1dc013590c9736cffb90570966fec2f2b618f59f77ef26267ba62f5ebf75bf28

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe
Size

1.2MB
MD5

11c3693d97fe89bd773e216c3db36e7e
SHA1

ac4d0d1d1c8c3db25bde71eb1ef014d676b4e630
SHA256

1dc013590c9736cffb90570966fec2f2b618f59f77ef26267ba62f5ebf75bf28
SHA512

bc37004ce016e7ff3c17acfc15cd9e7c131483ffde0a762439cc554348856075eb7944a03803ec95ea30eb9d95e680c1875f444eb37a82fafa24759ca2c43eeb
SSDEEP

24576:fxG/hXXZahMUbJ+XdKe6tRJKCnRMvsvXB+3HI1Vsr37:oVZk5bne6tBnRGaA3HI1VsrL

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
1644	FreemakeVideoConverterSetup.exe
2068	FreemakeVideoConverterSetup.tmp
1748	FreemakeVideoConverterFull.exe
1680	FreemakeVideoConverterFull.tmp
688	FileAssociationTool.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
2556	RunDll32.exe
2556	RunDll32.exe
2668	RunDll32.exe
2668	RunDll32.exe
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
1644	FreemakeVideoConverterSetup.exe
2068	FreemakeVideoConverterSetup.tmp
2068	FreemakeVideoConverterSetup.tmp
2068	FreemakeVideoConverterSetup.tmp
2068	FreemakeVideoConverterSetup.tmp
2068	FreemakeVideoConverterSetup.tmp
1748	FreemakeVideoConverterFull.exe
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp
2600	regsvr32.exe
2600	regsvr32.exe
2600	regsvr32.exe
2600	regsvr32.exe
2600	regsvr32.exe
2600	regsvr32.exe
2600	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2956	regsvr32.exe
2172	regsvr32.exe
2172	regsvr32.exe
2172	regsvr32.exe
2172	regsvr32.exe
2172	regsvr32.exe
2172	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates processes with tasklist 1 TTPs 6 IoCs

discovery

Process Discovery

T1057

pid	Process
2148	tasklist.exe
2776	tasklist.exe
2684	tasklist.exe
2064	tasklist.exe
2908	tasklist.exe
2512	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-5NP7N.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\zh-TW\is-3HJK9.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ru-RU\Monetization.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\MediaInfo.DotNetWrapper.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-64TGH.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-G1S51.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\da\is-S3FDD.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\it\is-CB996.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-73FJV.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\YoutubeContentLinksExtractor\System.Threading.Tasks.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\fr-fR\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x86\libssh2.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-D3L3A.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\cs\is-BMN4U.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-C8IS8.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-B3V6V.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-8L516.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-9NKFN.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\da\Monetization.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\System.IO.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\sk\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\MediaInfo.DotNetWrapper.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-00L17.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\libdvdcss-2.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\el-GR\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\ja-JP\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\da\is-IQ2NP.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-6NA1E.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-RDO54.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x64\MediaInfo.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-7585C.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-T4KG2.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-KD9QQ.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FMBDWriter.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\FMPlayerLib.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-SBAOD.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\x86\is-07EGC.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-0D38L.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-G8DBR.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\zh-TW\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\it\FreemakeVideoConverter.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\is-JJA1N.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\hu\is-O997H.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-6VHQ8.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\Toggling.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-9V6T4.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\es-ES\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\el-GR\FreemakeCommon.resources.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\is-ML5DR.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-PQ2SM.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\is-KE563.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Languages\el-GR\is-6RCE9.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\COM\1.1\MilkdropPresets\is-8CQ50.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Resources\is-G723J.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\Visualization\is-9HUG0.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter\Images\DVDMenu\is-8QVH1.tmp	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\Jint.dll	FreemakeVideoConverterFull.tmp
File opened for modification	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\ssleay32.dll	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\Resources\ImagesBranding\is-GIL8H.tmp	FreemakeVideoConverterFull.tmp
File created	C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-8THB1.tmp	FreemakeVideoConverterFull.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 41 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileAssociationTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunDll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunDll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterFull.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterFull.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreemakeVideoConverterSetup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
792	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ECE1ADF4-FD0F-4B72-B848-8138F480BFB6}\ = "IFMPlayer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.dv1394\Shell\Open	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mj2\shell\Convert with Freemake	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B444E952-E506-47EF-AF88-CAF57EF05BD8}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{95BF9905-1825-4B88-B191-2E5E9F81B414}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.FormatCodecAudio\ = "FormatCodecAudio Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86f32deb-e004-40d1-a028-0eb23d56f74a}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ape	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.avs\Shell	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92AA846D-DF87-4267-BB72-804D55ACF14F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B444E952-E506-47EF-AF88-CAF57EF05BD8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformAudioFade\CLSID\ = "{27cb0cb2-abc2-41a8-8a43-211163a92cd9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.amv\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mp4	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\FMMediaFormats.DLL	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04B24ADA-08DF-4E32-A0CF-FECCD79DD3F5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2c69b6b7-7c30-47df-b341-f6e679442021}\ProgID\ = "FMMediaSource.MediaSourceContainer.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{433BB557-EA8C-4D91-BE56-2E7340DBAAB4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.fli	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2768C270-27B9-45D0-8C4F-72E6AFE7A67C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{25B18B5D-F441-4713-9E25-2DCC22A6102B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dsm\shell	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B444E952-E506-47EF-AF88-CAF57EF05BD8}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4812405D-07C3-4717-8FE3-25D7B8867718}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpg	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.mxf\DefaultIcon\ = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceFile.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.dxa\Shell	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.svi\Shell\Open\Command	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.wmvhd\DefaultIcon\ = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDA777E5-1E97-4F90-8ABA-616F33095131}\TypeLib\ = "{780B9AFD-5231-496B-BD88-94DC8C9F4749}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.thp\Shell\Open\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8F932824-DAB4-437A-B658-34E7D7355A2E}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\shell\Convert with Freemake	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\FMDVDMenu.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.flc\Shell\Open\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.mxf\Shell\Open\Command	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.3gp2\Shell\Open	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.fli	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E7F52AD8-C2F4-4AB3-8BAE-AB1EEBDB29F7}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.MediaSourceContainer.1\CLSID\ = "{2c69b6b7-7c30-47df-b341-f6e679442021}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4812405D-07C3-4717-8FE3-25D7B8867718}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wm\shell\Convert with Freemake\command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -ConvertWithCommand"	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.sdp\Shell\Open\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rax	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.fli\Shell	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\Software\Classes\FreemakeVideoConverter.svi\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaFormats.FormatCodecVideo\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FMTransformBase.TransformQueue\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\shell\Convert with Freemake\command\ = "\"C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\FreemakeVideoConverter.exe\" \"%1\" -ConvertWithCommand"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tga	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tga\shell\Convert with Freemake\Icon = "C:\\Program Files (x86)\\Freemake\\Freemake Video Converter\\Uninstall\\logo.ico"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.m2t\DefaultIcon	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{baad6aa7-889d-4db4-8666-f71544310e82}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0842058-6E87-405C-9FFC-A112EC1C5D41}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FMMediaSource.DeleteInterval.1\ = "DeleteInterval Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rm	FileAssociationTool.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.svi\ = "FreemakeVideoConverter.svi"	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5e8df033-c20c-4b22-a268-bce5f3abd8d6}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{abe8b7ba-1543-4f28-aefa-2a908e97701e}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A3CEA54-A8EA-4A68-8557-AD3C01711AF3}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{25B18B5D-F441-4713-9E25-2DCC22A6102B}\ = "IFMMuxer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpeg3	FileAssociationTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FreemakeVideoConverter.bik\Shell\Open	FileAssociationTool.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	FreemakeVideoConverterSetup.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FreemakeVideoConverterSetup.tmp

Script User-Agent 5 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	5	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	16	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	22	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	29	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2556	RunDll32.exe
2556	RunDll32.exe
2668	RunDll32.exe
2668	RunDll32.exe
2556	RunDll32.exe
2556	RunDll32.exe
2668	RunDll32.exe
2668	RunDll32.exe
2556	RunDll32.exe
2556	RunDll32.exe
2668	RunDll32.exe
2668	RunDll32.exe
2556	RunDll32.exe
2556	RunDll32.exe
2668	RunDll32.exe
2668	RunDll32.exe
2068	FreemakeVideoConverterSetup.tmp
2068	FreemakeVideoConverterSetup.tmp
2068	FreemakeVideoConverterSetup.tmp
1680	FreemakeVideoConverterFull.tmp
1680	FreemakeVideoConverterFull.tmp

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	792	taskkill.exe
Token: SeDebugPrivilege	2148	tasklist.exe
Token: SeDebugPrivilege	2776	tasklist.exe
Token: SeDebugPrivilege	2684	tasklist.exe
Token: SeDebugPrivilege	2064	tasklist.exe
Token: SeDebugPrivilege	2908	tasklist.exe
Token: SeDebugPrivilege	2512	tasklist.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2068	FreemakeVideoConverterSetup.tmp
1680	FreemakeVideoConverterFull.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2644 wrote to memory of 2680	2644	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe	30
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2556	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	31
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 2668	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	32
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 2680 wrote to memory of 1644	2680	11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp	33
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 1644 wrote to memory of 2068	1644	FreemakeVideoConverterSetup.exe	34
PID 2068 wrote to memory of 2612	2068	FreemakeVideoConverterSetup.tmp	35
PID 2068 wrote to memory of 2612	2068	FreemakeVideoConverterSetup.tmp	35
PID 2068 wrote to memory of 2612	2068	FreemakeVideoConverterSetup.tmp	35
PID 2068 wrote to memory of 2612	2068	FreemakeVideoConverterSetup.tmp	35
PID 2612 wrote to memory of 792	2612	cmd.exe	37
PID 2612 wrote to memory of 792	2612	cmd.exe	37
PID 2612 wrote to memory of 792	2612	cmd.exe	37
PID 2612 wrote to memory of 792	2612	cmd.exe	37
PID 2068 wrote to memory of 1792	2068	FreemakeVideoConverterSetup.tmp	39
PID 2068 wrote to memory of 1792	2068	FreemakeVideoConverterSetup.tmp	39
PID 2068 wrote to memory of 1792	2068	FreemakeVideoConverterSetup.tmp	39
PID 2068 wrote to memory of 1792	2068	FreemakeVideoConverterSetup.tmp	39
PID 2068 wrote to memory of 1748	2068	FreemakeVideoConverterSetup.tmp	43
PID 2068 wrote to memory of 1748	2068	FreemakeVideoConverterSetup.tmp	43
PID 2068 wrote to memory of 1748	2068	FreemakeVideoConverterSetup.tmp	43
PID 2068 wrote to memory of 1748	2068	FreemakeVideoConverterSetup.tmp	43
PID 2068 wrote to memory of 2096	2068	FreemakeVideoConverterSetup.tmp	44
PID 2068 wrote to memory of 2096	2068	FreemakeVideoConverterSetup.tmp	44
PID 2068 wrote to memory of 2096	2068	FreemakeVideoConverterSetup.tmp	44
PID 2068 wrote to memory of 2096	2068	FreemakeVideoConverterSetup.tmp	44
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 1748 wrote to memory of 1680	1748	FreemakeVideoConverterFull.exe	46
PID 2068 wrote to memory of 2284	2068	FreemakeVideoConverterSetup.tmp	47
PID 2068 wrote to memory of 2284	2068	FreemakeVideoConverterSetup.tmp	47

C:\Users\Admin\AppData\Local\Temp\11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\is-22U4R.tmp\11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-22U4R.tmp\11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp" /SL5="$4012A,753457,402432,C:\Users\Admin\AppData\Local\Temp\11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\SysWOW64\RunDll32.exe
    RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\OCSetupHlp.dll",_OCPRD959OpenCandy2@16 2680,D54DDB3F840348848E963CB0D68072F1,3062F841CAD54692B64C94955F719A66
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2556
- - C:\Windows\SysWOW64\RunDll32.exe
    RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\OCSetupHlp.dll",_OCPRD959OpenCandy2@16 2680,D8DE3FA608804753AB1FC1C0AEAFEABB,BB2010D6ED31467CBE5EED87C944BBDE
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2668
- - C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\FreemakeVideoConverterSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\FreemakeVideoConverterSetup.exe" /LANG=en /dotnet=0 locale= /version_check=0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\is-F0A1Q.tmp\FreemakeVideoConverterSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-F0A1Q.tmp\FreemakeVideoConverterSetup.tmp" /SL5="$50194,492628,402432,C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\FreemakeVideoConverterSetup.exe" /LANG=en /dotnet=0 locale= /version_check=0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2068
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c taskkill /f /im SetupUpdate.*
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2612
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im SetupUpdate.*
        6⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:792
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "C:\Windows\system32\cmd.exe" /S /C "ver > "C:\Users\Admin\AppData\Local\Temp\is-28179.tmp\~execwithresult.txt""
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe" /LANG=en /skip_welcome locale=GB /DIR="C:\Program Files (x86)\Freemake" /autoinstall
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\is-VU491.tmp\FreemakeVideoConverterFull.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-VU491.tmp\FreemakeVideoConverterFull.tmp" /SL5="$80120,80952626,402432,C:\Users\Admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe" /LANG=en /skip_welcome locale=GB /DIR="C:\Program Files (x86)\Freemake" /autoinstall
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVD.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2148
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeVD.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeVC.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2776
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeVC.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeAC.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2684
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeAC.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeMB.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2064
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeMB.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C tasklist | findstr "FreemakeYB.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2908
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeYB.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-VHLCQ.tmp\CheckRunningInstance.cmd""
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2512
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "FreemakeAC | FreemakeVD | FreemakeMB | FreemakeVC | FreemakeYC | FreemakeYB"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1284
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2600
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1572
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaSource.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2956
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMVideoConverter.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2172
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMDVDMenu.dll"
        7⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1708
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMMediaUtils.dll"
        7⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2284
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Freemake\COM\1.1\FMPlayerLib.dll"
        7⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:924
        
        C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
        7⤵
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
        7⤵
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe
        
        "C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe" --installPath "C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe" --isNeedToAssociate true
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:688
    - - C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=Admin
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:2096
    - - C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\system32\netsh.exe" http add urlacl url=http://+:11425/ user=\everyone
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Freemake\COM\1.1\FMMediaFormats.dll

Filesize
412KB

MD5
ce9c709a62ac85067989790bc39422e4

SHA1
485a1adfd5c027e91ed75b9a2673b10aba4f09dd

SHA256
21fb768dce87a2745af66a068061e360be2e7fd2fcd57fd1924a222130a50990

SHA512
ac88768279641724d8698ad156054e1f8e456e3d5e961c59efdcec2440cac19879ccfe9715af03c4cd2b479d5bd2ebdae41d406a273bee664f00841cd61030af

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\FMTransformBase.dll

Filesize
459KB

MD5
a481e9ed59045159e843b764604e3402

SHA1
79aa22668b39a4a928acda4dbad0b4f1d66553f0

SHA256
b6b21c0996383347b805d64394ca389ad2c29c0b1a72c99791f5e50d93287626

SHA512
143a6b66a0c36e2ff69a8616f4f4d8a319438b78f461467709743738a9bfbbff4ff0b2093e4e508ec63832353eb20648aa4cb1260125d81941b56ef8c3176f89

Download Submit
C:\Program Files (x86)\Freemake\COM\1.1\swscale-2.dll

Filesize
326KB

MD5
d06d733f491a19bd76379565ffbf0556

SHA1
1125234bc8a4702b515bc0a12c9ca82e9583bd63

SHA256
05cd12a6f470b271cf47bd2637136e8720a00e67668df8d8499f406f0c52ea14

SHA512
e52ff24705db9fcc02571132e4d6debe329031c5c65a70de47e2f163e0c8f6e355d74abb9a24ad3cf888c8e7cf9f3df56df60dba4a87743f362624bf58a97f35

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-2OGPO.tmp

Filesize
21KB

MD5
018841345cfbf45eda4cd1adb74fd68b

SHA1
f9928ef8b78f7cf2d3eb3ec68d28f36c89fff3da

SHA256
acf0e0555afed095cf12f719a3cd0e745435ced2575840a46a40ec61ed632265

SHA512
7dd159dc1d64e49a9106c2f04a46643c9aafb83fc017d4f98f63b63d6317fc4ab370fafb63bb512bfb6b4ec7ef2b2e6b362bb7f035a23dd1046d6dc2499ea5ff

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-4K5AL.tmp

Filesize
367KB

MD5
313defd8ed9a742af1ff8a16fd508f3f

SHA1
ab14db48b983fd431eefb2ad98613ab2ce90cd8e

SHA256
e608a0c3236e6a833a994a3d251d85fb12648b76f834d0d9fd9786dcc613a368

SHA512
462125725a7954bda2032cb4f54324e892869ddd01f9355a13b32d394d70a6e2858a49aa27f8f7770dc9d6d77c4d2da8bde337a1c6cefd63643820914954056c

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-7CHQF.tmp

Filesize
30KB

MD5
a56072ffc624339c31d7e205570788ac

SHA1
68947a16950d05eea8ad474f561d54fb6a5a3be6

SHA256
e3a81a23400db10f69acbbbe431bdb7be163723d6b47d9bf623e6adbe9ceed0c

SHA512
ff5fa57d85c2baca402eb856e2e3e763e50cbe4898a1656a233534ba0dc4c24825c31371fd37ea4b4eba2647122d5564bb19ee9e0bce9870c220e1ce72fc2843

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-A8GAF.tmp

Filesize
21KB

MD5
8e4e0ea396b5452bed54e6888cb07ca1

SHA1
1a7afcdd7f118b3ef8f1d9761fa71faeee16fd2c

SHA256
dfeab83e6a9555a6c18070c611d868e117fa2fef6f815da26e622feb2e610254

SHA512
e160570f598d5fdd637725a70595a7ddc247c20aed66c031ff9816142231c8ea58c69fef7f5eb8e10120e5e5ad68ececb1b584054832464046209c9e04cc1aae

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-C907V.tmp

Filesize
20KB

MD5
d552de7d39179b914db7cc2dbdd005c2

SHA1
044329c6c335224ba05a4e398a5fcb204f13ac36

SHA256
24bd076d31dc9d363eb2adb8b27a7d45d9f975aeec565132d27901537e31f239

SHA512
b82cbd6c4b3d378fba1793858c556ea1fdaa405905686ce219f192d16041e79aa063145c6d469aa7c15aa945d3ef344618fa0996d6611282a8718dd0de77d64d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-HAV39.tmp

Filesize
34KB

MD5
85f6f590b5c4b8c7253e9c403c9be607

SHA1
d5a9db942a50c8821bacd7f6030202c57ec4708b

SHA256
d20552fd5c8c8c9759608a84db1e216da738f5e9f46de9e8a3f39a0d6265cb8b

SHA512
9c78cb444e28618d44e9deb23571fc7bbce268882c2803e0ccc0e84b3e6eab89c6af2aac0d81ef0d2c9fd1e9611cb35334ef3304fb16c5ba0481f6a7273c3660

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-K1ELL.tmp

Filesize
2.0MB

MD5
66ca6655fdb4c256e5772bd620fc775a

SHA1
fae38455aca483010be3ab922534603da6dd39a9

SHA256
464cba755dff10abb52f8213c0b36588a3790ef365cbcacb8d9bfd0d92d1e786

SHA512
13a7c4e47e01b707065992016d9d431c7239c4c596425bd0459516d26935b71a268ae494725069e152a4270147c24f8fa195863c9b9cbf80243ed0d6d26a84da

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-LNRBJ.tmp

Filesize
11KB

MD5
7dd26c3dcef3e5bd5a3822ca2e22a87d

SHA1
7edbe81d96ea24484b3cf0dc6539203d3b81cf12

SHA256
4c479afa2f7cde4ba9029a5a8934736c62cd7396c37ee4aae8c0ce9a74517d10

SHA512
cb474a71ce1bc36c0c62bfcf66ec94b2be48dad93d8060dcdf812b807177abf3d3b142157d599e26bcbb51e07d2996548b7b9a378bf8fd89f5c89e8df1ddc56c

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-N5CM3.tmp

Filesize
56KB

MD5
e33a3e4e2ee59a622f07815dafb139e2

SHA1
99a0940ca8ea8c202d6f241c7ed6050e5c5523d6

SHA256
d3102299820373869e1093469305e26e1903778667efce7130524a493657ccac

SHA512
483f07aaac30f353d6d81a653ac8d59166661491c019398e4037c7ad03ed1407f083040bb3e4df026e8b553be098320f7189e112af631f55f3d98cda8e1db92d

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-NU0KI.tmp

Filesize
186KB

MD5
3002e884c5c15a15b68eaef3c62ff254

SHA1
d7e053ac51f562b92fd4032ad769adea7255230c

SHA256
3e71eb02ae8d01cb8159cc5f9ff3ff1976aec5872298ed45310b58f18708eac0

SHA512
0789fb15f8e062ac2af6785a240b9b7d482b5f179fdb2e6b5ef9f841092c1a631b27f3db7738163f73cb609d8f5918fe2bb166731107061ece21c7a18a2a3989

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-PV0FI.tmp

Filesize
137KB

MD5
4121b366895116acaadca2adfb59ac21

SHA1
f790ecf47b9b9f80fc1572e3b96bc46eae99a244

SHA256
445fa3a7a40ecf0d24c1125d0a550537a0000187de23f7fd8d39f6a28e32320a

SHA512
bdc9757304de0771b3ac8aeac8630e5f67d76bb5ab3434cd37263a9bd1465ddea5933e7e1564cd752c5805c615a3f3df34b6caac10ae22fd01cc9dbb196c710f

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-Q0CQ5.tmp

Filesize
26KB

MD5
1925e1654510ee0914ff3360c6c94765

SHA1
a032c1456dc199189310ef4df533bceeb6c41a92

SHA256
6e599d81a2b8d803ca794c25111fea54c34356c4ed853b926c9ab42a4b0d6454

SHA512
1995a5f16aaa62d23d69022b613362b7cf952059cc9c4fbddfcbe0905b94b02599dd4b5a784344a2b541457ec255b8f38baccb7919f04f323d35b59b2e10d0d1

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-V406F.tmp

Filesize
100KB

MD5
fc3bd6e569eca92b5c57aa67b9ccaf7e

SHA1
1ae7cd63a312146d467180ec2a092a109802bb77

SHA256
4a6da21b14f87a4b829ba8a1e6c0857df777b024d578319dda5b2686af8aa10e

SHA512
c1f4698cb4d689f810abc6a0c43040461fcfe80aadaeaa13543e52c20cad8c18a33340e1b071db54e3c97f5773768ec0daca4500f1f8ba19b12b9b86ed9ecb0b

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\is-VRPL0.tmp

Filesize
560KB

MD5
8f81c9520104b730c25d90a9dd511148

SHA1
7cf46cb81c3b51965c1f78762840eb5797594778

SHA256
f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886

SHA512
b4a66389bf06a6611df47e81b818cc2fcd0a854324a2564a4438866953f148950f59cd4c07c9d40cc3a9043b5ce12b150c8a56cccdf98d5e3f0225edf8c516f3

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-4T43Q.tmp

Filesize
8KB

MD5
fb7411ac51ffa57c52120f2d75bb65b9

SHA1
98f50feaccecf4bbc900e43dde5f89f90ba61e6b

SHA256
b0879da0c172420917fc8cf383a52dc72347ccfd197503327aff271507965750

SHA512
7eb5b464a85b30312582fe178b4abbe3422ed15839c95d341bc50fb73071529dfe2b66a52795ab45bf8463dd43408df1227e0adf052f1260df9a1ddd2ba3b2b8

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-BFI74.tmp

Filesize
19KB

MD5
79fbda1967dd3e45b486bc0f21dc2b1a

SHA1
e13c8b48cb8dc51c959b9e952775cfc1ed1d0c19

SHA256
e36addabf1d933278b0ef394e090900e051c8762b2fada63ac203bea830919c2

SHA512
b9311f87b0b35d89d48eb0404e383dd94d423b03d29094c62f1baeeccae12591f2910817423f82aed3cd1b7c9ee187f145cd2935dee47ca7c76e0bfb25acf8e6

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-IG8PI.tmp

Filesize
145KB

MD5
766192bc12a0135ec8ff1dcc1a0d0334

SHA1
1e3f8ab6c8013691394f03d493d6aaca10bf9947

SHA256
4cce036c1c942bc7db60006e3db936cfc75dc15c6c4bf694645e3bc703f73798

SHA512
a119a429abcac8bc3083e0a11b209cbb56c0c57e8425f599b69e089380aeb9b1aab6353bbaef1a8e17415768e1c572707d87adc8a81de308c5e512c73662812e

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-P2JB5.tmp

Filesize
2KB

MD5
4b6e75d7e279366baa742e583ce67d92

SHA1
1ca1c479a9143e2fff78ec6606df187c7e60e53a

SHA256
d0f1a3b3c161971280ed90f3b8b77a1018bcc5f8302ebd4bfb01c3fa3d50a7a7

SHA512
6efac695278fc675d6d6f0edc20b020c9b7b409b6abafb021ed5761e2ee4b1f348b4a3677f97397cd4177271e5dd51212bac6666cbfed4213502651c5a4b7298

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\is-PB4T1.tmp

Filesize
28KB

MD5
50a7c2624dcb5f7f5c9c945dd612e2bd

SHA1
ed259117b05922f51d1e4fd22bbda31ce3d96514

SHA256
389aa3028c6f7b7820090d884436befe90d93501a46478bea4e334456120d3f2

SHA512
82f7a1c5ddc42aedef4b8f9d2e702f198c04974733454b68a8fc21a369fb1fa7bc01f01fe38d945c34142c62095007d47174a45b56ac03d479f4a1d179f6dc62

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\is-E8HVJ.tmp

Filesize
432B

MD5
1f3aba959f7a154afb38dffb9068f028

SHA1
76d525771144cff4f89dc63ad5885d28752bade4

SHA256
85bc6b1493da8cba9ea57f9328a4066e8c5ace3b6fe8503244c5cd05f1ef000f

SHA512
77c38e7f3c2abac0e66321f8cd9d8046fa6df6699fb7e7417e7a9dc8765b0c6b0824e895617d6915e49293ffa115ae29ab318a18207aa9551dee871152c1cf41

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\is-CQ8AU.tmp

Filesize
36KB

MD5
d01819bfe03222dfa9e35a36555b6b6c

SHA1
25f8069590b14724f28e6a04b8a42e4ef4a8562d

SHA256
5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94

SHA512
e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe

Filesize
34KB

MD5
67f5bff7426bda1fd810aaf62a912bf9

SHA1
7bedb374072b789864cf71c62aa67b74b1a3c4e6

SHA256
a16c5223c79ac1bb53e1d29a87e620e06d33b3652104b8fa82dee52a9590d09c

SHA512
44dac96eede32255d63906333201abc9fccf0b6e0a24eaa8688ed1ac9685586876f015e7f09873b757f256e4a5f2eb3e98e36138b00b57c9ba777ec542dc7e84

Download Submit
C:\Program Files (x86)\Freemake\Freemake Video Converter\FoxSDK\msvcp100.dll

Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-28179.tmp\~execwithresult.txt

Filesize
40B

MD5
082f2e97e670228e3b323c6a3a874f40

SHA1
e50760edb5e88385449a44818f5726e5beed7aab

SHA256
292bf366a534157e5414f344218c9df828e2f211617fc84352f3ab2564050941

SHA512
ad96826fb4a9ad5296acf1136bd81348492b4e191ba7936fe515a254f7bb789ab7bb3b939a5b9094b0fdaca9b4ad0f0445034a6eb2d78bd1529c2e638eafbe91

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\releases.ini

Filesize
5KB

MD5
223462888e672d765e18bf22cdd830c2

SHA1
4b7957054e327fbc232858c966e945563a1e82d0

SHA256
d6f1ef4eb4a6172d92d7aef5903468ed0bc33eda46a9bb9fc0a35a803688923f

SHA512
29ec0917c47d830656f34972c2d8a32bbe9eae143098a628748cafb4706324df460225871faa6d49b0c795a35bd39ab3c618b1b103ab41589ee2c0430557e268

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\topRightDownloadIcon.bmp

Filesize
9KB

MD5
faa9ffa837f5c8505d011f9cc88e0e45

SHA1
a963b97b4305db9b23b60993179e4c99851cdc5d

SHA256
90031f324eec6750fb6a7981147eeeb511df49c2ad38e59ea93b8de460ba8172

SHA512
94ea113b03ee600077ede4e8a6fcce3dbdbbd2ca0cc93fb8c0f875936ab7723f0e373f6ad6573ab1b889c6853f588b454c9c10327a9661472bdf7f40297fbbd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VHLCQ.tmp\CheckRunningInstance.cmd

Filesize
96B

MD5
92dbcc7a2f8c552b1f541bd1018b44c5

SHA1
f9956c2066adacbd7cfe80941dabf46a4cc27db7

SHA256
5e314bf3f0a6e062a60d1b009e02f3128132de0206a3d197da27651a3d13fc32

SHA512
d393eb9b228f2ee74172ef28464b5b89daf14abc88135335a5bf364fa7bd4640c3b95c62296c6db15561ee010386a33120cf288446a9ce63a3cee0b3b82b7991

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avcodec-54.dll

Filesize
13.8MB

MD5
23a378f40b92364e51e7b12cfb0af6d5

SHA1
8224dd82e02a3bb83cb4ed84a6265c370471a850

SHA256
8742fd389e9983594a24d5599e4d8f418c5454f36d2fd8d9cbc07bee08d4ea54

SHA512
529ca2c531626174451cd8d103b442a66aadd87edd5d03af44eadad94b59d9aec0b60380fdbf4aa213544dba7d3b2afa6abd7201484e9072538fbc9fa8b65581

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avformat-54.dll

Filesize
2.9MB

MD5
7396db8ff8a5977ecd76220d14f0ee04

SHA1
c815b965c7abe368e4f49394b2512eef60dc0ef0

SHA256
8bf698ee1d89f687bf32f4e1ac4908379479456effac70038f949c548efd18bc

SHA512
6442532a793e0b7fb1be1a022ce0d082487bc598085fcd8b10483bb90e5c0010789c580350bed35b69e2759d768138b489b270478b7f2a3b887826062e506a70

Download Submit
\Program Files (x86)\Freemake\COM\1.1\avutil-52.dll

Filesize
186KB

MD5
97809a2431bcc50fc718e2ced1e306e2

SHA1
a3fcac6a8034ccd9392063f57325051aa067ee85

SHA256
2f2ae85d42415914eed564acda3ffae7b1f3627e871913c0349d73526f3bbf55

SHA512
4ec6c69fabc49d30db9efff9ea72387f4915287b8b231f37d7cb8a062246dfb67c180cc6fbb586bfef95ef0615fe793d2f5167d0aca4cf9068522c3556f1479c

Download Submit
\Program Files (x86)\Freemake\COM\1.1\msvcr100.dll

Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
\Program Files (x86)\Freemake\COM\1.1\xvidcore.dll

Filesize
1.0MB

MD5
eaaa841ed3c3df66aba354852d2c7baa

SHA1
55e4707d4b66086da1595a93dcc02c6b62affb40

SHA256
8f3ffde67a530df8f5ecaca1ef2e3bf880a94e68b3a7f183f1313343418235ae

SHA512
ccc5ae4c8f4d5882c3140869c9d985f37945014a243aca72a5b7aeb2076686a89bf9b4f76f2d12c5513bc843451e56b3be7e40139166d69b96f435108851b6db

Download Submit
\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe

Filesize
2.2MB

MD5
05ac7c6e22037e35bbe1520faab914c8

SHA1
a604e2b596d4235765fcb9fe410075c2818af3fb

SHA256
bbe878868ba411b6092b26200dcd2e393b2b96a022908c97318a89a0c9cb1712

SHA512
706ae9724cb406b45743789ff1da6631ecde0f88474906bd6d705c6cd0aedd3e10a355a8a784413ce1df729473107cf7bfa202bd41bd6015b973e936e45e760a

Download Submit
\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe

Filesize
1.4MB

MD5
6173ec8b839f624919ae7abd573efac8

SHA1
c94fa23e6dd281e5f46086d4a540c9d9e168ff68

SHA256
01ff314d9faed4ef45eba717a8cfd999884a94cb513ded6cb6f077d235ce99f4

SHA512
013efbe1fe7e1b3a0cfe4df60feb736f1e772b8f368a8b81026490180b4b0a3a87377587f3c714c923159b08980aaaab76c81cf4099da76b3974892d11d210ef

Download Submit
\Users\Admin\AppData\Local\Temp\is-22U4R.tmp\11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.tmp

Filesize
1.4MB

MD5
14f5c8abebd8e51360030d1ae3137669

SHA1
1c72106cc170fe5b2bd20b9e59584af989fff486

SHA256
c9ba417f020aef7547038326d6892d1b4967634c7bb7068ed6498e8256546d46

SHA512
d575db9a4aac597751ccc5a524a8f5972298786c5f17713fc4072f2a84c0a7cade8e442c3737fb9e8879d5cd403788a638fe59821eb390b5d85e50fd9886ba32

Download Submit
\Users\Admin\AppData\Local\Temp\is-28179.tmp\freemake_dl.dll

Filesize
131KB

MD5
ffb657374aa7751c97ef07edb00ef0c4

SHA1
048fe8294f3e27c83102ca1c9f64d6de2f6c6cd0

SHA256
0d114513e65753f2e261e928b59a0cd0df84cd0669b2bf75706fd04de0b817d6

SHA512
eb70ddc8aab5304f911eb0fc1ea7b507b01d6870c38549ba79743f8c78d16f7e7d55868c483661005633298997f9641413cd26ebe0b1988b4695a87f653d1a29

Download Submit
\Users\Admin\AppData\Local\Temp\is-28179.tmp\itdownload.dll

Filesize
77KB

MD5
b4efe1200f09cbf02f0d2ae326a84f3b

SHA1
83102a7f5465a14c78d04ca6d8703c68a5c599ce

SHA256
6bd9984dd28ce8cc13e8eb3b5ee9f6c8a6967e3b2288918665e2ae67fa1eb56b

SHA512
14c83df5ca8ce92efddb07bda1c6fff9cfbbfb1348ff6c2e6b523110bb1fd10023e09986bc7967824a5cf37789080d81f2a5deedc3df3925825f73e2a87b52a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\FreemakeVideoConverterSetup.exe

Filesize
993KB

MD5
e4996114d73b1bb24b7e67b034e24822

SHA1
d52043af823c2a6f7cb27dfd278638e4abd652b5

SHA256
54551f4b39f9045379c4ff93e0a8f81f2c3900b5157eeab6b41ff3f13e743372

SHA512
a5f67e60415450c11bc04744a45309abb0bbed4d733e3705b772d3d7d2424d2bf4f1976a4ef1b22e5a2df169f82fa2846e38fb2abd78508c3d2491201d264b7e

Download Submit
\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\OCSetupHlp.dll

Filesize
788KB

MD5
2a8f400798b5fd45e010c378a5c606a8

SHA1
3b7ad37182708a9325c7f46a89c571e87841e415

SHA256
b238b806f17591fc4d9ed23e97ed8ff0762379d3f6882cc617c36aa30b35e92a

SHA512
e94be7a42a6c1fb250f451593cf1be9304fb953f15d704ab4baadc261771ea177d983918039b2906819727931e0ee842989bf6675cdb4d9c6f9019418cfc4693

Download Submit
\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-CPTBK.tmp\freemake_dl.dll

Filesize
131KB

MD5
e6e925f6e5344af2a59a4e5c6d0c914d

SHA1
ce3a5dc620e5b4e74e0ad678d7061f2573a7b470

SHA256
b17b5c88212d9780d5f300b312fc66a0687ded548efdc9a56d063e16a3d774b8

SHA512
af704885c42927236c3f11f0520e76f97d1c878a67a688f826bc2d808795fccea02984f00eaf09dcc25b76308fc2837dc4cf03a93e8c7930134558cef9e18e7d

Download Submit
memory/688-3120-0x0000000000940000-0x000000000094C000-memory.dmp

Filesize
48KB

Download
memory/688-3121-0x0000000000340000-0x0000000000354000-memory.dmp

Filesize
80KB

Download
memory/924-2856-0x0000000011000000-0x0000000011065000-memory.dmp

Filesize
404KB

Download
memory/1644-105-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1644-69-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1644-143-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1680-154-0x0000000000650000-0x0000000000668000-memory.dmp

Filesize
96KB

Download
memory/1680-153-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/1680-146-0x0000000000650000-0x0000000000668000-memory.dmp

Filesize
96KB

Download
memory/1748-152-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1748-119-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2068-85-0x0000000000700000-0x0000000000718000-memory.dmp

Filesize
96KB

Download
memory/2068-141-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2068-106-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2068-107-0x0000000000700000-0x0000000000718000-memory.dmp

Filesize
96KB

Download
memory/2600-1304-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1298-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1288-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1284-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1313-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1318-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1317-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1281-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1316-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1315-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1314-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1312-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1311-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1310-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1309-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1308-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1307-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1305-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1282-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1303-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1302-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1299-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1300-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1289-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1297-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1296-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1306-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1301-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1295-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1294-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1293-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1292-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1291-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1290-0x0000000069900000-0x0000000069BEC000-memory.dmp

Filesize
2.9MB

Download
memory/2600-1283-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1286-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1287-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2600-1285-0x000000006A0C0000-0x000000006B4CD000-memory.dmp

Filesize
20.1MB

Download
memory/2644-100-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2644-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2644-29-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2644-0-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2680-99-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2680-30-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2680-8-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2956-1950-0x00000000001C0000-0x00000000001F5000-memory.dmp

Filesize
212KB

Download