3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e

Analysis

max time kernel
147s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
27-12-2022 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

34.0MB
MD5

ca2ead342a22fcd891f73f99cba91005
SHA1

6e6470b49e9e9791acc6854b3d3823e97b058407
SHA256

3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e
SHA512

39e8e285f3bc169ce3306cecf7a06317a93126dfce2d128acbb0a82d693d98ba0297601e258e4fa48ab8d2f235c6f8b5b648b48f15c02022e22893095a470bc6
SSDEEP

786432:5fzVFV7zFAsPBoyK32MlH8CSC9xSWEjh/dlCBS1Y/qemqa:/fWyKGMlcnelEdlO0YLa

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Executes dropped EXE 8 IoCs

Processes:

fdm_x64_setup.tmphelperservice.exefdm.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exe

pid process

4480 fdm_x64_setup.tmp
1380 helperservice.exe
2744 fdm.exe
1076 importwizard.exe
3360 fdm5rhwin.exe
3372 fdm5rhwin.exe
1204 fdm.exe
672 importwizard.exe
Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exe

pid process

3348 netsh.exe
4916 netsh.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Control Panel\International\Geo\Nation fdm.exe

pid	process
3348	netsh.exe
4916	netsh.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Control Panel\International\Geo\Nation	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exehelperservice.exeimportwizard.exefdm.exe

pid	process
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1380	helperservice.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1380	helperservice.exe
1380	helperservice.exe
2744	fdm.exe
2744	fdm.exe
1380	helperservice.exe
1380	helperservice.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1380	helperservice.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1380	helperservice.exe
1380	helperservice.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
1076	importwizard.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1204	fdm.exe
1204	fdm.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-IHIH4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-3UK02.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\is-LRF8D.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-6S079.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-RNVR2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-G5P9G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-5J2N4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\is-3RRO3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-FCNLA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-L6OF5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\Private\is-HPJ2B.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-8L5K8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-2FBQU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Scene2D\is-AB73L.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-Q7NFP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-CIJMK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-55HHJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-JKLUB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick.2\is-8BP9C.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-A3B53.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-6OBOS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-3VHHV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-FGIQ0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-QBJKQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-H81HS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-92FEB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-32DR3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-2R402.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-DDB0S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-R2DAL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-ACS4I.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-K6N9S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-9V609.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-IEEBS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-0568T.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-RC6EV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-FRTL2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-IO7LS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-TFK5L.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-F6BSM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-CEDBT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-L1O7E.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-69EIB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-Q244L.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-5CHU9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-K5GOG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-4ANC1.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-4Q1MB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-29J88.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-RMNUU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-OE9SH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-O3Q9P.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-3H1HA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-JNL45.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-G3S3M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\PrivateWidgets\is-A8OIR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-GLQ3K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-02JEH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-7H5JJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-CIG6G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-JAG7C.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-IE9SB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-7TUI3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-C0920.tmp	fdm_x64_setup.tmp

Drops file in Windows directory 4 IoCs

Processes:

fdm.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	fdm.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

4184 schtasks.exe

pid	process
4184	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmpMicrosoftEdge.exeMicrosoftEdgeCP.exebrowser_broker.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefdm.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6a79f38000aed801	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\fdm\shell\ = "open"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\fdm\URL Protocol	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "5"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = d581f14b6daed801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersi = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeCP.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

fdm.exefdm.exe

pid process

2744 fdm.exe
1204 fdm.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

fdm.exefdm5rhwin.exefdm5rhwin.exefdm.exe

pid process

2744 fdm.exe
2744 fdm.exe
3360 fdm5rhwin.exe
3360 fdm5rhwin.exe
3372 fdm5rhwin.exe
3372 fdm5rhwin.exe
1204 fdm.exe
1204 fdm.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

1204 fdm.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4064 MicrosoftEdgeCP.exe
4064 MicrosoftEdgeCP.exe

pid	process
1204	fdm.exe

pid	process
4064	MicrosoftEdgeCP.exe
4064	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

fdm.exeMicrosoftEdge.exeMicrosoftEdgeCP.exefirefox.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2744	fdm.exe
Token: SeDebugPrivilege	1580	MicrosoftEdge.exe
Token: SeDebugPrivilege	1580	MicrosoftEdge.exe
Token: SeDebugPrivilege	1580	MicrosoftEdge.exe
Token: SeDebugPrivilege	1580	MicrosoftEdge.exe
Token: SeDebugPrivilege	2708	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2708	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2708	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2708	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1580	MicrosoftEdge.exe
Token: SeDebugPrivilege	3340	firefox.exe
Token: SeDebugPrivilege	3340	firefox.exe

Suspicious use of FindShellTrayWindow 11 IoCs

Processes:

fdm_x64_setup.tmpfdm.exefirefox.exe

pid	process
4480	fdm_x64_setup.tmp
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe

Suspicious use of SendNotifyMessage 8 IoCs

Processes:

fdm.exefirefox.exe

pid process

1204 fdm.exe
1204 fdm.exe
1204 fdm.exe
1204 fdm.exe
1204 fdm.exe
3340 firefox.exe
3340 firefox.exe
3340 firefox.exe

pid	process
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe

Suspicious use of SetWindowsHookEx 42 IoCs

Processes:

helperservice.exefdm.exeMicrosoftEdge.exeMicrosoftEdgeCP.exefdm.exefirefox.exe

pid	process
1380	helperservice.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
2744	fdm.exe
1580	MicrosoftEdge.exe
4064	MicrosoftEdgeCP.exe
4064	MicrosoftEdgeCP.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
3340	firefox.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe
1204	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exeMicrosoftEdgeCP.exefdm.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4960 wrote to memory of 4480	4960	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4960 wrote to memory of 4480	4960	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4960 wrote to memory of 4480	4960	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4480 wrote to memory of 4580	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 4580	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 4184	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 4184	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 3160	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 3160	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 2748	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 2748	4480	fdm_x64_setup.tmp	schtasks.exe
PID 4480 wrote to memory of 2744	4480	fdm_x64_setup.tmp	fdm.exe
PID 4480 wrote to memory of 2744	4480	fdm_x64_setup.tmp	fdm.exe
PID 2744 wrote to memory of 1076	2744	fdm.exe	importwizard.exe
PID 2744 wrote to memory of 1076	2744	fdm.exe	importwizard.exe
PID 4480 wrote to memory of 3360	4480	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4480 wrote to memory of 3360	4480	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4480 wrote to memory of 3372	4480	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4480 wrote to memory of 3372	4480	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4480 wrote to memory of 3348	4480	fdm_x64_setup.tmp	netsh.exe
PID 4480 wrote to memory of 3348	4480	fdm_x64_setup.tmp	netsh.exe
PID 4480 wrote to memory of 4916	4480	fdm_x64_setup.tmp	netsh.exe
PID 4480 wrote to memory of 4916	4480	fdm_x64_setup.tmp	netsh.exe
PID 4064 wrote to memory of 2708	4064	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4064 wrote to memory of 2708	4064	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4064 wrote to memory of 2708	4064	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4064 wrote to memory of 2708	4064	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4064 wrote to memory of 2708	4064	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4064 wrote to memory of 2708	4064	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4480 wrote to memory of 1204	4480	fdm_x64_setup.tmp	fdm.exe
PID 4480 wrote to memory of 1204	4480	fdm_x64_setup.tmp	fdm.exe
PID 1204 wrote to memory of 672	1204	fdm.exe	importwizard.exe
PID 1204 wrote to memory of 672	1204	fdm.exe	importwizard.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 4864 wrote to memory of 3340	4864	firefox.exe	firefox.exe
PID 3340 wrote to memory of 5052	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 5052	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe
PID 3340 wrote to memory of 4580	3340	firefox.exe	firefox.exe

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960

C:\Users\Admin\AppData\Local\Temp\is-8BIRR.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8BIRR.tmp\fdm_x64_setup.tmp" /SL5="$201DA,34943088,780288,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4480

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:4580

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Creates scheduled task(s)
PID:4184

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:3160

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:2748

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1076

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10&osarchitecture=x86_64&architecture=x86_64&version=6.18.1.4920&uuid=9436e7a9-f5f1-4db3-aed4-f186956c71c0&locale=en_US&ac=1&au=1"
4⤵
PID:3304

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3360

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3372

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
PID:3348

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
PID:4916

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:672

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4692

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4064

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2708

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.0.1537787069\971804171" -parentBuildID 20200403170909 -prefsHandle 1528 -prefMapHandle 1516 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 1612 gpu
3⤵
PID:5052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.3.1202976029\1294836" -childID 1 -isForBrowser -prefsHandle 2132 -prefMapHandle 2244 -prefsLen 122 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 2112 tab
3⤵
PID:4580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.13.31609716\1369164195" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 6904 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 3408 tab
3⤵
PID:3288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Multimedia.dll

Filesize
713KB

MD5
d51ad7b8a4f98a8f584989c2e72679e5

SHA1
4f8bfb1a5ff09cd29b11dbd7acb805061d416dee

SHA256
e36cde2154a75b2267cf5ba8ae659d7e0750e9ac985d6923db0335c1ed734b10

SHA512
aed79d5bd7f197af96e02f11de289c9062f64c3956b4c6d66098c6f78b3d0159e180a5afb1e7baa58ac0a7dca98a98f147bb1a9e1fa8a4b1bdf5da06f583e064

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Qml.dll

Filesize
3.8MB

MD5
bb53b42e1676fcdb5d5e71664ca592ba

SHA1
a781aaf2600658e868ba6950721ad8ced6ffb6d4

SHA256
a473856364e00c6fc9c25508089f078665464a64d5b50c8a1b48a853709bcf23

SHA512
53e6f72516f71b54179935829d1b425a43e5e65a211759bb2f1ef44815d6cc0e09cc651919436402983b41e51dc683d45c4683ae7131a0aa056244d3508e4e48

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Quick.dll

Filesize
3.6MB

MD5
c01cab6389a0b21d61bb77e56fd898aa

SHA1
84153b02aec718ae0881158dec3c5de257ef89f7

SHA256
d93f6a371e4fd92740d0c46dbf4a9ac82f2e79444a34a36d0be82266ed4fd93a

SHA512
3a351b5d71a7b0711d9117bb0ed04ca194e77684bd57314939e5dcbc4430b0f6fb8865f2f3427e0c9c0a1e662048fbd79f020b7e64bd3e3e4759f83fab103d16

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5QuickControls2.dll

Filesize
175KB

MD5
83d2d8058e2beecfacecea3f773684ae

SHA1
410f95d0a5f550ed98ec072d1d039923b3b85cff

SHA256
c27ff75badc2ca3d60da3d5878aa777ae7ca2fb41ffd3931d65c390227a4bb3d

SHA512
b895eea653997753aca88c2df2dea8c79dd65314f38fc841103e5c286e2dc313063b9dfd951c4cf293ea18e38086d0a1f6714f5232d96d925acd1b0bc6ad5ab0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5QuickTemplates2.dll

Filesize
1010KB

MD5
4760f98a8a40e6d07db6b8506553fb80

SHA1
a9ddcddf81358253dfdf86e210a63ff28d556587

SHA256
4f3267d1871cfcda6c9cdf7240c2189eaa7f96aa4967d98a660c4d5e9cc0b101

SHA512
1860ae685868b554008a1dab2e8d4fa34588cb503509fddcfb5366bd49143fcacd2ff8141023146787a55f5a1b0d1bab09b5f436035f26e3b48c463c4c58e1d1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Sql.dll

Filesize
209KB

MD5
d780e35d89a9d5389b03e5181832af75

SHA1
23ffc88e2026871a299065d55eb21d3b67546418

SHA256
1b9435197ea13aac313106822d61f36ab107a48341e5d09408918bd0fc3bbe44

SHA512
bba506404e85243098aba6a39ad6dceb06669058842b5e0ddc884f95c749a722c4ed15b9f22f3810f73b0605343f39ff82ca71e4da9e8c4d8a95eb42d18cca45

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
87KB

MD5
162788a111c3ee1937295a3827f68b7c

SHA1
d999f5ca96474f518faf371d3f63843114c80614

SHA256
cd147aefcd9339a24cc6cff4a961dfc6842423a503eb6f50284a6a3eaafc17f2

SHA512
08d9b858d7afa32776bed868a0787078a108deaf49cde71d03f8f2aa9beeb74e25002e328b1497d4ab418ebe9b96b15c15c6ca5e0906e1bbf256358825d8f7ac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
496KB

MD5
56693e67d67908997d885ce0bdacfa97

SHA1
f5cecfa55765ee4115beb21473fbd5975b15b6fd

SHA256
44ad96a7a555ccc19e07fb507b7a274194c4c7435ebd798019218175dc30c810

SHA512
65bb46eed9c4bb5f5f21f549251ae67e578164176afc2438396fc8e75a10fb5dece19d93036f5bb4515a3e91bbc7a16625438e2d208bdd8d5d5814e7f2b7c525

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
125KB

MD5
7cf96519fbb09c34d31cac4d272cfb76

SHA1
47da0b81bee168efd8e43598b739002d62c8a492

SHA256
1401ecd7535e0d38455b3229806525086021904b95336438d4c851347e2cf215

SHA512
af2a0bc3bc0f94650b4e7603bc20dcbfee74064a2b8d0f66108b2b01645a87008170f69d693d4f96f0438a41d9c627ec09ee5085ad4cd05a0fc8fb2af55bd8d2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
125KB

MD5
7cf96519fbb09c34d31cac4d272cfb76

SHA1
47da0b81bee168efd8e43598b739002d62c8a492

SHA256
1401ecd7535e0d38455b3229806525086021904b95336438d4c851347e2cf215

SHA512
af2a0bc3bc0f94650b4e7603bc20dcbfee74064a2b8d0f66108b2b01645a87008170f69d693d4f96f0438a41d9c627ec09ee5085ad4cd05a0fc8fb2af55bd8d2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll

Filesize
669KB

MD5
8915e476444729db9f0a1c2ec7501c87

SHA1
01aecb1cc1e6821132729e6eb366b37c7933b8d5

SHA256
9a99670dcb874b67b47927611a1546c590b07d0580b62be57b1fa9a3df7934e7

SHA512
e1e7c9142339260811d31a32b9e2b0a7a44959f778b898e03ae968d26c98d72ea0bf3cfbac054520d3fa7808088391abca4c5f96db0114ff8b27a146b4d0fe03

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
f86d67751f21fdf101048da34d3de812

SHA1
6a99f27ef16ce1025bde7c8a0e9780739b22adc0

SHA256
b4e28856c976425995e79f08fe39de72c6fddb6b53ece7c25bd3cc2b7ac43a5f

SHA512
e0829655fb0b5e17bda36bf93b5e1293efd88b86fca07a7e88f715996ff263b9ee3a72dd57f0cc0b0a5bf7856f17e6f9ecb71871c6f01deae361b87a86d82932

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\platforms\qwindows.dll

Filesize
1.4MB

MD5
ac584cbeb327e9d2364873f451e074be

SHA1
eb2d7b7f38c880ae4bc4f32c50e10e73ee15c816

SHA256
1fa4d2f13d22d9a859503d7b7c87ba39d379d9a14afcea7299d572eabb2bdf57

SHA512
4fca1fa9494799f382318d329a3040bc067d55e7cd99be6d768e975fb585f61f8c1360908284bb04c055dcf21a164464305e9255d52b1c57a0cfc49eea003203

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll

Filesize
203KB

MD5
9a08a2b7ec7edd0150e236104aa4d1f3

SHA1
b7ba88484afe6ad111f64db81519a1dc2ec68508

SHA256
d373c86239b2cb562f05dde6aa2086c7276239e138fafaad99ce8b3bd4ea2582

SHA512
684cc71fd090b24909e6bdfafb2bcb97e29450ea73f924cc3e9f5489d43ab86c310cd45056e31f387f59fe549fe19cc009fc2ba9f7e882f3e6d116cef26adb12

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll

Filesize
142KB

MD5
085087d668776333d78d87ff579fce87

SHA1
861af820e28c6070fa22defbb527e55cdbe3590f

SHA256
59f3183245e4ea6a93f04eb3dc7460b3911397cb5a9f7aa429921b7957b62684

SHA512
10b2492ec88f0682264169478b966cb6584276d4dfb6a49d62ce21dff68013b3d1e17cfc51c658f5773d5cb9b374ec90205f1ebd07db70e8f0c76a96cda80e2e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8BIRR.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8BIRR.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Multimedia.dll

Filesize
713KB

MD5
d51ad7b8a4f98a8f584989c2e72679e5

SHA1
4f8bfb1a5ff09cd29b11dbd7acb805061d416dee

SHA256
e36cde2154a75b2267cf5ba8ae659d7e0750e9ac985d6923db0335c1ed734b10

SHA512
aed79d5bd7f197af96e02f11de289c9062f64c3956b4c6d66098c6f78b3d0159e180a5afb1e7baa58ac0a7dca98a98f147bb1a9e1fa8a4b1bdf5da06f583e064

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Qml.dll

Filesize
3.8MB

MD5
bb53b42e1676fcdb5d5e71664ca592ba

SHA1
a781aaf2600658e868ba6950721ad8ced6ffb6d4

SHA256
a473856364e00c6fc9c25508089f078665464a64d5b50c8a1b48a853709bcf23

SHA512
53e6f72516f71b54179935829d1b425a43e5e65a211759bb2f1ef44815d6cc0e09cc651919436402983b41e51dc683d45c4683ae7131a0aa056244d3508e4e48

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Quick.dll

Filesize
3.6MB

MD5
c01cab6389a0b21d61bb77e56fd898aa

SHA1
84153b02aec718ae0881158dec3c5de257ef89f7

SHA256
d93f6a371e4fd92740d0c46dbf4a9ac82f2e79444a34a36d0be82266ed4fd93a

SHA512
3a351b5d71a7b0711d9117bb0ed04ca194e77684bd57314939e5dcbc4430b0f6fb8865f2f3427e0c9c0a1e662048fbd79f020b7e64bd3e3e4759f83fab103d16

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5QuickControls2.dll

Filesize
175KB

MD5
83d2d8058e2beecfacecea3f773684ae

SHA1
410f95d0a5f550ed98ec072d1d039923b3b85cff

SHA256
c27ff75badc2ca3d60da3d5878aa777ae7ca2fb41ffd3931d65c390227a4bb3d

SHA512
b895eea653997753aca88c2df2dea8c79dd65314f38fc841103e5c286e2dc313063b9dfd951c4cf293ea18e38086d0a1f6714f5232d96d925acd1b0bc6ad5ab0

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5QuickTemplates2.dll

Filesize
1010KB

MD5
4760f98a8a40e6d07db6b8506553fb80

SHA1
a9ddcddf81358253dfdf86e210a63ff28d556587

SHA256
4f3267d1871cfcda6c9cdf7240c2189eaa7f96aa4967d98a660c4d5e9cc0b101

SHA512
1860ae685868b554008a1dab2e8d4fa34588cb503509fddcfb5366bd49143fcacd2ff8141023146787a55f5a1b0d1bab09b5f436035f26e3b48c463c4c58e1d1

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Sql.dll

Filesize
209KB

MD5
d780e35d89a9d5389b03e5181832af75

SHA1
23ffc88e2026871a299065d55eb21d3b67546418

SHA256
1b9435197ea13aac313106822d61f36ab107a48341e5d09408918bd0fc3bbe44

SHA512
bba506404e85243098aba6a39ad6dceb06669058842b5e0ddc884f95c749a722c4ed15b9f22f3810f73b0605343f39ff82ca71e4da9e8c4d8a95eb42d18cca45

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
87KB

MD5
162788a111c3ee1937295a3827f68b7c

SHA1
d999f5ca96474f518faf371d3f63843114c80614

SHA256
cd147aefcd9339a24cc6cff4a961dfc6842423a503eb6f50284a6a3eaafc17f2

SHA512
08d9b858d7afa32776bed868a0787078a108deaf49cde71d03f8f2aa9beeb74e25002e328b1497d4ab418ebe9b96b15c15c6ca5e0906e1bbf256358825d8f7ac

Download Submit
\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
496KB

MD5
56693e67d67908997d885ce0bdacfa97

SHA1
f5cecfa55765ee4115beb21473fbd5975b15b6fd

SHA256
44ad96a7a555ccc19e07fb507b7a274194c4c7435ebd798019218175dc30c810

SHA512
65bb46eed9c4bb5f5f21f549251ae67e578164176afc2438396fc8e75a10fb5dece19d93036f5bb4515a3e91bbc7a16625438e2d208bdd8d5d5814e7f2b7c525

Download Submit
\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll

Filesize
669KB

MD5
8915e476444729db9f0a1c2ec7501c87

SHA1
01aecb1cc1e6821132729e6eb366b37c7933b8d5

SHA256
9a99670dcb874b67b47927611a1546c590b07d0580b62be57b1fa9a3df7934e7

SHA512
e1e7c9142339260811d31a32b9e2b0a7a44959f778b898e03ae968d26c98d72ea0bf3cfbac054520d3fa7808088391abca4c5f96db0114ff8b27a146b4d0fe03

Download Submit
\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
f86d67751f21fdf101048da34d3de812

SHA1
6a99f27ef16ce1025bde7c8a0e9780739b22adc0

SHA256
b4e28856c976425995e79f08fe39de72c6fddb6b53ece7c25bd3cc2b7ac43a5f

SHA512
e0829655fb0b5e17bda36bf93b5e1293efd88b86fca07a7e88f715996ff263b9ee3a72dd57f0cc0b0a5bf7856f17e6f9ecb71871c6f01deae361b87a86d82932

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
\Program Files\Softdeluxe\Free Download Manager\platforms\qwindows.dll

Filesize
1.4MB

MD5
ac584cbeb327e9d2364873f451e074be

SHA1
eb2d7b7f38c880ae4bc4f32c50e10e73ee15c816

SHA256
1fa4d2f13d22d9a859503d7b7c87ba39d379d9a14afcea7299d572eabb2bdf57

SHA512
4fca1fa9494799f382318d329a3040bc067d55e7cd99be6d768e975fb585f61f8c1360908284bb04c055dcf21a164464305e9255d52b1c57a0cfc49eea003203

Download Submit
\Program Files\Softdeluxe\Free Download Manager\quazip.dll

Filesize
203KB

MD5
9a08a2b7ec7edd0150e236104aa4d1f3

SHA1
b7ba88484afe6ad111f64db81519a1dc2ec68508

SHA256
d373c86239b2cb562f05dde6aa2086c7276239e138fafaad99ce8b3bd4ea2582

SHA512
684cc71fd090b24909e6bdfafb2bcb97e29450ea73f924cc3e9f5489d43ab86c310cd45056e31f387f59fe549fe19cc009fc2ba9f7e882f3e6d116cef26adb12

Download Submit
\Program Files\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll

Filesize
142KB

MD5
085087d668776333d78d87ff579fce87

SHA1
861af820e28c6070fa22defbb527e55cdbe3590f

SHA256
59f3183245e4ea6a93f04eb3dc7460b3911397cb5a9f7aa429921b7957b62684

SHA512
10b2492ec88f0682264169478b966cb6584276d4dfb6a49d62ce21dff68013b3d1e17cfc51c658f5773d5cb9b374ec90205f1ebd07db70e8f0c76a96cda80e2e

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
memory/672-333-0x0000000000000000-mapping.dmp

Download
memory/1076-295-0x0000000000000000-mapping.dmp

Download
memory/1204-324-0x0000000000000000-mapping.dmp

Download
memory/1204-335-0x000002BB34C60000-0x000002BB34E8A000-memory.dmp

Filesize
2.2MB

Download
memory/1204-336-0x000002BB34C60000-0x000002BB34E8A000-memory.dmp

Filesize
2.2MB

Download
memory/2744-231-0x0000000000000000-mapping.dmp

Download
memory/2748-228-0x0000000000000000-mapping.dmp

Download
memory/3160-227-0x0000000000000000-mapping.dmp

Download
memory/3348-299-0x0000000000000000-mapping.dmp

Download
memory/3360-297-0x0000000000000000-mapping.dmp

Download
memory/3372-298-0x0000000000000000-mapping.dmp

Download
memory/4184-225-0x0000000000000000-mapping.dmp

Download
memory/4480-171-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-169-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-180-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-179-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-178-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-177-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-176-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-173-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-175-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-174-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-172-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-182-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-170-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-181-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-168-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-167-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-166-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-165-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-164-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-163-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-162-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-161-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-160-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-159-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-158-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4480-156-0x0000000000000000-mapping.dmp

Download
memory/4580-213-0x0000000000000000-mapping.dmp

Download
memory/4916-302-0x0000000000000000-mapping.dmp

Download
memory/4960-149-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4960-131-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-151-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-153-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-148-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-147-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-146-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-145-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-144-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-143-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-142-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-141-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-140-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-139-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-138-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-137-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-136-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-135-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-134-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-133-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-124-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-152-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-132-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-130-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-129-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-128-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-127-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-126-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-125-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-122-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-123-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-121-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-154-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4960-155-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-209-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4960-116-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-120-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-332-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4960-119-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-118-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download
memory/4960-117-0x0000000077520000-0x00000000776AE000-memory.dmp

Filesize
1.6MB

Download