675d6d6f0edc20b020c9b7b409b6abafb021ed5761e2ee4b1f348b4a3677f97397cd4177271e5dd51212bac6666cbfed4213502651c5a4b7298

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-N3I66.tmp

Filesize
8KB

MD5
fb7411ac51ffa57c52120f2d75bb65b9

SHA1
98f50feaccecf4bbc900e43dde5f89f90ba61e6b

SHA256
b0879da0c172420917fc8cf383a52dc72347ccfd197503327aff271507965750

SHA512
7eb5b464a85b30312582fe178b4abbe3422ed15839c95d341bc50fb73071529dfe2b66a52795ab45bf8463dd43408df1227e0adf052f1260df9a1ddd2ba3b2b8

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-PT11D.tmp

Filesize
28KB

MD5
50a7c2624dcb5f7f5c9c945dd612e2bd

SHA1
ed259117b05922f51d1e4fd22bbda31ce3d96514

SHA256
389aa3028c6f7b7820090d884436befe90d93501a46478bea4e334456120d3f2

SHA512
82f7a1c5ddc42aedef4b8f9d2e702f198c04974733454b68a8fc21a369fb1fa7bc01f01fe38d945c34142c62095007d47174a45b56ac03d479f4a1d179f6dc62

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-U1ALH.tmp

Filesize
19KB

MD5
79fbda1967dd3e45b486bc0f21dc2b1a

SHA1
e13c8b48cb8dc51c959b9e952775cfc1ed1d0c19

SHA256
e36addabf1d933278b0ef394e090900e051c8762b2fada63ac203bea830919c2

SHA512
b9311f87b0b35d89d48eb0404e383dd94d423b03d29094c62f1baeeccae12591f2910817423f82aed3cd1b7c9ee187f145cd2935dee47ca7c76e0bfb25acf8e6

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-5LT4S.tmp

Filesize
432B

MD5
1f3aba959f7a154afb38dffb9068f028

SHA1
76d525771144cff4f89dc63ad5885d28752bade4

SHA256
85bc6b1493da8cba9ea57f9328a4066e8c5ace3b6fe8503244c5cd05f1ef000f

SHA512
77c38e7f3c2abac0e66321f8cd9d8046fa6df6699fb7e7417e7a9dc8765b0c6b0824e895617d6915e49293ffa115ae29ab318a18207aa9551dee871152c1cf41

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-TU7BU.tmp

Filesize
36KB

MD5
d01819bfe03222dfa9e35a36555b6b6c

SHA1
25f8069590b14724f28e6a04b8a42e4ef4a8562d

SHA256
5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94

SHA512
e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe

Filesize
34KB

MD5
67f5bff7426bda1fd810aaf62a912bf9

SHA1
7bedb374072b789864cf71c62aa67b74b1a3c4e6

SHA256
a16c5223c79ac1bb53e1d29a87e620e06d33b3652104b8fa82dee52a9590d09c

SHA512
44dac96eede32255d63906333201abc9fccf0b6e0a24eaa8688ed1ac9685586876f015e7f09873b757f256e4a5f2eb3e98e36138b00b57c9ba777ec542dc7e84

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FoxSDK\msvcp100.dll

Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\ProgramData\Freemake\FreemakeVideoConverter\SummaryLog.txt

Filesize
2KB

MD5
4f09bb652c3328338fa27d037f838816

SHA1
5840e8d79be40b0339e2bd68d7344f6ab5a94ede

SHA256
cbb4d04c34d653b281dae02721f9b5bd3fa216bc55bb5a803515e455a4bb79c4

SHA512
9fcc4eec18c119ef6dead856f37b29cdeb02ebb2db48a9bef78ec3c4d6f14a53e4f78c78deea0fe27be9f298d157d9bf8610b8680644ac8b871183bc3e3951c1

Download Submit
C:\ProgramData\Freemake\FreemakeVideoConverter\SummaryLog.txt

Filesize
2KB

MD5
208eda402cae50969a7b47d51703a8f4

SHA1
534d5b3ee30283ef8774eb8e0488e2b10b26b46e

SHA256
65d8d62427e7bce1130f175e484d4255dffff94cdaec011cc30f171925b3cd35

SHA512
96a02567eee0e74b363161e64071bf7c10a548920ef3c2588adeabce87a995caa43e6ce0da807286efda37c034f1284fdb2f776899368c2f14533ec660c12307

Download Submit
C:\ProgramData\Freemake\FreemakeVideoConverter\SummaryLog.txt

Filesize
4KB

MD5
6675221827d7f375743f153d36e0b8e0

SHA1
988837fb6a43ed93308a8d560b4b749b93e418a5

SHA256
1f4dc2571d7dedb73004293278bbdaa24b3fd3334dedcdd6930423ae59bb1709

SHA512
ecdb022c17a9ee3f3a4a12598cc756ef01166687d321e168f72ad4a3861d0b0727d2ef167c8372541910d6c489ef2d1484754b6a893b3024f97b2e857f1c5552

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD8A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD9D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8MDI7.tmp\~execwithresult.txt

Filesize
40B

MD5
082f2e97e670228e3b323c6a3a874f40

SHA1
e50760edb5e88385449a44818f5726e5beed7aab

SHA256
292bf366a534157e5414f344218c9df828e2f211617fc84352f3ab2564050941

SHA512
ad96826fb4a9ad5296acf1136bd81348492b4e191ba7936fe515a254f7bb789ab7bb3b939a5b9094b0fdaca9b4ad0f0445034a6eb2d78bd1529c2e638eafbe91

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-V5GVQ.tmp\CheckRunningInstance.cmd

Filesize
96B

MD5
92dbcc7a2f8c552b1f541bd1018b44c5

SHA1
f9956c2066adacbd7cfe80941dabf46a4cc27db7

SHA256
5e314bf3f0a6e062a60d1b009e02f3128132de0206a3d197da27651a3d13fc32

SHA512
d393eb9b228f2ee74172ef28464b5b89daf14abc88135335a5bf364fa7bd4640c3b95c62296c6db15561ee010386a33120cf288446a9ce63a3cee0b3b82b7991

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll

Filesize
812KB

MD5
cf3447902fc5f86aa7dbf8bdbf967354

SHA1
50f7fb4634a17358f5b613f7467c49c317f1fc17

SHA256
5b0a4dc1c7d027c48940f60ef42b4085f46e9d0b741fe7fa855fd2826e244f5d

SHA512
d487c7d6f4143e5cc40bf96e2520ae6e9aa240a887f11a6b762af07f096c5fe088ef2f17f79c922c2a15bfbbff3ac00161526afd06f35c6f5037dca3419019f6

Download Submit
\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll

Filesize
459KB

MD5
a481e9ed59045159e843b764604e3402

SHA1
79aa22668b39a4a928acda4dbad0b4f1d66553f0

SHA256
b6b21c0996383347b805d64394ca389ad2c29c0b1a72c99791f5e50d93287626

SHA512
143a6b66a0c36e2ff69a8616f4f4d8a319438b78f461467709743738a9bfbbff4ff0b2093e4e508ec63832353eb20648aa4cb1260125d81941b56ef8c3176f89

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll

Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll

Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avresample-1.dll

Filesize
135KB

MD5
6d02a67f1a77371dcf16a3dd70ae3cb8

SHA1
5bdd8a649e35686362ef010420d85eff624d00a5

SHA256
9d23781f9b54a3f37e872ce23df6ac64a695dcadf794d388f9266861ef7f790e

SHA512
bb0c7ddc280d4d518a925e92706d5f567220a07181dedc4c1c3a6a745d567b7461590063304288395fdd61312d121d384568e89e94464ff4937137d9df7f1ea1

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll

Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll

Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
\Program Files (x86)\Freemake\COM\1.1\swscale-2.dll

Filesize
326KB

MD5
d06d733f491a19bd76379565ffbf0556

SHA1
1125234bc8a4702b515bc0a12c9ca82e9583bd63

SHA256
05cd12a6f470b271cf47bd2637136e8720a00e67668df8d8499f406f0c52ea14

SHA512
e52ff24705db9fcc02571132e4d6debe329031c5c65a70de47e2f163e0c8f6e355d74abb9a24ad3cf888c8e7cf9f3df56df60dba4a87743f362624bf58a97f35

Download Submit
\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll

Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe

Filesize
2.2MB

MD5
05ac7c6e22037e35bbe1520faab914c8

SHA1
a604e2b596d4235765fcb9fe410075c2818af3fb

SHA256
bbe878868ba411b6092b26200dcd2e393b2b96a022908c97318a89a0c9cb1712

SHA512
706ae9724cb406b45743789ff1da6631ecde0f88474906bd6d705c6cd0aedd3e10a355a8a784413ce1df729473107cf7bfa202bd41bd6015b973e936e45e760a

Download Submit
\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe

Filesize
1.4MB

MD5
6173ec8b839f624919ae7abd573efac8

SHA1
c94fa23e6dd281e5f46086d4a540c9d9e168ff68

SHA256
01ff314d9faed4ef45eba717a8cfd999884a94cb513ded6cb6f077d235ce99f4

SHA512
013efbe1fe7e1b3a0cfe4df60feb736f1e772b8f368a8b81026490180b4b0a3a87377587f3c714c923159b08980aaaab76c81cf4099da76b3974892d11d210ef

Download Submit
\Users\Admin\AppData\Local\Temp\is-8MDI7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-8MDI7.tmp\freemake_dl.dll

Filesize
131KB

MD5
ffb657374aa7751c97ef07edb00ef0c4

SHA1
048fe8294f3e27c83102ca1c9f64d6de2f6c6cd0

SHA256
0d114513e65753f2e261e928b59a0cd0df84cd0669b2bf75706fd04de0b817d6

SHA512
eb70ddc8aab5304f911eb0fc1ea7b507b01d6870c38549ba79743f8c78d16f7e7d55868c483661005633298997f9641413cd26ebe0b1988b4695a87f653d1a29

Download Submit
\Users\Admin\AppData\Local\Temp\is-8MDI7.tmp\itdownload.dll

Filesize
77KB

MD5
b4efe1200f09cbf02f0d2ae326a84f3b

SHA1
83102a7f5465a14c78d04ca6d8703c68a5c599ce

SHA256
6bd9984dd28ce8cc13e8eb3b5ee9f6c8a6967e3b2288918665e2ae67fa1eb56b

SHA512
14c83df5ca8ce92efddb07bda1c6fff9cfbbfb1348ff6c2e6b523110bb1fd10023e09986bc7967824a5cf37789080d81f2a5deedc3df3925825f73e2a87b52a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-JVUAM.tmp\FreemakeVideoConverterSetup_8cdef71e-1133-de5d-9d65-f79b6bde10e0.tmp

Filesize
1.4MB

MD5
14f5c8abebd8e51360030d1ae3137669

SHA1
1c72106cc170fe5b2bd20b9e59584af989fff486

SHA256
c9ba417f020aef7547038326d6892d1b4967634c7bb7068ed6498e8256546d46

SHA512
d575db9a4aac597751ccc5a524a8f5972298786c5f17713fc4072f2a84c0a7cade8e442c3737fb9e8879d5cd403788a638fe59821eb390b5d85e50fd9886ba32

Download Submit
memory/1056-94-0x0000000000720000-0x0000000000738000-memory.dmp

Filesize
96KB

Download
memory/1056-93-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/1056-86-0x0000000000720000-0x0000000000738000-memory.dmp

Filesize
96KB

Download
memory/1056-1232-0x0000000000720000-0x0000000000738000-memory.dmp

Filesize
96KB

Download
memory/1056-1231-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/1196-58-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1196-92-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2112-3046-0x0000000011000000-0x0000000011065000-memory.dmp

Filesize
404KB

Download
memory/2124-1771-0x0000000000870000-0x00000000008A5000-memory.dmp

Filesize
212KB

Download
memory/2228-17-0x0000000002040000-0x0000000002058000-memory.dmp

Filesize
96KB

Download
memory/2228-26-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2228-27-0x0000000002040000-0x0000000002058000-memory.dmp

Filesize
96KB

Download
memory/2228-8-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2228-51-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2228-52-0x0000000002040000-0x0000000002058000-memory.dmp

Filesize
96KB

Download
memory/2228-81-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2288-1222-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1246-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1225-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1233-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1237-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1241-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1248-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1249-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1236-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1235-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1234-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1226-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1230-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1228-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1247-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1223-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1245-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1244-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1243-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1242-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1240-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1239-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1238-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1229-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1227-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2288-1224-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2704-0-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2704-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2704-25-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2704-83-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/3684-3078-0x0000000000210000-0x0000000000224000-memory.dmp

Filesize
80KB

Download
memory/3684-3077-0x0000000000180000-0x000000000018C000-memory.dmp

Filesize
48KB

Download
memory/3916-3245-0x0000000000630000-0x0000000000662000-memory.dmp

Filesize
200KB

Download
memory/3916-3572-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3244-0x00000000004F0000-0x000000000050A000-memory.dmp

Filesize
104KB

Download
memory/3916-3088-0x00000000001F0000-0x0000000000204000-memory.dmp

Filesize
80KB

Download
memory/3916-3246-0x00000000006C0000-0x00000000006CE000-memory.dmp

Filesize
56KB

Download
memory/3916-3247-0x00000000006D0000-0x00000000006DE000-memory.dmp

Filesize
56KB

Download
memory/3916-3251-0x00000000049D0000-0x00000000049E8000-memory.dmp

Filesize
96KB

Download
memory/3916-3250-0x00000000049B0000-0x00000000049C4000-memory.dmp

Filesize
80KB

Download
memory/3916-3256-0x0000000006E50000-0x0000000006FAE000-memory.dmp

Filesize
1.4MB

Download
memory/3916-3257-0x0000000004DC0000-0x0000000004DE8000-memory.dmp

Filesize
160KB

Download
memory/3916-3258-0x0000000004E30000-0x0000000004E5A000-memory.dmp

Filesize
168KB

Download
memory/3916-3269-0x0000000006B20000-0x0000000006BB0000-memory.dmp

Filesize
576KB

Download
memory/3916-3272-0x0000000008280000-0x00000000084BE000-memory.dmp

Filesize
2.2MB

Download
memory/3916-3273-0x00000000053B0000-0x00000000053BC000-memory.dmp

Filesize
48KB

Download
memory/3916-3274-0x0000000005790000-0x000000000579A000-memory.dmp

Filesize
40KB

Download
memory/3916-3275-0x0000000005E20000-0x0000000005E36000-memory.dmp

Filesize
88KB

Download
memory/3916-3276-0x0000000005E60000-0x0000000005E68000-memory.dmp

Filesize
32KB

Download
memory/3916-3277-0x0000000005E80000-0x0000000005E8A000-memory.dmp

Filesize
40KB

Download
memory/3916-3087-0x0000000005600000-0x000000000577A000-memory.dmp

Filesize
1.5MB

Download
memory/3916-3089-0x0000000005820000-0x0000000005A26000-memory.dmp

Filesize
2.0MB

Download
memory/3916-3574-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3573-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3571-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3086-0x0000000000C80000-0x0000000000CE2000-memory.dmp

Filesize
392KB

Download
memory/3916-3599-0x0000000006200000-0x000000000620A000-memory.dmp

Filesize
40KB

Download
memory/3916-3600-0x0000000006200000-0x0000000006208000-memory.dmp

Filesize
32KB

Download
memory/3916-3085-0x0000000000D30000-0x00000000014C4000-memory.dmp

Filesize
7.6MB

Download
memory/3916-3643-0x000000000A990000-0x000000000A9BC000-memory.dmp

Filesize
176KB

Download
memory/3916-3648-0x0000000009C50000-0x0000000009C5A000-memory.dmp

Filesize
40KB

Download
memory/3916-3675-0x000000000AB90000-0x000000000ABB0000-memory.dmp

Filesize
128KB

Download
memory/3916-3680-0x000000000AB40000-0x000000000AB4C000-memory.dmp

Filesize
48KB

Download
memory/3916-3699-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3700-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3703-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3704-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/3916-3705-0x0000000006200000-0x000000000620A000-memory.dmp

Filesize
40KB

Download
memory/3916-3706-0x0000000006200000-0x000000000620A000-memory.dmp

Filesize
40KB

Download